I think I have some kind of virus

Hi. Yesterday I downloaded I file I shouldent have. I deleted it. But then I started getting problems. First there was this ads on my desktop, and chrome suddently opened by it self and opened different sites. I ran Avast and it found something and deleted it, a bit better, but still chrome would open new tabs on it self. I did a restart and I suddenly had a new browser “TheBrowser” or something. I downloaded Malwarebyte and it took care of that program.

However, I can’t shake the feeling that not everything is gone. For instance, when running Chrome now, it asks if it should be my default browser, if I click on that, it takes me to a new screen where there are no “normal” browsers to choose from. Only browsers I never have heard of.

I think I have the “medium avast” license. Because I can’t see “settings” anymore, whenever I open that on Avast, it is just a “blank” page, I see the checkboxes and stuff, but can’t see anything else. Anyone know what to do?

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253

Hope these are the correct files.

OK, now you’ve to wait a bit…

Have you run AdwCleaner ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM-x32\...\Run: [] => [X] FF Extension: No Name - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fl729gu4.default\extensions\deskCutv2@gmail.com [not found] CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.yoursearching.com/?type=hp&ts=1458999062&z=01185fefc66a124cd9919c8g3z6w9b0t2t4t8efq5o&from=itr&uid=kingstonxsv300s37a120g_50026b775903c11a","hxxp://www.yoursearching.com/?type=hp&ts=1459007559&z=0089c54abaa77184734e723g1zew9t3e9e2mew5z4m&from=face&uid=KINGSTONXSV300S37A120G_50026B775903C11A" 2016-03-27 09:51 - 2015-10-20 06:44 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-03-05 16:19 - 2015-10-19 19:35 - 00000000 __SHD C:\Users\Robin\AppData\LocalLow\EmieUserList 2016-03-05 16:19 - 2015-10-19 19:34 - 00000000 __SHD C:\Users\Robin\AppData\LocalLow\EmieSiteList CustomCLSID: HKU\S-1-5-21-2880780489-3871621177-103198488-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-AE0B88DD7563}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

I am not sure. I might have. I used several “adaware removal tools”

The rest I have done now. Something happened, it ran through the fix and restarted the computer. However, I still can’t choose Chrome as standard browser. I attach a screenshot of the browsers I can choose from after I select “use as standard browser” (see attached image)

OK reset chrome please and then let me know how it is https://support.google.com/chrome/answer/3296214?hl=en-GB

Thanks for all your time and help. But it still doesn’t work. I reset Chrome, but when clicking the button to make Chrome the default browser, I still get pointed to windows and have to choose between the five unknown browsers: WebAccess, Sidekick Private Browser, Loadkit Download Manager, Turn Off the Lights, and No Trace Left Behind (I have never heard of any of them, the last one even costs money, 232 NOK, about 30$ or something)

In that case your chrome installation has been subverted, chrome is very susceptible to this

Re-install Chrome

  1. If you have bookmarks, let’s save them by exporting them - Export Bookmarks
  2. Then I need you to go Google Sync and sign into your account
  3. Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
  4. Now we need to uninstall chrome.
    Note: When asked about user data or settings you must remove this also so please check the box.
  5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
  6. Import your bookmarks back into Chrome
  7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Hi, thanks for all your help. I think I might fixed it before the last post.

I googled and found: http://www.windows10forums.com/threads/cant-set-google-chrome-as-default-browser.1445/ and just navigated to the place as in the windows, after setting Chrome there, it worked. I also have other browsers installed, so it was strange (firefox and edge)

That is one way around it however, the various browsers offered are not standard and still suggest that Chrome has been subverted

So this was perhaps just a work-around that might not be the best choice?

I will try you suggestion as well.

It would be best as the workaround does not remove any bad files