Malware Warning???

[LadyTevar]

I use Chrome for my browser. Today, EVERY FUCKING PAGE I OPEN gets a audio/video message saying "You Are Seeing This Because Windows Has Malware on your System. Please Call this Number to Remove The MalWare"

Then, I get THIS:

Code: Select all

BSOD : DllRegisterServer failed with the error code 0x80040201

Windows Defender Error Code: 0x80073afc

0x000000CE DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS

Error Code 0x800705b4 when Starting Windows Defender

Window's Defender Time Out Error code 0x800705b4.

Error code 0x800705b4 when trying to open windows defender

I have BYTEFence installed. It's scanning, it's not finding shit. Is this some kinda fucking trick to GET ME to buy something??

[Broomstick]

It sure sounds like like social engineering to get you to call a number where they will try to talk you into installing malware. I'm sure the some computer savvy will be along shortly with more information.

[Mr Bean]

First pass, you have one of the hundred malware programs that pretends to be a legitimate anti-virus in order to steal your information and credit card.

Second pass, yeah it's 100% fake anti-virus malware

I've got a new tool I'm a fan of Adwcleaner that link should start the download, it's less than ten megs takes less then 2 minutes to run and typically gets a good 85% of these type of infections with no action on the users part other than download-run-say yes-send me the text file it generates at the end (After scanning it will clean, restart and on next bootup generate a .txt file of what it did)

There's 101 tools out there from old standbys to Malwarebytes and RKill to hard core nuke the site from orbit utilities like ComboFix. Adwcleaner gets that sweet spot of effective, free, small and FAST.

I say to you Tev, download it, run it and after restart try and see if you still get the chrome popups. If you don't great your probably done, sometimes the installer hides in .temp to re-infect you later on.

*Edit
Special note about Adwcleaner, it's a run and done program, after it's done delete it, the program devs update the program download link there's no update function within the program itself, so a six month old copy of adwcleaner is mostly useless unless the infection type is seven months old.

[LadyTevar]

I have ByteFence installed. It caught 13 Adwares, all of them "DNS Unlocker" by name. It also found and deleted PUP.Cloudscout

[General Zod]

Never heard of bytefence, are you sure they're legitimate? Because otherwise this is classic ransomware.

[Mr Bean]

Never heard of bytefence, are you sure they're legitimate? Because otherwise this is classic ransomware.

Bytefence is legit, just new it's not been on the market more than a few years now.

[LadyTevar]

Ok... when the shit even shows up on BBC.com, it has reached "NUKE FROM ORBIT" rage level. It's somehow managed to get something from DNS Unlocker to stick a always-open ad window on the right side, as well as a bottom window that you can't (x) out of. Instead, it opens a new tab to a fake Customer Service Chatroom.

MURDER DEATH KILL!!!!!

[LadyTevar]

OH NO IT DIDN'T

IT'S REDIRECTING PAGES!!! It won't let me Download that AD-Cleaner, BEAN!

[Mr Bean]

OH NO IT DIDN'T

IT'S REDIRECTING PAGES!!! It won't let me Download that AD-Cleaner, BEAN!

Try this direct link
And if that fails, you have a few other options

1. Have a smart phone? Download it there and usb transfer it over
2. Have another computer? Same idea
3. Have a friend with Skype? Skype file transfer dodges lots of malware and it how I've gotten around viruses before I could not remote into.
4. Because this rarely works, try another browser, IE the built in nonsense. It almost never works and then sometimes you get very lucky.

[LadyTevar]

It finally downloaded. Then, while cleaning it stopped responding and Windows forced a program shutdown on it. Reopened the program, and it worked, gave me a whole list of things it got rid of....

... Including ByteFence.

But BBC.com is STILL FULL OF ADWARE!!!

[LadyTevar]

Had to reinstall Chrome to get rid of the fucking thing

[Mr Bean]

Had to reinstall Chrome to get rid of the fucking thing

Got a copy of the .txt?

[LadyTevar]

AdwCleaner v5.112 - Logfile created 23/04/2016 at 22:27:37
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 10 Home (X64)
# Username : teamh - DESKTOP-EO3CGMM
# Running from : C:\Users\teamh\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : ByteFence
[-] Task Deleted : ByteFence Scan

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5750edd4}
[-] Key Deleted : HKCU\Software\ByteFence
[-] Key Deleted : HKCU\Software\DriverRestore
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\One System Care
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\UpdaterEX
[-] Key Deleted : HKCU\Software\ICSW1.19
[-] Key Deleted : HKCU\Software\NowUSeeItPlayer
[-] Key Deleted : HKLM\SOFTWARE\ByteFence
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\ByteFence
[-] Key Deleted : [x64] HKLM\SOFTWARE\DriverRestore
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{07c07352-2e07-4148-8b83-4f3be47f50b5} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0bda7871-d404-4e53-995b-80741eba07b2} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{267be9c7-d29e-402c-8391-3243bb36ee7e} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a11373e8-c1a8-4a49-b3a2-55448f1e3823} [NameServer]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

[LadyTevar]

now the question is, should I re-install ByteFence? It came with the computer

[Mr Bean]

now the question is, should I re-install ByteFence? It came with the computer

Found the answer for that, ByteFence is classified as adware by AdwCleaner because it uses inject ads in all browsers if you don't have the pro version. However because programmers are lazy the pro verison still has the adds it just never displays them but this triggers AdwCleaners rather blunt filter.

As far as malware defenses if you don't want just Windows Defender, the top three are currently, Avast or Panda Free Anti-virus. I've heard good things about AVG (They used to be number 1 till they pushed an update one week that blue-screened computers by deleting key windows keys but people are starting to trust them again) and Sophos (Never used it myself) I'm still on Avaira myself because it's yet to fail me.

[Vendetta]

DNS Unlocker is a pain in the tits if you get it. Because it intercepts and redirects your DNS queries to its own shifty DNS server it can appear on any page and is very good at stopping you from getting at tools to remove it.

Malwarebytes should manage to kill it off, and ADWCleaner will knock out everything it misses. (Malwarebytes' heuristic scan component is worth using it for, even if it makes scans take longer)

Also to be honest the single best malware/adware defence you can get these days is Adblock. Install either Adblock or Adblock Plus extension into Chrome, it's not even optional any more.

[LadyTevar]

I found instructions on how to clean the DNS. It's back to automatic. That was one of the nastiest pieces of Malware I ever saw, tho. I don't know where I picked it up, or I'd block that site permanently.

[Vendetta]

To be honest these days you can pick up malware from almost any website that runs ads because they get an ad with an exploit in it into one of the ad serving companies that everyone uses so it can show up even on the most trustworthy websites, and the site can't stop it except by changing ad provider.

It's why adblock is such an essential now. It's probably the best malware protection you can get.

[Enigma]

now the question is, should I re-install ByteFence? It came with the computer

Found the answer for that, ByteFence is classified as adware by AdwCleaner because it uses inject ads in all browsers if you don't have the pro version. However because programmers are lazy the pro verison still has the adds it just never displays them but this triggers AdwCleaners rather blunt filter.

As far as malware defenses if you don't want just Windows Defender, the top three are currently, Avast or Panda Free Anti-virus. I've heard good things about AVG (They used to be number 1 till they pushed an update one week that blue-screened computers by deleting key windows keys but people are starting to trust them again) and Sophos (Never used it myself) I'm still on Avaira myself because it's yet to fail me.

I'm thinking of dumping AVG because of their incessant ads. They even had one that popped open in the middle of the screen as I was browsing the web. I might use Spybot again if they haven't complicated the damned thing.

[Edi]

Get rid of Java and Silverlight, use an adblocker like uBlockOrigin and use an actual antivirus software. IF you absolutely must use something that you are not willing to pay anything for, Avast is the best of a bad lot. Note that I am NOT recommending it. It's crap, but it's a lot less crap then the other free shit out there.

Other things to help you keep the machine clean is not take part in any online quizes and such. Those are often vectors for all kinds of nasty shit.

[Borgholio]

now the question is, should I re-install ByteFence? It came with the computer

Found the answer for that, ByteFence is classified as adware by AdwCleaner because it uses inject ads in all browsers if you don't have the pro version. However because programmers are lazy the pro verison still has the adds it just never displays them but this triggers AdwCleaners rather blunt filter.

As far as malware defenses if you don't want just Windows Defender, the top three are currently, Avast or Panda Free Anti-virus. I've heard good things about AVG (They used to be number 1 till they pushed an update one week that blue-screened computers by deleting key windows keys but people are starting to trust them again) and Sophos (Never used it myself) I'm still on Avaira myself because it's yet to fail me.

I'm thinking of dumping AVG because of their incessant ads. They even had one that popped open in the middle of the screen as I was browsing the web. I might use Spybot again if they haven't complicated the damned thing.

I already got rid of AVG for exactly that reason. I'm using Windows Defender until I find another one I like. Avast marked nearly every file on my computer as a false positive so that one is out...

[Elheru Aran]

NoScript is one of my mandatory addons for Firefox. It does make some things a bit of a pain, but I'd rather have that than deal with malware.

[InsaneTD]

Apparently QuickTime is now an especially good vector. Seems Apple are refusing to do security updates for it.

http://blog.trendmicro.com/urgent-call- ... ows-today/

Link for those that want more info.