Club PA 2.0 has arrived! If you'd like to access some extra PA content and help support the forums, check it out at patreon.com/ClubPA
The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Malware Issues...

EshEsh Tending bar. FFXIV. Motorcycles.Portland, ORRegistered User regular
So, some sort of malware has found its way onto my PC, hijacking my browser (Chrome). I'm getting lots of ads popping up into windows and keywords are being turned into search terms that go god knows where. Neither Defender, Malware Bytes, or Spy Bot: Search and Destroy seems to know what's up. Nuking from orbit IS an option, but I'd rather not. Thoughts on other programs that might dig this crap out?

"At first he thought it might be a natural occurrence - maybe a rabbit. But upon closer inspection, it was clear a knife had been used. And rabbits don't carry knives."

Final Fantasy XIV:Lilja Sunblade

Posts

  • nexuscrawlernexuscrawler Registered User regular
    Is malwarebytes or the other programs finding stuff and removing it but then it comes back?

    If thats happening try googling some of the programs that come up in the list. If its chrome stuff you might have to manually remove the plugins that's malware's installed in chrome after running malwarebytes has done it's thing. There's a chance you might need to find and manually delete other files and even registry entries.

    Another program that might be useful:
    http://sourceforge.net/projects/hjt/

    Basically what this does is generates a report that you usually go post on their site and people try to help pick out where the malware is.

  • EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

    "At first he thought it might be a natural occurrence - maybe a rabbit. But upon closer inspection, it was clear a knife had been used. And rabbits don't carry knives."

    Final Fantasy XIV:Lilja Sunblade
  • nexuscrawlernexuscrawler Registered User regular
    Malwarebytres is not finding a single problem?

  • EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    Malwarebytres is not finding a single problem?

    Nope. That's why it scares me. Tomorrow is me with my Windows 8 disc.

    "At first he thought it might be a natural occurrence - maybe a rabbit. But upon closer inspection, it was clear a knife had been used. And rabbits don't carry knives."

    Final Fantasy XIV:Lilja Sunblade
  • Bendery It Like BeckhamBendery It Like Beckham Hopeless Registered User regular
    edited August 2014
    Esh wrote: »
    Malwarebytres is not finding a single problem?

    Nope. That's why it scares me. Tomorrow is me with my Windows 8 disc.

    Check installed programs for anything that may have installed itself since this started. Check your browser extensions, as far as windows 8 machines go you don't have to worry about crap like Rootkits causing malware injection at this point, its mostly just actual adware getting installed somewhere that can be resolved easily enough by uninstalling it through appwiz or removing the extensions. If you run Hijackthis and post the logs I can go through them when I get a chance.

    there is also autoruns

    http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

    If i remember correctly the "CoolSialeCoUpon" crap can be running as a service or driver, you'd be able to see it in autoruns and remove it.

    Bendery It Like Beckham on
  • EvigilantEvigilant VARegistered User regular
    Check the target path of the Chrome extension you use, a common browser hijack will jank up this target path, adding a bunch of shit at the end of the '.exe' call to redirect your searches back to their page.

    Google+ Profile XBL\PSN\Steam\Origin: Evigilant
  • frenetic_ferretfrenetic_ferret wildest weasel East Coast is Best CoastRegistered User regular
    Esh wrote: »
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

    try combofix and hitman pro.

    l7qudl3uxpxz.jpg

  • EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    I just did a wipe. It was worth it for the peace of mind. I'll check those others out in the future though. Thanks!

    "At first he thought it might be a natural occurrence - maybe a rabbit. But upon closer inspection, it was clear a knife had been used. And rabbits don't carry knives."

    Final Fantasy XIV:Lilja Sunblade
  • nexuscrawlernexuscrawler Registered User regular
    Something was seriously messed up

    I've had experience with that exact Chrome extension and Malwarebytes absolutely detects it normally.

  • JimboJimbo down underRegistered User regular
    Esh wrote: »
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

    try combofix and hitman pro.

    According to their documentation, Combofix should not be used on Windows 8

    404 not found
  • electricitylikesmeelectricitylikesme Registered User regular
    If you have malware, you need to backup your documents and nuke the installation.

    You will never ever be sure you've cleaned it all up. It's a good argument for keeping regular backups of a system image of your hard disk.

Sign In or Register to comment.