Start Menu Updated?

Hi,

This window appeared when I turned on my computer today. I’m probably just being paranoid but is it legit?

https://lh6.googleusercontent.com/-w-q2tWT4mUk/VJTLmbtowII/AAAAAAAAAiU/VgQLVc1Y9hI/s664/Start%2520Menu%2520Updated.PNG

I don’t want the AOL app offer at the bottom or anything. I just want to know if this is a legitimate message from Windows or if I have a problem on my hands. I have Windows 8.1 if that matters.
Thanks

I just made this account to reply. I turned on my computer this morning to find this window as well, which I also found odd and suspicious. However instead of the AOL bit at the bottom, mine had a small, blue, square icon with the circles connected by a ring offering to install Lenovo SHAREit. As such, I’m inclined to think that we have gotten some sort of malware. I suppose it could still be benign, but I rather doubt it.

I would assume you are both on windows 8 … Are you using a shell programme to get the start menu back ?

No, it seems to be content to just sit there, for now. I haven’t touched it except to move the window around, and my start menu hasn’t changed. I am using Windows 8.1, and further note, I just got back from trying my standard malware strategy of safe mode, Rkill, TDSS Killer, Malwarebytes (this is just the only place on the internet that has mentioned this problem - I may try Avast in a second), and it’s still there. My guess is that, while not particularly… aggressive, it seems to be more-or-less brand new, so it’s not in the anti-malware databases, yet.
Final note: I can’t, for the life of me, figure out where it came from. Last night, I was only on my computer for about 30 minutes, checking email and other standard activities. This morning, this popped up right alongside a Flash Player update, before I could even click on Firefox, let alone do anything.

EDIT: Before, the suspected-virus-window wouldn’t go behind my active window, but now it is.

I can have a look to see if I can find the culprit

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

I haven’t done anything so far except run a full scan on my computer with Avast last night. It did not find anything. Unlike castusmelkor, it remains on top of my active window and I just keep moving it out of the way. I ran the scan tool you suggested essexboy but I’m not sure how to attach the resulting files. It’s probably something obvious and I am making myself look stupid :-[ but it is my first time on these boards.

If you reply here you’ll find the option below the text box → “Attachments and other options”

Well, here are mine…

It is Poki installed by your computer manufacturer. Uninstall that and it will go away. If you wish a start menu replacement I would recommend classicshell http://www.classicshell.net/

I knew it was something obvious! Thank you! Here are mine:

Oh, so… If it comes from the manufacturer, it shouldn’t actually be harmful, then, right? Bloatware, perhaps, but not harmful.
I don’t really use the start menu that often, so as long as it is just the start menu (not the start screen or anything else), I may just leave it uninstalled.

You’re welcome.

Poki is adware based as you are seeing, it will try and get you to install crapware :slight_smile:

I just got this as well just now after restarting my laptop. Just to clarify, if I press “Okay” on this, it won’t do anything bad to my laptop or the information on it as long as I refuse the Aol. download?

That is correct