http://points.lotusiloveyou.com/?data=

Some people have been havis this same problem. I have this problem since April 11.

Today I unistalled all cracked sofware from my computer and deleted related folders. Featuring cracked MS Office 365 and related KMSAuto folder (cracking tool), aparently root of the problem. The URL was set as start page in chrome, I removed that also.

Then I scanned with MBAM. I received a warning just few minutes later, right before scanning with FRST.

Also, source of evil:

https://thepiratebay.org/torrent/12486598/Office_KMS_Activator_2016_Ultimate_1.1_-_AppzDam

That’s what happens when you use cracked software ::slight_smile:

Learned my lesson, senpai. From now on, I’ll be a law abiding citizen who pays for software.

UPDATE:
Malware Bytes reported 4 protection events since the orinal post. Malicious Website. Possibly related to original problem.
Cold Turkey is NOT ilegal software. Maybe false positive. Will unnistal anyway because I don’t use Cold Turkey very much.

Reports are attached.

UPDATE:
https://forums.malwarebytes.com/topic/155692-false-positives-with-cold-turkey/

Seemingly false positive. Most likely unrelated to original problem. Please ignore last update. Save yout time.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

How is your system running now?

Just fixed. Fixlog is attached. Will report on malware warnings and system performance in at least 24h. Thank you.

No malware warnings for over 24h. System is running fine. Thx.

If everything else if fine for you (Avast is running / scanning with no warnings, etc.) then I will remove our tools and get you on your way …

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[
]Create registry backup
[*]Purge system restore

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFix%20Standard%20Selection_zpswethifs1.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

==Some Tools to consider to help keep your system safe ==

Unchecky is a small service that runs in the background to help keep those “extra toolbars” and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won’t have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online


I’ll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

I did things too fast and forgot to tick all the boxes the first time. So I ran it a second time.

About the apps you sugested:

Unchecky sounds useful. I installed my share of useless toolbars in the past by not paying attention, but nowadays I’m extremly careful about unwanted checked checkboxes, and I didn’t have this problem for at least three years. But a program the does this automaticaly sounds like a simple yet brilliant idea.

I won’t use CryptoPrevent. After this episode, I decided to buy an antivirus subscription. Avast is cool but Bitdefender was cheaper, and it already has an anti-ransomware solution.

I don’t use Firexox, but I already use uBlock. I’ll take a look at NoScript.

And yes, I’ll keep MBAM and scan my computer every sunday afternoon. I’m on trial version, but I disabled all real time/background features. This shouldn’t be a problem right?

I’m also going to read the articles.

Thx for everything. If I wasn’t broke i’d donate.
Thx for everything. I’d