F5F Stay Refreshed Software Operating Systems I'm here to assist you right away!

I'm here to assist you right away!

I'm here to assist you right away!

S
SenpaiPleasee
Member
Find
65
07-10-2018, 09:08 AM
#1
Recently my computer has been getting infected by a lot of adware, Background knowledge in case it helps, I'm the main user but there's two other users who commonly use it and one who occasionaly does, one mostly uses it for banking and the other uses facebook and youtube mostly and downloads songs and other media as well. I believe she's the most likely one to be the cause. She doesn't understand anything about computers, I'll save my rant on her for another post but suffice to say she makes me want to buy a completely new computer every time she goes on it. The occasional user mostly does banking but a small amount of facebook. I've done what I can to remove the adware but this last one (called ads by adsalert) is being really stubborn, I've tried uninstalling any programs that could be the cause, I've tried using the regedit but I'm not really sure what I'm doing. I've ensured that there are no unwanted extensions on any browsers (I use torch, the other two use chrome, mozilla was also installed but not anymore). I'm running out of ideas of how to remove it and how to stop them coming back, I can't teach the other two about securing themselves against any of this, I'd try but it won't work. Please help me, I'm really getting annoyed about it but my main concern is that it could be surveying passwords and website access, especially since several users access sensitive data (netbanking passwords, private documents, etc) **EDIT** So followed your advise, atm a clean install isn't a valid option due to various reasons, but I've installed Adwcleaner and Avast and I'm using the Malwarebytes (I already had adblock) but what I'm asking about now is that adwcleaner is listing torch (and only torch) in it's scan results as items to remove. Heres the logfile: ***** [ Services ] ***** Service Found : torchcrashhandler ***** [ Files / Folders ] ***** File Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk Folder Found : C:\ProgramData\torchcrashhandler Folder Found : C:\Users\Kanuut\AppData\Local\torch Folder Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found : HKCU\Software\torch Key Found : [x64] HKCU\Software\torch Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe Key Found : HKLM\SOFTWARE\torch ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v -\\ Google Chrome v43.0.2357.132 ************************* AdwCleaner[R0].txt - [23429 bytes] - [07/07/2015 15:24:49] AdwCleaner[R1].txt - [1558 bytes] - [07/07/2015 19:07:03] AdwCleaner[R2].txt - [1721 bytes] - [09/07/2015 12:21:27] AdwCleaner[R3].txt - [1578 bytes] - [09/07/2015 15:35:58] AdwCleaner[s0].txt - [21892 bytes] - [07/07/2015 15:35:32] ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1697 bytes] ########## I'm still getting adware (not as much thank god) but nothing else is returning any malicious software. So my main two theories are that: A) there's adware masquerading as Torch and hiding inside torch files, (I've uninstalled torch, reinstalled from the official site [where I got it the first time too]) or B) there's adware that the others aren't detecting and Adwcleaner is bugging out
Reply
Reply
S
SenpaiPleasee
07-10-2018, 09:08 AM #1

Recently my computer has been getting infected by a lot of adware, Background knowledge in case it helps, I'm the main user but there's two other users who commonly use it and one who occasionaly does, one mostly uses it for banking and the other uses facebook and youtube mostly and downloads songs and other media as well. I believe she's the most likely one to be the cause. She doesn't understand anything about computers, I'll save my rant on her for another post but suffice to say she makes me want to buy a completely new computer every time she goes on it. The occasional user mostly does banking but a small amount of facebook. I've done what I can to remove the adware but this last one (called ads by adsalert) is being really stubborn, I've tried uninstalling any programs that could be the cause, I've tried using the regedit but I'm not really sure what I'm doing. I've ensured that there are no unwanted extensions on any browsers (I use torch, the other two use chrome, mozilla was also installed but not anymore). I'm running out of ideas of how to remove it and how to stop them coming back, I can't teach the other two about securing themselves against any of this, I'd try but it won't work. Please help me, I'm really getting annoyed about it but my main concern is that it could be surveying passwords and website access, especially since several users access sensitive data (netbanking passwords, private documents, etc) **EDIT** So followed your advise, atm a clean install isn't a valid option due to various reasons, but I've installed Adwcleaner and Avast and I'm using the Malwarebytes (I already had adblock) but what I'm asking about now is that adwcleaner is listing torch (and only torch) in it's scan results as items to remove. Heres the logfile: ***** [ Services ] ***** Service Found : torchcrashhandler ***** [ Files / Folders ] ***** File Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk Folder Found : C:\ProgramData\torchcrashhandler Folder Found : C:\Users\Kanuut\AppData\Local\torch Folder Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found : HKCU\Software\torch Key Found : [x64] HKCU\Software\torch Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe Key Found : HKLM\SOFTWARE\torch ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v -\\ Google Chrome v43.0.2357.132 ************************* AdwCleaner[R0].txt - [23429 bytes] - [07/07/2015 15:24:49] AdwCleaner[R1].txt - [1558 bytes] - [07/07/2015 19:07:03] AdwCleaner[R2].txt - [1721 bytes] - [09/07/2015 12:21:27] AdwCleaner[R3].txt - [1578 bytes] - [09/07/2015 15:35:58] AdwCleaner[s0].txt - [21892 bytes] - [07/07/2015 15:35:32] ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1697 bytes] ########## I'm still getting adware (not as much thank god) but nothing else is returning any malicious software. So my main two theories are that: A) there's adware masquerading as Torch and hiding inside torch files, (I've uninstalled torch, reinstalled from the official site [where I got it the first time too]) or B) there's adware that the others aren't detecting and Adwcleaner is bugging out

Reply
Reply
C
chuy2495
Junior Member
Find
13
07-10-2018, 02:23 PM
#2
It seems like the situation is pretty tough. The best approach would be to restore everything they wish to keep. Switch to a fresh operating system, restore the backups, add adblock, and inform them if they wish to install anything else—so you can prevent unwanted bloatware. This should resolve the issue, as malicious buttons will no longer appear and you’ll avoid all unnecessary software.
Reply
Reply
C
chuy2495
07-10-2018, 02:23 PM #2

It seems like the situation is pretty tough. The best approach would be to restore everything they wish to keep. Switch to a fresh operating system, restore the backups, add adblock, and inform them if they wish to install anything else—so you can prevent unwanted bloatware. This should resolve the issue, as malicious buttons will no longer appear and you’ll avoid all unnecessary software.

Reply
Reply
L
Lipokily
Member
Find
73
07-10-2018, 06:21 PM
#3
Review your add-ons once more, as Chrome was reinstalling an extension even after removal. Run Malwarebytes, AdwCleaner, and Hitman Pro. If needed, perform a fresh Windows installation.
Reply
Reply
L
Lipokily
07-10-2018, 06:21 PM #3

Review your add-ons once more, as Chrome was reinstalling an extension even after removal. Run Malwarebytes, AdwCleaner, and Hitman Pro. If needed, perform a fresh Windows installation.

Reply
Reply
A
AthenasLight
Posting Freak
Find
781
07-10-2018, 07:23 PM
#4
Malwarbytes legit seems essential—have you used it? You should give it a try, especially if you haven’t installed antivirus software like Avast or AVG yet; they often include extra tools against ads and malware too. Malwarebytes offers a free trial, and you can even purchase a physical copy at a store if desired. It performs exceptionally well and hopefully removes the program completely.
Reply
Reply
A
AthenasLight
07-10-2018, 07:23 PM #4

Malwarbytes legit seems essential—have you used it? You should give it a try, especially if you haven’t installed antivirus software like Avast or AVG yet; they often include extra tools against ads and malware too. Malwarebytes offers a free trial, and you can even purchase a physical copy at a store if desired. It performs exceptionally well and hopefully removes the program completely.

Reply
Reply
M
MrDigatu
Member
Find
151
07-11-2018, 03:44 AM
#5
The issue arises because the system creates duplicates of itself in various locations. When something is removed, a listener detects it, while one of its clones remains active until the user returns to an unalert state, at which point another copy is restored in that spot.
Reply
Reply
M
MrDigatu
07-11-2018, 03:44 AM #5

The issue arises because the system creates duplicates of itself in various locations. When something is removed, a listener detects it, while one of its clones remains active until the user returns to an unalert state, at which point another copy is restored in that spot.

Reply
Reply
J
Jackller
Member
Find
71
07-11-2018, 08:10 PM
#6
This approach relies on various tools to eliminate duplicates at once, aiming to stop further replication. Hitman pro is effective at spotting unwanted software and offering a second viewpoint on your system. I've successfully managed two separate adware invasions with these solutions.
Reply
Reply
J
Jackller
07-11-2018, 08:10 PM #6

This approach relies on various tools to eliminate duplicates at once, aiming to stop further replication. Hitman pro is effective at spotting unwanted software and offering a second viewpoint on your system. I've successfully managed two separate adware invasions with these solutions.

Reply
Reply