|
2014-02-28, 05:45 AM | #1 |
Banned
Join Date: Oct 2003
Location: About to be evicted!!!!
Posts: 4,082
|
Adware
I have picked up a piece of adware which appears to be impossible to remove. I have tried disabling it, uninstalling it via control panel, and deleting it manually, but it always reappears. My conclusion is that I have a piece of software that keeps reinstalling it. However I have no idea what software is doing this. Searches on Google simply tell me how to uninstall the software that pops the ad, and gives no clue as to what keeps re-installing it.
The software appears on IE/Crome as an add on which has variably been called "Better Surf", "Movie Viewer", and "Media View". Does anyone know what software keeps re-installing this little bastard? Thanks. |
2014-02-28, 09:25 AM | #2 |
You can now put whatever you want in this space :)
|
Here are a couple of things I found. Not sure if you've tried them already:
http://malwaretips.com/blogs/bettersurf-virus-removal/ http://community.norton.com/t5/Norto...e/td-p/1051431 |
2014-03-02, 05:06 AM | #3 |
Banned
Join Date: Oct 2003
Location: About to be evicted!!!!
Posts: 4,082
|
Thanks, but those just tell me how to delete the program once it is installed. What I need to know is the name of the software that keeps re-installing it, so I can remove that.
|
2014-03-03, 11:09 AM | #4 |
Oh! I haven't changed since high school and suddenly I am uncool
|
Hi
Clear all your cookies and cache. Download Malwarebytes Anti-Malware Free here http://www.malwarebytes.org/downloads/ Rename the file you download called mbam-setup.exe to mb.exe Install it and update the programs data base, then run it. It is a very good little program. It should find the offending program and delete it. After a reboot delete all your restore points and set new ones. |
2014-03-03, 02:03 PM | #5 |
Oh! I haven't changed since high school and suddenly I am uncool
|
You would surely need some instructions on this, but whats happening is these programs find different places in your registry to lurk and hibernate. You would need to go to your registry editor 'regedit' and search through the directories related to 'software', 'internet explorer' and others, and search your local keys and hkeys. There are 'values' that are set that runs like little clocks, which is why the programs continue to become activated after you've seemingly uninstalled them.
In cases where you're unable to actually delete or modify the key or value, you can change the 'permissions' to make it inactive. Virus this sophisticated sometimes can't be totally removed, but there are ways of tricking it into not functioning. The Malwarebytes is good stuff, unfortunately G will take you through a bunch of steps that always end up selling you something, and Microsoft sites and forums are not always a safe source of reference, again they are simply trying to sell you something. So be very careful what you download and be wise as to your choices of removal. I realize my instruction for the registry search were a little vague, but if you go in and look throughout those directories you will surely find those items living in discreet areas, and the values will be active. Again, once you recognize them if they don't delete, change the 'permissions' and make them inactive. The Mawarebytes Root Kit is an excellent tool for this type of infection http://www.malwarebytes.org/antirootkit/ Also disable your browser add-ons as they are surely living there, check and clear your temp folder %temp%. You would also be wise to go into your 'administrator' desktop and scan from there as well. Last edited by housekeeper; 2014-03-03 at 02:08 PM.. |
2014-03-03, 04:22 PM | #6 |
That which does not kill us, will try, try again.
|
And take a moment to be glad it's not ransomware. A neighbor called me last week to come help him as his computer had downloaded something that wouldn't let him do anything aside from go to their website and pay for the program they sell. It wouldn't let him use the Control Panel or boot into Safe Mode on restart via any of the usual methods so he was about to toss it in the canal.
(For those who may need it, we got to Safe Mode by restarting and then pulling the plug on power just after it began the startup sequence. This made his PC open the Startup Settings screen so we were able to restore a previous good save point.) The reason I bring this up is to ask if you've tried using System Restore to just move back to an earlier save point before the adware infected your computer?
__________________
"If you're happy and you know it, think again." -- Guru Pitka |
2014-03-05, 06:19 AM | #7 |
Banned
Join Date: Oct 2003
Location: About to be evicted!!!!
Posts: 4,082
|
Thanks.
The Malware software threw up over a hundred things it thought were malware, but on investigation most were not. Some were even PHP pages I had written myself which may have been malformed (I usually use Perl, and am only just beginning to learn PHP) but were defiantly not malware! However it did throw up four programs with "Better Surf" in the name which was a surprise for two reasons. Firstly I run a malware blocker and I was assuming that would block such shit. I thought the bastard doing this would be some free software that I had downloaded that also installed Better Surf as a sideline. Secondly, I have twice run Windows file search thingy looking for files with "better surf" in their name, it did not find these four! I have also removed a couple of keys using the words "Better Surf" in their name. I am not entirely sure what I did and was a little worried that my computer may not boot after my amateur brain surgery on it. But it seems OK. Thanks everyone for your help. |
2014-03-05, 12:19 PM | #8 |
Oh! I haven't changed since high school and suddenly I am uncool
|
Cool, just as an aside and I'm sure you already know. Always best to use 'selective startup' and disable everything except your anti virus software, check that if you haven't already: run > 'msconfig' > 'system configuration utility'
|
2014-03-16, 09:14 AM | #9 |
Banned
Join Date: Oct 2003
Location: About to be evicted!!!!
Posts: 4,082
|
Didn't work, the bastard just re-installed itself as Media View!
|
2014-03-16, 09:40 AM | #10 |
Oh! I haven't changed since high school and suddenly I am uncool
|
Did you delete all your restore points and set new ones after running malwarebytes and deleting the offending files? Did you delete your cache?
|
2014-03-16, 03:02 PM | #11 |
Banned
Join Date: Oct 2003
Location: About to be evicted!!!!
Posts: 4,082
|
|
2014-03-16, 06:54 PM | #12 |
A boy without mischief is like a bowling ball without a liquid center
Join Date: Jul 2007
Posts: 431
|
|
2014-03-17, 06:52 AM | #13 | |
Oh! I haven't changed since high school and suddenly I am uncool
|
Quote:
|
|
2014-03-17, 05:22 PM | #14 |
Oh! I haven't changed since high school and suddenly I am uncool
|
Hmm, you'll have to do some digging I suspect, it sounds as if the value in your registry is still active and perhaps you can't locate it. You'd be wise to try this if you haven't
http://support.microsoft.com/mats/pr...ninstall/en-us Generally works pretty good, I'm surprised Malwarebytes didn't have an effect, did you use the 'root kit' version? It can be stopped I'm quite certain, unfortunately you've got to keep going through the same steps over and over as I'm sure it's reattaching itself to your browser add ons. If you find a way to kill those specific values, you should be back in working order. You may not be able to delete the directory in your registry, but there is a way to trick it into stopping. |
|
|