I swear this thing downloaded during a version update of Spybot S&D or CCleaner, both of which came on my new computer and I thought were safe. I did make the mistake of deleting the astromenda program via the control panel, which may have made it harder to get rid of. As per instructions on the sticky in this section, I did run Malwarebytes, and it quarantined a lot, but not enough. I’m still getting ad pop ups in Chrome and some weather thing on my desktop. See all the attachments you guys requested.
Thanks so much. Practically new computer and I don’t remember clicking anything weird!
Spybot is obsolete … not very good with todays malware and not needed when you have malwarebytes
CCleaner only add a toolbar (can easily be uninstalled) and as one of few they have a toolbare free download
CCleaner slim https://www.piriform.com/ccleaner/builds
Removal team is notified, it may take some hours before they are online
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix. If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
• Right click on the avast! system tray icon ( http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
Run ComboFix. Then, on disclaimer window, click I Agree! button.
[i][size=7pt]- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
If malware is detected, ComboFix will begin with its removal, and may need to restart Windows.
Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[/i]
When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt)
=> Attach log report (ComboFix.txt) back to topic.
ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.
FYI. Astromenda just tried to install a new tab in Chrome, so it’s still around. I just said no and so far no pop-up ads. Also weatherbug is still installed. That installed at the same time astromenda did.
[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
Note: The tool shall warned you about the outdated version, fresh version shall be download!
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Looks good except I had put the zoek tool in a separate file folder and I don’t think it got deleted. Can I just delete that, or should I run DelFix again? Sorry…