1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

malwarebytes identifies and removes malware, comes right back

Discussion in 'Windows - Virus and spyware problems' started by karenishere, Dec 7, 2018.

  1. karenishere

    karenishere Member

    Joined:
    Jun 11, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Using firefox and also microsoft edge, my windows 10 pc opens a new window with an ad in it every time I click on a link. This happens independent of opening any particular website. Malwarebytes identifies this as "adware.injector", with problem files including nss, ssl, cert.db, 2 hklm paths and inetfiltersvc as potentially threatening files. It will quarantine and delete all the problem files, but as soon as I restart the pc they're all back. The blocking software identifies the domain as cdn.immereeako.info.

    Malwarebytes will give me real time protection by blocking the action of the trojan, but I don't want to pay for it indefinitely, I want to remove the virus. Any suggestions for where to look or what other (ideally free) program will actually locate the triggering file and kill it?
     
  2. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,633
    Likes Received:
    21
    Trophy Points:
    68
    have you tried running mbam in safemode?
     
  3. dp70

    dp70 Member

    Joined:
    Dec 31, 2003
    Messages:
    53
    Likes Received:
    2
    Trophy Points:
    18
    I had a similar experience on a friend's laptop- I used adaware from bleepingcomputer- to discover the Trojan installed itself in 3 places with different names- it came with a free pdf editor- the hell of it is te user did not use Open Office to realize pdf was native to that office suite- this goes to my # 1 rant: failure to read and understand the instructions -
     
  4. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,558
    Likes Received:
    31
    Trophy Points:
    128
  5. Sophocles

    Sophocles Senior member

    Joined:
    Mar 1, 2003
    Messages:
    5,829
    Likes Received:
    13
    Trophy Points:
    118
    It's kind of moot, if you don't have a backup of a time before your PC was infected, because if you back up now you will also be backing up the pest. Your computer has to be clean before you backup!
     
  6. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,558
    Likes Received:
    31
    Trophy Points:
    128
    'Tooshey' as our Gallic cousins would say.
    But someone could probably make the case that a drive that boots, albeit with a rootkit, is better than a non-bootable disk that is now free from infection thanks to a beta software.
    That aside - and too late for 'karenishere' - schedule full backups, incremental backups, backups galore, Sandboxie and cheers and Merry Christmas.
     
  7. Sophocles

    Sophocles Senior member

    Joined:
    Mar 1, 2003
    Messages:
    5,829
    Likes Received:
    13
    Trophy Points:
    118

    Yes someone could make that case but the point I was making is a backup of an infected drive is still an infected drive. It wouldn't be resolving anything.

    Karen download this file, run it and then post the log for us to see.

    https://forums.malwarebytes.com/applications/core/interface/file/attachment.php?id=270093

    Her best bet is to use a second PC such as a laptop, search for a fix that specifically targets the exploit and download it along with a copy of Malwarebytes and Spybot search and destroy, and put them all on a thumb drive. Then uninstall all browsers such as Chrome and Firefox (she can save her bookmarks), and look in Windows under programs for any recently added software, and remove them too. Then boot into safe mode without internet support and copy the downloaded files to her desktop. Install them and run the fix and follow instructions. Sometimes a fix will ask you to reboot so do it and then enter into safe mode without internet again. Once she's ran all the applications the fix, Malwarebytes, and Spybot, then reboot again into safe mode, but this time with internet service so that she can update Malwarebytes and Spybot and then run them again. In some cases she might also have to do some manual cleaning of her registry.
     
    Last edited: Dec 22, 2018

Share This Page