Under Attack!

[weesie]

Hi,

I got a supposed Java update notice so, of course, I clicked yes.

Well, it added a bunch of crap and now my google chrome opens as tovago (sp) and all of my saved locations are gone. Plus, from what I read it is one bad spyware.

I tried one spyware removal program, it went through the whole computer and said I had all this crap. When I clicked to "fix threats", it wants me to buy product first.

This is a new pc and I was told "windows defender", which comes on the pc

preloaded works just fine and I didn't need anything else. My old computer

has Micro-Trend Platinum and I never had a problem.

Suggestions?

 

[Welith]

I would give Malwarebytes a go.

You do not have permission to view link Log in or register now.

Its free and does the job really good.

 

[dunover]

Windows defender is hopeless. Never skimp on Norton or Kasperski etc. www.ccleaner.com will have the tools you need.

 

[weesie]

thank you all.

I did the malwarebytes thing........ no help

Going to try the cccleaner now

 

[dunover]

thank you all.

I did the malwarebytes thing........ no help

Going to try the cccleaner now

Sorry, ccleaner is a tool I have always had on my PC for years to 'tidy' so it won't do for your scumware. I should've said

You do not have permission to view link Log in or register now.

which is the ccleaner sister-site. I just checked it and it has got free AV downloads.

 

[PNEFOREVER2]

Could try rolling your computer back to an earlier restore point.

Control panel>System>Create restore point>System Restore.

 

[BMWSTACK]

If its bad enough, the malware tools wont clean it up. Normally at the point the options are

1) System restore to earlier point like PNE said
2) Backup computer and have it wiped out.

System Restore to earlier point should work like PNE said. Sometimes if it is bad enough it may not allow you to access control panel.

Best way to do system restore is shut off computer, turn back on pres f8 right away while starting up, you can keep hitting it until it goes to a screen with options

select Start with command prompt

Once command prompt is there type Rstrui.exe press enter System restore will start then it will give you the options of which date to restore from. Obviously pick a date that is before you had the problem.

 

[weesie]

ok, running ccleaner now.


I know about the system restore......... first thing I did.


May try filehippo next

Thanks again

 

[weesie]

ok,

filehippo did not take it out either. I have, in the past, been pretty

computer savy.

Done many recoveries and restores over the past 15 years.

I am at a loss.

Did the restore (it happened this morning, restored it to last week)

did the safe mode, run malwarebytes

did the ccleaner

did the AVG scan

Did the filehippo

What if I un-install google chrome and re-install? Would that work?

 

[dpp00]

theres a few nasty ones goin about at the moment even i got stung at and i'm not to shabby when it comes to computers,

i tired most of the anti thingies the only one that done a proper job was hitman pro ,(free month trial)

when you next browes the web and a java update comes up out of nowhere ctrl/alt/del and close all ie programs, ive found that stops it doing anything

apart from loseing the page you were on,hope thats some help

 

[dunover]

ok,

filehippo did not take it out either. I have, in the past, been pretty

computer savy.

Done many recoveries and restores over the past 15 years.

I am at a loss.

Did the restore (it happened this morning, restored it to last week)

did the safe mode, run malwarebytes

did the ccleaner

did the AVG scan

Did the filehippo

What if I un-install google chrome and re-install? Would that work?

IF it is simply a browser hijacker then it's worth a try, as you've already lost your stored pages/favourites anyway.
Failing that, to a search in 'my computer' for tovago and see where the file is stored. If it's simply a browser hijacker it's not too dangerous anyway. This sort of scumware is quite common.

 

[weesie]

Well,

I went to google chrome help pages and found this:

You do not have permission to view link Log in or register now.

it tells you how to change your search engine settings.

It worked.

But, I am still going to install my MicroTrend Platinum onto this new pc.

This has been a royal headache!

 

[dunover]

Well,

I went to google chrome help pages and found this:

You do not have permission to view link Log in or register now.

it tells you how to change your search engine settings.

It worked.

But, I am still going to install my MicroTrend Platinum onto this new pc.

This has been a royal headache!

Yes, this hides the symptoms but the scumware is still there in your files waiting to re-emerge next time you have an update or similar which restarts your PC. So yes, MTP is the second part of the job. Plus henceforth you can be confident there is no similar reoccurrence.

 

[maxd]

Hey guys, just wanted to send a big for the help you've given to weesie. Nicely done!

 

[weesie]

Yes, this hides the symptoms but the scumware is still there in your files waiting to re-emerge next time you have an update or similar which restarts your PC. So yes, MTP is the second part of the job. Plus henceforth you can be confident there is no similar reoccurrence.

So, the one software I used said it could remove everything IF I buy the software. I can't even remember the name of that one now.

But, the other programs I used showed absolutely no problems. You are saying it is still there?

It's been a hell of a few hours.

 

[dunover]

So, the one software I used said it could remove everything IF I buy the software. I can't even remember the name of that one now.

But, the other programs I used showed absolutely no problems. You are saying it is still there?

It's been a hell of a few hours.

It's difficult to tell whether you've simply deactivated it (manually when you did the Chrome settings) or removed it unless you know the rogue file name to check in your computer for. A proper AV scan will run and then list the file names afterwards that it's quarantined or removed.
IF it's simply a browser hijacker it's a form of inbuilt spam which once deactivated is inert, like the case seems to be now. We don't know however how it's constructed, i.e. will it reactivate after a certain period or does it simply stay inert indefinitely without effect after being disabled like you did.
This why I remove all these doubts by always paying an annual AV subscription. For the price of a few spins it's always worth it. The 'free' AV scans are nowhere near as good as the recognized purchased ones which are updated constantly and their reputation relies on them being on the ball.

 

[gagamel]

If nothing works try Sophos virus removal tool. It`s a really good tool or try Emsisoft Anti Malware. In my opinion the best softwares to detect unwanted things.Hope you can delete the unwanted files

 

[weesie]

It's difficult to tell whether you've simply deactivated it (manually when you did the Chrome settings) or removed it unless you know the rogue file name to check in your computer for. A proper AV scan will run and then list the file names afterwards that it's quarantined or removed.
IF it's simply a browser hijacker it's a form of inbuilt spam which once deactivated is inert, like the case seems to be now. We don't know however how it's constructed, i.e. will it reactivate after a certain period or does it simply stay inert indefinitely without effect after being disabled like you did.
This why I remove all these doubts by always paying an annual AV subscription. For the price of a few spins it's always worth it. The 'free' AV scans are nowhere near as good as the recognized purchased ones which are updated constantly and their reputation relies on them being on the ball.

Thank you again,

Yes, after today, when David gets home I will put our MicroTrend Platinum on this pc as well.

We have been very happy with that anti-virus but were under the impression that "windows defender" was great, so we didn't do it right away, we should have........... hum......... the more you know!

 

[klauskunterbunt]

Hi,
i would suggest that You scan your PC from a clean and not infected System. Installing a Scanner on a system,
that is infected, is not the best idea in my opinion to clean it up.
You can give Kaspersky a try or Avira. Download the iso image and burn it on a disc or put it on stick.
Boot your PC with the system from the CD or USB-Stick.
If you PC boots not from the CD or Stick, this will be the result of a wrong boot priority.


How To Burn an ISO Image File to a DVD, CD, or BD:

You do not have permission to view link Log in or register now.

Download Iso Images:
Avira :

You do not have permission to view link Log in or register now.

Kaspersky

You do not have permission to view link Log in or register now.

Booting Kaspersky from USB:

You do not have permission to view link Log in or register now.

Booting Avira from USB:
Outdated URL (Invalid)

Changing boot priority:

You do not have permission to view link Log in or register now.

"Yes, after today, when David gets home I will put our MicroTrend Platinum on this pc as well"
Please do not install more then one Real-time Antivirus Scanner, because the may get in conflict.
On-demand Scanner like Malwarebytes Antimalware are fine together with a Realtime Scanner like Your Trend Micro Antivirus.
Using Firefox with the Noscript and Adblock Plus addon will give You a big security plus also, because lots of Malware comes with
Banner-adds in the Background. Noscript disallows running (Java)Scripts like the name says on Websites. You have to "train" Noscript
and only allow sites You want and trust. Without allowing Java Script,Flash content etc. is not working. If You are a Chrome User u can use
NotScripts and Adblock Plus.


If You need help with this, ask here or pm me.

Good hunting !

 

[Azzurri]

I recommend a program called Combofix, downloadable from a site such as cNet. It's free, and worked great for me when I had a virus. It's kind of like a deep scan and clean up for your computer. Hope it helps.

 

[Nate]

If you have a 'Browser Hijacker' one of the best tools (for me at least) has been ADWCLEANER.

Try it out

Nate

 

[weesie]

Hi again,

I just want to thank everyone here for all the help!

It is so nice to belong somewhere that so many people join in to try to help

another member.

Thanks again!

weesie

 

[lockinlove]

If you cant get it figured out with all the suggestions so far, head over here and ask. There are geniuses that will help you step by step

You do not have permission to view link Log in or register now.

 

[prindi]

Combofix

Combofix is a great program but you they warn you to get expert guidance with this program. The problem is that sometimes the program deletes to much. I really like SUPERAntispyware and it gives you a free trial. After the trial you can just use the free version. If these things don't help there are a number of forums that have experts that volunteer their time and will guide you through their programs and tools to help you get rid of your malware at no charge. There is the spybot networking forum, major geeks forum, bleeping computer, tech guys even malwarebytes have their own forum. Good luck with that! di

 

[eddiesdad]

microtrend platinum is not very good imo,its not always up to date and could not find ransomware on my pc