I don’t have issues very often, but dealing with family computers I have done a good few cleanups, but this takes the cake… http://www.newpoptab.com/watch%3Fkey%3D60fd53c3a2cbae821bd2f3056f84047d
This thing wont go away. It has taken a liken to grid drop shadow type thing to random pages on the web. It makes a whole page a link to open a new tab to what will be a ad that thank god Avast blocks. This started early on the morning of the 30th. I tried to download a pdf from a website (NO NO NO STUPID I WAS I KNOW I KNOW). I was infested and I did the usual cleanup I do for my parents computers. It changed all the shortcuts and the windows toolbar to a redirect thing, which I corrected.
But after all that there is one that wont go away as described. My search results are be affected as well, making it hard to research newpoptab, and instead am getting their results. The thing seems to be malware trying to get me to buy a bogus adware, I think.
Note that aswmbr crashes when I try to use it, so I saved the far-est it let me go before freeze or bluescreen (first time I’ve seen those since my college days 6 years ago).
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
I went for it, TwinHeadedEagle. I hope “Scan All Users” was checked when I ran it. I think when aswmbr ran, SuperAntiSpyware was still on. Didn’t know that SuperAntiSpyware was more than a cleanup tool. Turned her off before I ran ZOEK.
BTW is SuperAntiSpyware safe or is this trick software?
I slightly renamed them “2” so I can keep it in the same folder on my desktop, but here they are. Thanks for the time you’re putting into this. It means a lot to me.
Well I found something changed just now. Java may be at fault. I uninstalled three versions of Java and now I haven’t seen Newpoptab for the last ten clicks on the same sites I did have the issue. It seems that it was taking sites and putting them under a node . This made them a link somehow over the rest of the pages content. I need a day or two to make sure this was indeed it, but now that I think about it, it is the perfect way to fool all the tools for fixing these sort of issues. I’d like Java back though, and I’ll give it a try later tonight. I’ll post one more post in a few days to confirm what happened. Thanks TwinHeadedEagle for all the help you gave today.
-Sigh- Not over. But the lack of Java is making it harder on it to work. Please look at Wikia article http://ghostbusters.wikia.com/wiki/Dan_Aykroyd and inspect it. Everything I’m looking at has a "#shadow-root (open) thing. I don’t know whats doing it, but there I think is the problem maker.
“Update”
I deleted, and reinstalled Google chrome, got attacked again, then ran adwcleaner. No attack yet, but the thing is still there. It is only a issue with Google Chrome at this point. Firefox doesn’t have this issue, nor does IE.