Penny Arcade Forums Games and Technology Moe's Stupid Technology Tavern
As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Malware Issues...

EshEsh Tending bar. FFXIV. Motorcycles.Portland, ORRegistered User regular
in Moe's Stupid Technology Tavern
So, some sort of malware has found its way onto my PC, hijacking my browser (Chrome). I'm getting lots of ads popping up into windows and keywords are being turned into search terms that go god knows where. Neither Defender, Malware Bytes, or Spy Bot: Search and Destroy seems to know what's up. Nuking from orbit IS an option, but I'd rather not. Thoughts on other programs that might dig this crap out?

Posts

  • Options
    nexuscrawlernexuscrawler Registered User regular
    Is malwarebytes or the other programs finding stuff and removing it but then it comes back?

    If thats happening try googling some of the programs that come up in the list. If its chrome stuff you might have to manually remove the plugins that's malware's installed in chrome after running malwarebytes has done it's thing. There's a chance you might need to find and manually delete other files and even registry entries.

    Another program that might be useful:
    http://sourceforge.net/projects/hjt/

    Basically what this does is generates a report that you usually go post on their site and people try to help pick out where the malware is.

  • Options
    EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

  • Options
    nexuscrawlernexuscrawler Registered User regular
    Malwarebytres is not finding a single problem?

  • Options
    EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    nexuscrawler wrote: »
    Malwarebytres is not finding a single problem?

    Nope. That's why it scares me. Tomorrow is me with my Windows 8 disc.

  • Options
    Bendery It Like BeckhamBendery It Like Beckham Hopeless Registered User regular
    edited August 2014
    Esh wrote: »
    nexuscrawler wrote: »
    Malwarebytres is not finding a single problem?

    Nope. That's why it scares me. Tomorrow is me with my Windows 8 disc.

    Check installed programs for anything that may have installed itself since this started. Check your browser extensions, as far as windows 8 machines go you don't have to worry about crap like Rootkits causing malware injection at this point, its mostly just actual adware getting installed somewhere that can be resolved easily enough by uninstalling it through appwiz or removing the extensions. If you run Hijackthis and post the logs I can go through them when I get a chance.

    there is also autoruns

    http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

    If i remember correctly the "CoolSialeCoUpon" crap can be running as a service or driver, you'd be able to see it in autoruns and remove it.

    Bendery It Like Beckham on
  • Options
    EvigilantEvigilant VARegistered User regular
    Check the target path of the Chrome extension you use, a common browser hijack will jank up this target path, adding a bunch of shit at the end of the '.exe' call to redirect your searches back to their page.

    XBL\PSN\Steam\Origin: Evigilant
  • Options
    frenetic_ferretfrenetic_ferret wildest weasel East Coast is Best CoastRegistered User regular
    Esh wrote: »
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

    try combofix and hitman pro.

  • Options
    EshEsh Tending bar. FFXIV. Motorcycles. Portland, ORRegistered User regular
    I just did a wipe. It was worth it for the peace of mind. I'll check those others out in the future though. Thanks!

  • Options
    nexuscrawlernexuscrawler Registered User regular
    Something was seriously messed up

    I've had experience with that exact Chrome extension and Malwarebytes absolutely detects it normally.

  • Options
    JimboJimbo down underRegistered User regular
    frenetic_ferret wrote: »
    Esh wrote: »
    It's not actually finding anything is the problem. It looks like one of the main culprits is CoolSialeCoUpon. That's what seems to be putting the ads into the browser (I can tell cause they say "Ad by CoolSialeCoUpon" on them). I have a feeling I may just wipe the drive tomorrow. Things seem to be getting worse and worse. Luckily it's just programs (mostly Steam games) that I can get back. I have another drive for storing media that should be unaffected.

    try combofix and hitman pro.

    According to their documentation, Combofix should not be used on Windows 8

    404 not found
  • Options
    electricitylikesmeelectricitylikesme Registered User regular
    If you have malware, you need to backup your documents and nuke the installation.

    You will never ever be sure you've cleaned it all up. It's a good argument for keeping regular backups of a system image of your hard disk.

Sign In or Register to comment.
Penny Arcade Forums Games and Technology Moe's Stupid Technology Tavern