My computer is infected with adware making it virtually impossible to navigate the internet. Despite my popup blocker on high, I am constantly redirected to full page popups. If I eventually get to a site, popups keep coming up. I have used many free antiadware scans, including adaware, spybot, malwarebytes, and panda- but none remove it. When I try to run and save a logfile on Hijackthis, an error box says the sysem denied write access to Hosts file. Many tickets submitted to avast result only in them advising me to run scan after scan. They haven’t removed it, but have identified the adware as ‘myway.mywebsearch’ and ‘funwebproducts’. How can I remove it?
Please help! Even as I type this, several popups have come up.
Thank you - James Meadows
Mywebsearch is not an infection. Its just adware which can be removed via Add/Remove programs. Do that first. If not the use Malwarebytes.
Keep in mind that this did not sneak into your system. You installed something and did not take the time to read what you were installing. You must have just clicked next,next,next. Mywebsearch toolbar installer could have been unchecked during install. What did you recently install?
The first thing I did when I discovered this problem is uninstall mywebsearch. That has been done. It does not stop the problem.
I am very careful with downloads and updates. This adware came in through an update to myway searchbar, which is a legitimate function that came installed with the computer. Wikipedia’s article on myway searchbar points out that while they claim it isn’t adware, bitdefender and trendmicro (along with many victims) say it is. Believe me, when you can’t use the internet because of incessant popups, you know it’s adware.
Malwarebytes also identifies it as malware. The first scan I ran with it a month ago found and quarantined many infected registry keys it labelled ‘adware.mywebsearch’. After that, a full scan shows zero objects infected. But the problem remains.
Since this problem started, I haven’t installed anything but antimalware programs.
As I said in my first post, I have tried many antimalware scans and also avast boot scans in safe mode but none have worked. Can anyone help? I can’t use the internet until I solve this.
Thanks - James Meadows
Read this and get back to me. Also go into your internet options\connections\LAN settings and be sure that proxy is not checked off and auto detect settings is.
http://support.microsoft.com/kb/972034
Did you run a scan with Malwarebytes and remove what it found?
Thank you for your help - I am determined to find a way to fix this problem.
I checked- auto dectect settings is on and proxy server is off. Yes, after the first scan malwarebytes successfully removed what it found.
I went to the link you provided and ran microsoft fixit to reset host file to default. I chose fix it for me, it completed successfully, then when it asked me to restart the computer I did. Unfortunately, I am still getting constant redirects (to google-analytics.com) and popups.
It may be worth doing a manual search as the automatic tools cannot find everything
Lets clear Google analytics first
Please go to the following file C:\Windows\System32\drivers\etc\hosts
Right click the file and select open with
Select notepad from the options and remove the tick from always use this programme to open this type of file
Copy and paste the following bolded text into this file (any where will do )
Save and exit
# [Google Inc]
127.0.0.1 www.google-analytics.com
THEN
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
Thank you for your help-
I experienced complications- there was no file called ‘hosts’- I figured ‘hosts.old’ was the file you were referring to. I copied and pasted but when I tried to save error box says “hosts.old already exists. Do you want to replace it?” I clicked yes, then box says “this file set to read only, try another file name” so I cancelled out of it. When I go back, the file name is now ‘hosts’ but the file type is listed as OLD file. Also, the notepad icon is shown inside the file icon, even though I had removed the tick for always use this program to open.
What should I do about this?
Continue with OTS and I will replace the Host file from there
Thanks for your help- but when I tried to download OTS an “Application Error” box comes up that says “Exception: Eolesys Error in module OTS [1].exe at 00057DE9. Class not registered.” What should I do now?
I am sorry I have not responded in two weeks after you took the time to help me. I don’t have a lot of free time but the last several weeks I have spent many hours trying to eliminate this adware. I have downloaded and run many scans, looked up many forum sites that had already commented on this particular malware and tried their advice, exchanged a dozen tickets with avast technical support, and it hasn’t made a dent. I tried to send a knowledgeable friend a hijackthis logfile but error boxes come up saying ‘can’t write to hosts file’ and ‘can’t find hijackthis.log file do you want to create a new one?’ but whether I choose yes or no it shows a blank notepad file.
Now I wasn’t able to paste google-analytics into hosts file or download OTS. I threw my hands up and gave myself a break for a week from the problems on this computer and just used the one at work when I needed to- then last week a tornado came through and it was chaos and knocked out power for a few days (I’m in Georgia).
Anyway, thank you for your help and advice. At least I’m learning a lot through these problems- I obviously didn’t know the correct hosts file was hidden- but I’ve looked up and read about host files since.