|
Post by pacalaga on Dec 10, 2018 10:38:16 GMT -8
Last night I was trying to download a piece of software and clicked on the Download button, but it was for MyInboxHelper.com, a Chrome extension. Once I realized it wasn't what I meant to have, I went to Chrome and used the "remove" button to take out the extension, but it's still opening popups every time I visit a webpage. There's a settings button to disable the notifications but I figure that still leaves it sitting on my computer somewhere doing something I don't want it to do. Attachments:Addition.txt (57.84 KB)
FRST.txt (85.79 KB)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Dec 17, 2018 23:53:39 GMT -8
Cleaning Chrome has become a real issue lately as Google has limited some programs access to Chrome. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Once the program has fully updated, Proceed with the Scan options and select "Threat Scan". The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below. After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected. Put a checkmark on all detected and click on "Quarantine Selected" Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes. Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents. If you have any questions or issues running this scan, please come back and ask for further directions.
|
|
|
Post by pacalaga on Dec 18, 2018 8:33:17 GMT -8
THANK YOU! I didn't get the message about restarting my computer but there are now two items in the quarantine. Should I delete them? (See attached txt file.) Attachments:adware.txt (1.43 KB)
|
|
|
Post by pacalaga on Dec 18, 2018 9:58:19 GMT -8
FWIW, it's still showing popups on my system. See attached report. Attachments:protection.txt (681 B)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Dec 18, 2018 21:34:55 GMT -8
Let's try a reset / repair of Chrome. First, try resetting the Chrome User Profile >>>>Enter the keyboard shortcut (Windows key + E) to open Windows Explorer. In the Windows Explorer window that appears enter the following in the address bar. Windows XP: %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\Windows Vista/ Windows 7/ Windows 8: %LOCALAPPDATA%\Google\Chrome\User Data\Locate the folder called "Default" in the directory window that opens and rename it as "Backup default." Try opening Google Chrome again. A new "Default" folder is automatically created as you start using the browser. If that fails to fix the problem, uninstall and reinstall Chrome >>>>First, download a fresh copy of the Chrome installer:32 bit systems - 32 bit here 64 bit systems - 64 bit here Note: Save the download file to your desktop for easy finding later. Next, uninstall Chrome using the Control Panel Remove program app:Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed): Google ChromeTo do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software. Last, restart your system and install Chrome: Double click on the install file on your desktop (from the First step) to run the installer. Please use Chrome after the installation and check for any problems. Please report back the status of your system / problem. Thank you.
|
|
|
Post by pacalaga on Dec 22, 2018 14:08:02 GMT -8
still there. the popups actually appear on my desktop even if I'm not on chrome. they still show up, but now about two minutes later there's a message about PUP being blocked, where it's trying (I think) to get Chrome to go out to a website: Attachments:website blocked.txt (680 B)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Dec 30, 2018 21:46:06 GMT -8
Sorry for the late reply: Go to Emsisoft and download the Emsisoft Free Emergency Kit from here. - Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
- Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'.
- Once the scanner loads, allow it check for updates.
- When the updates are finished, click the BACK button to return to the main menu.
- Click on the SCAN and select Malware Scan to start scanning your system. Please enable the PUP detection option, if it asks.
- If the scan finds anything, it will open a scan finding window. Please click on View Report; copy this report and paste it here in reply post.
- Please close the Emergency Kit Scanner program now.
|
|
|
Post by pacalaga on Jan 2, 2019 12:09:13 GMT -8
Emsisoft Emergency Kit - Version 2018.6
Last update: N/A
User account: NA\cstark
Computer name: TPELT4323
OS version: Windows 7x64 Service Pack 1
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
Scan start: 1/2/2019 12:26:35 PM
C:\Users\Administrator\AppData\Roaming\pdfforge detected: Application.AppInstall (A) [225160]
Scanned 253446
Found 1
Scan end: 1/2/2019 1:05:44 PM
Scan time: 0:39:09
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jan 6, 2019 16:39:04 GMT -8
This one is buried somewhere ... Run a search with FRST. - Right click on FRST on your desktop and select "Run as Administrator..." When the tool opens click Yes to disclaimer.
- Type SearchAll: MyInboxHelper into the Search Box.
- Press the Search Files button.
- It will produce a log called search.txt or SearchReg.txt in the same directory the tool is run from.
- Please attach the log file back here.
|
|
|
Post by pacalaga on Jan 8, 2019 8:50:15 GMT -8
See attached please. Attachments:Search.txt (487 B)
|
|