Using firefox and also microsoft edge, my windows 10 pc opens a new window with an ad in it every time I click on a link. This happens independent of opening any particular website. Malwarebytes identifies this as "adware.injector", with problem files including nss, ssl, cert.db, 2 hklm paths and inetfiltersvc as potentially threatening files. It will quarantine and delete all the problem files, but as soon as I restart the pc they're all back. The blocking software identifies the domain as cdn.immereeako.info. Malwarebytes will give me real time protection by blocking the action of the trojan, but I don't want to pay for it indefinitely, I want to remove the virus. Any suggestions for where to look or what other (ideally free) program will actually locate the triggering file and kill it?
I had a similar experience on a friend's laptop- I used adaware from bleepingcomputer- to discover the Trojan installed itself in 3 places with different names- it came with a free pdf editor- the hell of it is te user did not use Open Office to realize pdf was native to that office suite- this goes to my # 1 rant: failure to read and understand the instructions -
Malwarebytes has a rootkit remover. But if it all ends in tears because you didn't back-up first.... https://www.malwarebytes.com/antirootkit/
It's kind of moot, if you don't have a backup of a time before your PC was infected, because if you back up now you will also be backing up the pest. Your computer has to be clean before you backup!
'Tooshey' as our Gallic cousins would say. But someone could probably make the case that a drive that boots, albeit with a rootkit, is better than a non-bootable disk that is now free from infection thanks to a beta software. That aside - and too late for 'karenishere' - schedule full backups, incremental backups, backups galore, Sandboxie and cheers and Merry Christmas.
Yes someone could make that case but the point I was making is a backup of an infected drive is still an infected drive. It wouldn't be resolving anything. Karen download this file, run it and then post the log for us to see. https://forums.malwarebytes.com/applications/core/interface/file/attachment.php?id=270093 Her best bet is to use a second PC such as a laptop, search for a fix that specifically targets the exploit and download it along with a copy of Malwarebytes and Spybot search and destroy, and put them all on a thumb drive. Then uninstall all browsers such as Chrome and Firefox (she can save her bookmarks), and look in Windows under programs for any recently added software, and remove them too. Then boot into safe mode without internet support and copy the downloaded files to her desktop. Install them and run the fix and follow instructions. Sometimes a fix will ask you to reboot so do it and then enter into safe mode without internet again. Once she's ran all the applications the fix, Malwarebytes, and Spybot, then reboot again into safe mode, but this time with internet service so that she can update Malwarebytes and Spybot and then run them again. In some cases she might also have to do some manual cleaning of her registry.