Getting rid of spyware

Every week I run my virus-scanner, I get the same 3 threats pop up. I quarantine/delete them but the next week they are back again.

I don't visit any dodgy sites so I can only presume I picked up something nasty at some point and the virus scanner is only detecting/deleting part of it, and leaving something that keeps on reinstalling it. Any tips how to get rid of it?

FWIW I use AdAware Antivirus (free version), Microsoft Security Essentials and Spybot Search & Destroy.

What is it that keeps popping up? And have you punched it into a search engine to check the severity of it?

Run Malwarebytes and see what it says
 
Recently picked up a trojan in a scan in an application (not on this comp, on a separate one) I'd already launched. Initially it wouldn't let me delete it but my antivirus put the file in to the virus vault. I've ran plenty of scans, spybot, malwarebytes, Rkill in safe mode, combofix, and nothing has come up.

Is it gone? Anything else I should do?
 

Upton Sinclair

Norm Smith Medallist
Suspended
Jul 31, 2011
5,441
2,016
AFL Club
Collingwood
To everyone with malware: download ComboFix, get log, post on BleepingComputer...

Rinse and repeat....
 

Donners

Cancelled
Ex-Moderator
Sep 1, 2002
4,681
1,830
AFL Club
Sydney
I was just casually browsing the Internet (legit sites too, mind you) when my browser abruptly crashed. That being nothing unusual, I thought nothing of it - until two other things crashed.

Then one of those nasty ransomware messages popped up (ie. Your computer has been locked by the Australian Federal Police and you must pay a fine of $100 to unlock it, etc). There was no way around it through Task Manager or logging out.

Thankfully I had read about those, so I restarted in safe mode and loaded up system restore - only for the computer to abruptly restart. Sneaky! I restarted in safe mode with command prompts, and thankfully was able to run system restore that way, and kill off the bastard.

Looking through the event log was quite terrifying. My anti-virus was going utterly berserk, taking out eight trojans in a matter of seconds (one of them must have dropped/downloaded a bunch), including some pretty nasty ones. Then one of them managed to switch it off, as well as taking out my firewall, minimising my browser's security settings and fiddling with a whole bunch of other things before launching the ransomware interface.

I still have no idea how it happened, given that I was browsing popular and legit sites which have not caused me problems before or since, but it was quite an experience.
 

The Passenger

The passenger, I am...
Veteran 10k Posts 30k Posts Sensible Type WCE Wings Guernsey
Mar 25, 2003
35,681
28,332

you've probably had some sort of java plug in issue. even if it isn't this advice should be heeded by all:

https://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

unless you have a compelling reason to running a java plug in, then you should have it disabled at the moment. in fact i can't think of one reason to have the java plug ins running right now. maybe enable them temporarily when you need to do something but that would be it. there have been some serious security issues discovered in the past month. i'm not 100% sure if it affects older versions, but it all came to a head when oracle released java 7 update 10 in early to mid january.

if you do need to run a java applet permanently, then most likely your a developer of some sort so you should know of the security risks. if not, then what i would recommend is to have two profiles with chrome or firefox. one for your regular browsing and one for your secure browsing such as banking, e-mails etc,. with your secure profile ONLY visit the sites that you need to, and ALWAYS close your regular profile whilst on those sites.

i don't run any java plug ins (java is the number one cause of internet infections every single year) so i haven't followed it too closely... so i may not be 100% accurate here but my understanding is what was discovered was that it was possible to run java plug ins automatically, getting around the user setting "ask before running plug ins". so someone could write a malicious applet such as a keylogger, inject it into a legitimate looking site and have it run automatically when you open that page. so whilst you continue to have that page open the applet is logging your keystrokes. that was my understanding of the main flaw that was found.

Donners you may have been browsing what you thought were legit web sites, but it isn't out of the realms of possibility that they were temporarily compromised or something like that.

going a bit further, i don't see much of a reason why anyone should have java on their computer at all. i'd recommend, uninstalling and only reinstall (which is easy to do) if something stops running. the whole java platform has fallen to s**t in recent years. android is about the only thing keeping it relevant at the moment imo (and it's a pretty handy trump card to be fair). if you do need to have java on your computer, make sure you have java 7 update 13 or java 6 update 39.

someone might ask about android now because it's pretty much based on java which is true. as at this moment though there doesn't appear to be any major security holes on the android. the reason for this is because android uses a virtual machine called Dalvik to process java files. Computers use a virtual machine called the Java Machine Virtual (original), and it's the JVM that is compromised at the moment.

That's not to say Dalvik is completely secure, I'm sure there are some exploits out there that are unknown at the moment.
 

Donners

Cancelled
Ex-Moderator
Sep 1, 2002
4,681
1,830
AFL Club
Sydney
There was a zero-day Java exploit which was noticed in mid-January and my issue was on the morning of 19 January, so it fits. I'm mostly using my iPad for browsing these days; it's not the first time I've had issues.
 

The Passenger

The passenger, I am...
Veteran 10k Posts 30k Posts Sensible Type WCE Wings Guernsey
Mar 25, 2003
35,681
28,332
There was a zero-day Java exploit which was noticed in mid-January and my issue was on the morning of 19 January, so it fits. I'm mostly using my iPad for browsing these days; it's not the first time I've had issues.

almost certainly that is the case man. this java thing is bad. oracle have pretty much ****ed up java.
 

efbe

Draftee
Mar 30, 2014
2
0
AFL Club
Sydney
Linux is the answer, you will never have Malware or any virus problems again...
Try Zorin OS, Linux Mint or Ubuntu. If your not into heavy gaming, then Linux will suit your needs without the fear of viruses.
 

The Passenger

The passenger, I am...
Veteran 10k Posts 30k Posts Sensible Type WCE Wings Guernsey
Mar 25, 2003
35,681
28,332
Linux is the answer, you will never have Malware or any virus problems again...
Try Zorin OS, Linux Mint or Ubuntu. If your not into heavy gaming, then Linux will suit your needs without the fear of viruses.
Mint is sweet.

Currently using Fedora 19 at work for a project and that's pretty good. Had to dual boot onto my laptop so I can use that too and the laptop is running considerably slower since installing it, even when I'm using Mint. The machine is on the back end of it's life though.
 

I hate trolls

Rookie
Apr 21, 2014
30
5
AFL Club
North Melbourne
Make sure you have an awesome anti virus software program because if you don't you're in trouble with trojans and other things that go wrong with your computer.
What I have on my computer is Kaspersky 2014 internet security. It's great because it protects you for 2 years.
 
I logged on to Skype and someone NOT on my contact list was instant messaging me like they were already on it, acting like they knew me AND then tried to get me to click on a website link. After a brief conversation (in a nutshell i said that unless they can verify that they know me the conversation is stopping now), i blocked and then clicked on the "report" button.

The skype account i was on has not been hijacked and taken over (that i know of anyway), i changed the password to that and the other websites i was using at the time. I deleted the saved password history that my browser had and changed the passwords to my important accounts (e-mail, several forums, internet banking etc).

Clearly my computer is compromised in some way but without knowing, i'm actually going to the effort of backing up the important stuff (music, movies, photos - not all of it is porn!) and then will format and reinstall windows. To add to the paranoia i am also going to change the password to my router and SSID password in case the mystery person now knows what it is.

I don't remember what the site url is now, but it was some social network link (not twitter or fb), i looked up the address and did a whois on the domain and such, it's registered to someone in Texas that used a yahoo address to register the domain, the domain itself expires in November. Strangely enough i googled a few of those sites that give a ranking or say whether a site is safe or not. Most of the sites i ran the url through said the site was safe, only one gave it a bad rating. The Alexa traffic for it is another reason for me to think it was a phishing scam - the Alexa traffic for it doesn't match up, obviously only a few hundred people are dumb enough to click on it each day...................... but there was something like 80,000 visitors over the last month.

Am i over reacting or doing the right thing in formatting my pc and starting again ?
 
Sep 4, 2005
5,994
3,354
AFL Club
Western Bulldogs
Other Teams
Newcastle Jets
Anybody ever have the issie with bettermarkit adds? Never encountered anything so annoying in my life. All the sites say use something like malwarebytes free etc. But these programs after a scan requite an activation code to do any clean up. I've done all the over manual stuff but its all hidden and still there.

So what programs clean for free or can anyone point me in the wright direction of locating these files.
 
Oct 31, 2013
14,824
19,339
Brisbane
AFL Club
Brisbane Lions
Anybody ever have the issie with bettermarkit adds? Never encountered anything so annoying in my life. All the sites say use something like malwarebytes free etc. But these programs after a scan requite an activation code to do any clean up. I've done all the over manual stuff but its all hidden and still there.

So what programs clean for free or can anyone point me in the wright direction of locating these files.


Malwarebytes clears it for me, always asks to upgrade but gives me an option to skip and it cleans the computer. Also go through your control panel and uninstall programs, anything that looks weird get rid of it
 

Engimal

Cancelled
10k Posts North Melbourne - 2018 Luke Davies-Uniacke and Paul Ahern Player Sponsor Pantskyle Minecraft Shiny Penny Ruby
Apr 27, 2010
11,237
16,193
Tasmania
AFL Club
North Melbourne
Anybody ever have the issie with bettermarkit adds? Never encountered anything so annoying in my life. All the sites say use something like malwarebytes free etc. But these programs after a scan requite an activation code to do any clean up. I've done all the over manual stuff but its all hidden and still there.

So what programs clean for free or can anyone point me in the wright direction of locating these files.

Malwarebytes shouldn't be used alone. I'm pretty sure it even states itself that it's supposed to be used "alongside your antivirus". I'd go with a free antivirus such as AVG.
 
Mar 1, 2014
13,887
17,507
People's Republic of Onkaparinga
AFL Club
Port Adelaide
Other Teams
Cronulla Sutherland Sharks
Chapter one...

I inherited Sweet Page from an attempted download of Firefox. In case anyone is wondering I had a program that claimed only to work in IE or Firefox, as it was not working in IE I decided to try Firefox. The Mozilla mirror site was obviously infected with this pest.

I then fell for one of the oldest ruses going in that I Googled sweet page removal and took what looked to be good option. I should have then Googled Reimage and read what others had to say, had I read the reviews of this lemon I would not have used it. Reimage creates more problems than it solves as I suspect it removes some Windows settings and replaces them with it's own. Reimage is one of those programmes that is just as bad as the malware it claims to remove.

The really annoying bit is that I could have removed Sweet Page with Windows uninstall. In the end I uninstalled sweet page with Windows. I also inherited a pest called Clean Adds or a similar name which planted itself in IE. Not sure if this was part of the Sweet Page problem or a separate issue or if it was something the Reimage lemon bought with it.

Getting rid of Reimage and this Clean Adds pest was not easy. If you try to uninstall Reimage with Windows you get a pop up loop which tells you that Reimage has to restart your computer before it can uninstall. Of course there is no uninstall just a loop.

I finished up doing a Windows Refresh which took Windows 8.1 back to its installation settings which meant that I had to reinstall video drivers and software. I had attempted a System Restore but McAfee kept blocking this action and switching McAfee off is no simple task.

All this was my own fault but be careful of Firefox downloads and this Reimage mob.

Chapter two...

Have you ever locked yourself out of the house and had no spare key? A similar thing happened to me yesterday. I recently bought a new system with Windows 8.1. Those of you with 8.1 will know that Gates Inc. do everything they can to get you to open a Microsoft User Account. I resisted but eventually went shopping in the Microsoft on line store and found that I had to have an account. Once you open an account in 8.1 you need to register a password. The problem is this then means that every time you want to boot up your system you need that password. The password is a good idea if you have multiple devices using the same OS but if like me you only have a desktop it is bloody annoying. The password can can be switched off by running [netplwiz] at the command prompt then unchecking the user password box. I did this and all was fine but...

Yesterday I became curious and decided to take a look in my system settings. I noticed that my system did not have a name it was simply labelled PC. I decided that it would be nice if my friend had a name so I gave it one. Big mistake because when prompted I rebooted and low and behold there it was, a please enter password box. The problem was I had forgotten the password and my record of it was on the computer. How to get in? Windows told me that if I had forgotten my password I could simply use a password reset disk. Err, what is that I thought had never heard of this. No way of getting in.

Then I remembered I had backed up my data files to a USB the day before and there was a chance my password would be on it. I still had my old system so I hooked it up, inserted the USB and there it was... my password. After re hooking the new system I was right but boy you can easily get locked out of 8.1 if you do not create a password reset when you open a Microsoft Account and if you play about with things. It would have been helpful if Windows had told me that changing the computer name would mean I needed my password to get back in but the Gates Empire is not so helpful these days.

The moral in this is, if it ain't broke don't try to fix it and if you do succumb to opening a Microsoft Account thus providing Gates with your details, make a password reset disc and keep it in a safe place just in case.
 
Mar 1, 2014
13,887
17,507
People's Republic of Onkaparinga
AFL Club
Port Adelaide
Other Teams
Cronulla Sutherland Sharks
Malwarebytes shouldn't be used alone. I'm pretty sure it even states itself that it's supposed to be used "alongside your antivirus". I'd go with a free antivirus such as AVG.

I am pretty sure that AVG is not free these days. You get a 28 day trial before they want you to purchase.

I cannot understand why people feel the need for free anti virus anyway. We spend money on a system or multiple devices yet balk at paying $50-70 for effective anti virus. I have McAfee Total Protection and it only cost me $39.00 this year and it is worth the money to protect my investment. I am not trying to flog McAfee over other products as has its problems and Kaspersky, Norton etc. probably do the same job but I would not buy a new car and not insure it so I will not buy computer devices and not safeguard them.

In any case even the best anti virus is not going to stop malware or PUPs as some it comes from supposedly safe sites and is not really a virus. In the previous post I explained that I picked up Sweet Page with an attempted Firefox download via the Mozilla site. You would not expect to get malware from Mozilla.
 

Engimal

Cancelled
10k Posts North Melbourne - 2018 Luke Davies-Uniacke and Paul Ahern Player Sponsor Pantskyle Minecraft Shiny Penny Ruby
Apr 27, 2010
11,237
16,193
Tasmania
AFL Club
North Melbourne
I am pretty sure that AVG is not free these days. You get a 28 day trial before they want you to purchase.

I cannot understand why people feel the need for free anti virus anyway. We spend money on a system or multiple devices yet balk at paying $50-70 for effective anti virus. I have McAfee Total Protection and it only cost me $39.00 this year and it is worth the money to protect my investment. I am not trying to flog McAfee over other products as has its problems and Kaspersky, Norton etc. probably do the same job but I would not buy a new car and not insure it so I will not buy computer devices and not safeguard them.

In any case even the best anti virus is not going to stop malware or PUPs as some it comes from supposedly safe sites and is not really a virus. In the previous post I explained that I picked up Sweet Page with an attempted Firefox download via the Mozilla site. You would not expect to get malware from Mozilla.

Agreed. I just didn't want to recommend someone a paid product like it was their only option. I haven't used AVG is years so I'll take your word on its price.
 
Jul 11, 2012
9,104
14,913
AFL Club
Hawthorn
I keep getting this warning your java is out of date crap.. anybody else had this before, very annoying

java.png
 
Back