Web pages have invisible layer over them (Virus?)

GZNG

Estimable
Jul 6, 2014
2
0
4,510
0
Hi there.

Recently I've had a run in with a possible virus that causes an ad to appear whenever i open a page or new tab on chrome, despite the adblockers I use. I think it was called super new tab or something. I searched it up and did some actions to clear it, which involved uninstalling some programs, one of which might have been hijacked with the virus but appeared unsuspecting.

Today however, I have noticed that when i open pages in chrome, sometimes there seems to be an invisible layer over it, much like those temporary ads that slide onto your screen advertising for earn 200 an hour or some other BS. The way I realised this was occurring was that when I hover over links, the bottom of the browser doesn't show the destination URL, when I hover over items that would show highlights like expandable or popup menus there is no response until I click once, and finally when i do click, my browser page flashes which was telling me some s**t was going down. Also, a recent MSE scan showed one malicious item which was removed before this started happening.

I'd like to ask if anyone can help me out with this. What options do I have that don't involve reinstalling windows? Because I am prone to doing so at this point, after several episodes of small issues resolved by a reinstall.
Below are some considering factors:

Windows 7 Home Premium
Only use Chrome, haven't noticed issue on other browsers
Can't recall when exactly the issue started so I can't pick which backup to restore to if I wanted to.
Offending program was this, but I had installed it concurrently with another program. I believe it was hidden in the install (IOBit Uninstaller Log):
====================================
IObit Uninstaller Log
Applicaption Version: 4.3.0.122
Operation System Verison: Windows 7
Date:2016-02-19 02:07:21
====================================

[yoursearching]
Version:1.0.0.60
Publisher:
Install Date:
Date:19/2/2016 2:07:21 AM

[SprgFiles]
Version:29.16.07
Publisher:https://www.www.springfile.biz
Install Date:
Date:19/2/2016 2:07:43 AM

[SprgFiles]
Operation: Powerful Scan
Date: 19/2/2016 2:08:03 AM

------Registry------
Deleted Registry Value HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache | C:\Program Files (x86)\SprgFiles\SprgFiles.exe - SprgFiles Downloader Application
Deleted Registry Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {82D1374F-C1B4-493B-8A5D-71466D91DE12} - v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SprgFiles\SprgFiles.exe|Name=SprgFiles|
Deleted Registry Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BB16B4D4-6908-4FF0-8493-50869D11EB9D} - v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SprgFiles\SprgFiles.exe|Name=SprgFiles|
Deleted Registry Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D15ABEE-CE14-422D-B88F-037EB5202F56} - v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SprgFiles\downloader.exe|Name=SprgFiles|
Deleted Registry Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AE0BC391-65EF-46A7-B4D8-BB9C13E28A7D} - v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SprgFiles\downloader.exe|Name=SprgFiles|
Deleted Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | SOFT_ALERT - 1
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | CLICK - 2
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | GEO - SG
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | INSTALLER_NAME - SprgFiles
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | INSTALL_DATE - 1455818593
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | IS_SEARCH_PARAM - YES
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | KEYWORD - high tail hall 2 gold content 6
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | LAST_UPDATE_DATE - 1455818593
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | LG - en
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | PARTNER_ID - 3
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | PRODUCT_ID - 29
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | SOFT_ID - 6-1-e5c4a32-84e6-4f94-bd5d-29873a5bd6f1
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | SUBID - 1003679
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | TPL - 7
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | TRACK_ID - 28549276-a06a-41eb-b88a-aac5ff98d88b,1455818540054
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | TRAFFIC_TYPE - 8
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | UA - CH
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | UNIQ - LIMEBOX-PC|7363|1bceb|1c3dd
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | VERSION - 29.16.07
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | captcha - 0
Deleted Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\SprgFiles | INSTALL_DIR - C:\Program Files (x86)\SprgFiles\
Deleted Registry Key HKEY_CURRENT_USER\SOFTWARE\SprgFiles
Deleted Registry Value HKEY_CURRENT_USER\SOFTWARE\SprgFiles | current_language - EN
Deleted Registry Value HKEY_CURRENT_USER\SOFTWARE\SprgFiles | is_firstrun - no

------File------
Delete Folder c:\program files (x86)\sprgfiles\
Delete File c:\program files (x86)\sprgfiles\downloader.exe
Delete File c:\program files (x86)\sprgfiles\htmlayout.dll
Delete File c:\program files (x86)\sprgfiles\SprgFiles.exe
Delete File c:\program files (x86)\sprgfiles\uninstall.dat
Delete File c:\program files (x86)\sprgfiles\Uninstall.exe
Delete File C:\Users\Public\Desktop\SprgFiles.lnk


Also here is the MSE log if needed:
2016-02-13T03:45:29.476Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-02-13T03:45:30.441Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6073.0 AV 1.213.6073.0
2016-02-14T02:57:35.511Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6155.0 AV 1.213.6155.0
2016-02-15T15:34:41.412Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-02-15T15:34:45.985Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6218.0 AV 1.213.6218.0
2016-02-16T15:49:23.456Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6352.0 AV 1.213.6352.0
2016-02-18T04:46:45.382Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-02-18T04:46:46.340Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6460.0 AV 1.213.6460.0
2016-02-18T18:03:53.381Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\Users\limEBox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk->[CMDEmbedded]
2016-02-18T18:03:53.475Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\Users\limEBox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk->[CMDEmbedded]
2016-02-18T18:03:54.218Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk->[CMDEmbedded]
2016-02-18T18:03:54.292Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk->[CMDEmbedded]
2016-02-18T18:03:54.434Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\Users\limEBox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk->[CMDEmbedded]
2016-02-18T18:03:54.562Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\Users\limEBox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk->[CMDEmbedded]
2016-02-18T18:03:54.707Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\Users\limEBox\Desktop\Utilities\Chrome App Launcher.lnk->[CMDEmbedded]
2016-02-18T18:03:54.762Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\Users\Public\Desktop\Google Chrome.lnk->[CMDEmbedded]
2016-02-18T18:03:54.860Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\Users\Public\Desktop\Mozilla Firefox.lnk->[CMDEmbedded]
2016-02-18T18:04:18.474Z DETECTION BrowserModifier:Win32/Yoursearching!blnk file:C:\Users\Public\Desktop\Google Chrome.lnk->[CMDEmbedded]
2016-02-19T05:06:03.553Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6622.0 AV 1.213.6622.0
2016-02-19T05:06:19.695Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6634.0 AV 1.213.6634.0
2016-02-20T14:59:06.396Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-02-20T14:59:07.524Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6698.0 AV 1.213.6698.0
2016-02-21T07:11:59.226Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-02-21T07:12:00.197Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6698.0 AV 1.213.6698.0
2016-02-21T07:23:31.185Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6764.0 AV 1.213.6764.0
2016-02-22T22:56:14.304Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-02-22T22:56:15.358Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6820.0 AV 1.213.6820.0
2016-02-22T23:39:03.304Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-02-22T23:39:04.274Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6820.0 AV 1.213.6820.0
2016-02-23T08:40:57.336Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-02-23T08:40:58.303Z Version: Product 4.8.204.0 Service 4.8.204.0 Engine 1.1.12400.0 AS 1.213.6820.0 AV 1.213.6820.0

Any help you guys could provide would be much appreciated!
 

GZNG

Estimable
Jul 6, 2014
2
0
4,510
0
Hello again. I pretty much solved my issue by restoring to a week old backup. malwarebytes and adwcleaner threw up a lot of crap that I cleared, but the issue wasn't resolved so I went a step further.
 
Thread starter Similar threads Forum Replies Date
N Antivirus / Security / Privacy 1
R Antivirus / Security / Privacy 1
D Antivirus / Security / Privacy 2
R Antivirus / Security / Privacy 0
S Antivirus / Security / Privacy 1
R Antivirus / Security / Privacy 4
C Antivirus / Security / Privacy 2
J Antivirus / Security / Privacy 1
K Antivirus / Security / Privacy 12
C Antivirus / Security / Privacy 1
C Antivirus / Security / Privacy 4
D Antivirus / Security / Privacy 5
A Antivirus / Security / Privacy 1
O Antivirus / Security / Privacy 3
Mudit Rawat 07 Antivirus / Security / Privacy 2
E Antivirus / Security / Privacy 11
L Antivirus / Security / Privacy 3
S Antivirus / Security / Privacy 1
N Antivirus / Security / Privacy 5
M Antivirus / Security / Privacy 1

ASK THE COMMUNITY