I am having malware problems
4I thought maybe someone here may have had the same problem and could be able to help.
I am on Windows 7 using the Chrome browser and have tabs continually pop up whenever I click on the screen, plus I get Shopping Assistant sidebars and deal overlays that say Brought by Lyrics on sites like Meh and Woot.
I have run about every malware scanner available (MalwareBytes Anti-Malware, Spybot Search and Destroy, CCleaner, Kaspersky, and more) and nothing is found. There are no strange programs to delete in add/remove programs and no strange extensions to delete in Chrome. I have never had a problem like this and not been able to find any evidence of the offending program before and I am at my wit's end. HELP! I may just get Windows 10 and start from scratch if I don't figure this out soon.
- 18 comments, 15 replies
- Comment
Have you tried this?
https://www.google.com/chrome/srt/
(if you haven't already, backup your bookmarks... and that is beta software so it might break, and just for giving this suggestion I am not responsible if your computer spontaneously gains a conscience and starts skynet or something else bad.)
Some of them can be pretty nasty. I had to help my in-laws eradicate a self-repairing virus. Every time I uninstalled it, it would reinstall itself, and it actually blocked me from getting into safe mode to protect itself.
MalwareBytes Anti-Malware & Spybot Search and Destroy are very good programs and surprised they are not helping you out.
One thing you can try is to to a system restore to a time that you think the PC was healthy. That might get you back to working. Another thing to look at is the installed programs, ordered by "Installed On". (Control Panel > Uninstall a Program). That might give you a clue as to when and what is causing the issue. If the restore does not help, you can search malware + the name of the recent program (one not installed by you) and you might get a more specific set of instructions on how to get rid of it.
@ACraigL Yup. Assuming you have good restore points, the system restore is the easiest way. It'll revert you back to a point before the bad stuff was installed, but you won't lose any of your new documents or images or anything. System restore, then do virus and malware scans, then do Windows updates.
@ACraigL I tried a system restore and it didn't work. My biggest problem is there is no recent program not installed by me listed for me to delete. That more than anything is the part that has me stumped.
@Lister How far back did you go? Are you confident you restored to a time when you didn't have the issue?
you may also want to run HijackThis. i've found it extremely useful in removing BHOs (browser "helper" objects). just note, not all BHOs are viruses.
@carl669 I have also tried HijackThis. Nothing out of the ordinary comes up.
This is probably really outdated but I would use a combination of Spybot Search and Destroy, AdAware and CCleaner. Plus if need be rootkit removers. I don't know if AVG is still around but I use to use that too before MS Security Essentials.
I guess it's this thing?
https://www.pcrisk.com/removal-guides/7380-lyrics-virus
So I reset the browser settings for Chrome and that seemed to fix it, I think. Apparently these things can hide in the browser settings now without any other evidence of its existence? Fingers crossed this is the last of it.
@Lister Well, crap. That apparently didn't work as well as I had hoped.
@Lister Here's some others to try- most of these are intended for a single-use cases, so you'd just get rid of them once they fix the problem.
Hitman Pro- despite the weird name, it works really well.
F-Secure Online Scanner- An online version of the company's AV product. Great reputation and effective.
If you're more technically savvy, tell me and I can get you some other recommendations.
@dashclout I second Hitman Pro. Also look in your Scheduled Tasks - I've found several malware programs setting a task to automatically re-install themselves lately. Control Panel > Administrative Tools > Task Scheduler
@dashcloud Hmmm. Hitman Pro found some stuff that none of the others found and so far, so good. I already had the program but I guess I never ran it because it said my trial period had ended and removing viruses was disabled, but I ran it and it said it removed them anyway. We shall see. F-Secure came up empty along with all the others. Thanks everyone for all the help! I knew I could count on the Meh! community for the big problems.
@hallmike I checked Scheduled Tasks per your advice. There were around four things that looked like registry entries so I don't know what program actually set them up. All the others I think I can account for.
One other program you could try running is ADWCleaner, and then try Hitman Pro, go for the free trial, then reset Chrome.
@joe43wv ADW Cleaner didn't find anything and neither did resetting Chrome, although I thought resetting Chrome had fixed it. It appears Hitman Pro is the champion!
There are a lot of great suggestions in this thread, but have you tried unplugging it and plugging it back in again?
If that doesn't work I usually go straight to percussive maintenance.
Maybe a screenshot will help identify the culprit.
Uninstall the browser, then delete any remnants. Run all your various cleaners. Reinstall the browser and see if it returns. Oh, and do an msconfig in the run section of the start menu, see how much crap is running and disable most of the processes. Also go through services one at a time and search for them, the internet will tell you if a service is okay or not.
@givemeyoursoul ^all of this^ + duplicating the issue in another browser or while disconnected from your network/internet. To test with a bare Windows OS & gui, the only processes in task mgr to keep are dwm.exe, explorer.exe, taskmgr.exe & those w/o a username(if more than 2, investigate). End everything else. Google the ones that return.to see if they are valid. This will be a late warning if you already started do these things but-- Ehem. All of these steps are dangerous to your PC and data if you didn't back up your system with an image backup (incl. the malw) or the like so that you can start over if you need to. At least decide to be at peace with a clean install if necessary. Once you know the freedom of being able to press reset you can learn all kinds of things by breaking stuff.
@Lister this is me googling, so take that with the requisite ¯_(ツ)_/¯ . Does this look like what you're seeing? http://malwaretips.com/blogs/ads-by-lyrics-bot-virus/
Let us know if you get it cleared? Piqued my curiosity. Good luck!
@flouise That is what I have, pretty much. My problem was that there was nothing to find/delete for steps 1 and 2. There was absolutely no evidence of any malicious program running or installed on my system, including every malware scanner except Hitman Pro, which I think finally cleaned it out.
try this http://www.kaspersky.com/antivirus-removal-tool?form=1
Skip the precision strikes and go nuclear on the problem. Use Tron from the sysadmin reddit.
If that doesn't do it, the root problem could be that your router was compromised. Some folks were using known exploits in production firmware version of consumer routers. Do an ipconfig /all and check your DNS. If all that's listed is your router (likely 192.168.1.1) go to your router's configuration page and check if there are static DNS entries that look "off". If they aren't 4.2.2.2 or 8.8.8.8 or similar single digit octets, google the IPs from your phone (not connected to wireless) and see if they show up on "known bad" lists.
If your router is compromised, you can try simply correcting the DNS entries, but it's likely it will be reinfected. You may have to update the firmware. If it's older and the mfr isn't updating firmware for it, you may be able to give DD-WRT a try (open source replacement firmware). Not all routers are easily flashable with alternate operating systems, but my Cisco/Linksys happened to be.
@CDubbs I will look into this. My router is already running dd-wrt. After all this I am seriously considering wiping my computer anyway and doing a clean install of Windows 10.
I also found this and agree with @Starblind
https://www.pcrisk.com/removal-guides/7380-lyrics-virus
@CDubbs I found the DNS hijacked on PCs and routers before.
If the link did not work:
One other tool is super anti spyware. They also did not mention how to use CCleaner.
Check the DNS. Your PC should be pointing to your router. Trace route your router's DNS (I have found a DNS that was in Russia.)
Disconnect from the internet download all your tools, from a known clean machine. I recommend CCleaner, and malwarebytes.
Run CC first. Now use CC to check your browsers. Use CC to check software.
Install malwarebytes, if it does not install install SuperAntiSpyWare. (Again you got the programs from a known clean PC.)
When you uninstall Chrome delete the google folder.
C:\Program Files (x86)\Google\
Reboot
Make sure your not signed into chrome on a 2nd machine that is infected. The extensions will reinstall.
Lastly how long are you going to spend cleaning this box? Backup data, clean install, reinstall important programs and restore data.
@Lister Many of the tools being suggested by folks are included in the Tron download. It's pretty big because of all the binaries and definitions it includes. Around 800MB IIRC. Extracted it's around 1.5GB.
It runs updates on the most popular software that has a track record for exploits. It runs chckdisk, defrag or optimize if SSD, windows updates, stinger, cccleaner, etc.
There is an "unattended mode" if you run it from command line and add a "/a" IIRC. Interactive mode isn't too bad if you're able to check in on it now and again. Can't say enough good things. Saved me from manually fixing my mother-in-law's laptop, a friend's desktop I built around 5 years ago, a co-workers laptop. All reported things are running great and they aren't missing anything important.
Best of luck.
-Chris
Dang, apparently all you guys don't do this for a living. Go to Bleepingcomputer.com, download combofix, rkill, tdsskiller, jrt, superantispyware. Run rkill first, to kill any memory resident programs. Then tdsskiller (make sure to change parameter to check for TDLFS file system). Then do combofix - you'll need to turn off your antivirus. After it reboots, wait for the report to show. Then run jrt and finally superantispyware (I hate the name, but it works well). Yes, install the trial of this software. Uninstall it later.
Download this. Make sure it's always running.
Mysterious File
Hey, did you try mCafee? lol.
@miko1 Right after Norton!
May be this can help you to get rid of pop-up ads..
(hahaha. No. ~ link removed by TC.)