Penny Arcade Forums Games and Technology Moe's Stupid Technology Tavern
The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

Malware Issues...

EshEsh Tending bar. FFXIV. Motorcycles.Portland, ORRegistered User regular
in Moe's Stupid Technology Tavern
So, some sort of malware has found its way onto my PC, hijacking my browser (Chrome). I'm getting lots of ads popping up into windows and keywords are being turned into search terms that go god knows where. Neither Defender, Malware Bytes, or Spy Bot: Search and Destroy seems to know what's up. Nuking from orbit IS an option, but I'd rather not. Thoughts on other programs that might dig this crap out?

Posts

  • nexuscrawlernexuscrawler Registered User regular
    Is malwarebytes or the other programs finding stuff and removing it but then it comes back?

    If thats happening try googling some of the programs that come up in the list. If its chrome stuff you might have to manually remove the plugins that's malware's installed in chrome after running malwarebytes has done it's thing. There's a chance you might need to find and manually delete other files and even registry entries.

    Another program that might be useful:
    http://sourceforge.net/projects/hjt/

    Basically what this does is generates a report that you usually go post on their site and people try to help pick out where the malware is.

  • EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

  • nexuscrawlernexuscrawler Registered User regular
    Malwarebytres is not finding a single problem?

  • EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    nexuscrawler wrote: »
    Malwarebytres is not finding a single problem?

    Nope. That's why it scares me. Tomorrow is me with my Windows 8 disc.

  • Bendery It Like BeckhamBendery It Like Beckham Hopeless Registered User regular
    edited August 2014
    Esh wrote: »
    nexuscrawler wrote: »
    Malwarebytres is not finding a single problem?

    Nope. That's why it scares me. Tomorrow is me with my Windows 8 disc.

    Check installed programs for anything that may have installed itself since this started. Check your browser extensions, as far as windows 8 machines go you don't have to worry about crap like Rootkits causing malware injection at this point, its mostly just actual adware getting installed somewhere that can be resolved easily enough by uninstalling it through appwiz or removing the extensions. If you run Hijackthis and post the logs I can go through them when I get a chance.

    there is also autoruns

    http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

    If i remember correctly the "CoolSialeCoUpon" crap can be running as a service or driver, you'd be able to see it in autoruns and remove it.

    Bendery It Like Beckham on
  • EvigilantEvigilant VARegistered User regular
    Check the target path of the Chrome extension you use, a common browser hijack will jank up this target path, adding a bunch of shit at the end of the '.exe' call to redirect your searches back to their page.

    XBL\PSN\Steam\Origin: Evigilant
  • frenetic_ferretfrenetic_ferret wildest weasel East Coast is Best CoastRegistered User regular
    Esh wrote: »
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

    try combofix and hitman pro.

  • EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    I just did a wipe. It was worth it for the peace of mind. I'll check those others out in the future though. Thanks!

  • nexuscrawlernexuscrawler Registered User regular
    Something was seriously messed up

    I've had experience with that exact Chrome extension and Malwarebytes absolutely detects it normally.

  • JimboJimbo down underRegistered User regular
    frenetic_ferret wrote: »
    Esh wrote: »
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

    try combofix and hitman pro.

    According to their documentation, Combofix should not be used on Windows 8

    404 not found
  • UnknownUnknown
    This content has been removed.

Sign In or Register to comment.
Penny Arcade Forums Games and Technology Moe's Stupid Technology Tavern