PDA

View Full Version : how can I identify what to delete



pdrury
2015-01-27, 04:21
I have done my first deep Rootkit scan to try to find something hidden that is triggering unwanted tabs and shopping popups. I have done may malware scans and none found. I see from the threads that many of the unknown ADS it found relate to photos and are OK but is this what is causing my problem? I haven't managed to trace it yet. If I do should I delete it?

\C:\Users\All Users\TEMP:373E1720:$DATA

By the way The Rootkit scan results display has now frozen so I cannot scroll down to look for any other unrecognisable results!

pdrury
2015-01-27, 04:52
Further to previous thread.

I have done my first deep Rootkit scan to try to find something hidden that is triggering unwanted tabs and adware such as Offer4U. The unwanted tabs relate to offer to clean my registry, speed up my PC etc and pop up when I click on a link .... before the link I DO want has had a chance to load.

I have done repeated malware scans. I traced and deleted what was found initially and now none is ever found. I see from the threads here that many of the unknown ADS the rookit scan found relate to my photos and are OK but is THIS what is causing my problem?

\C:\Users\All Users\TEMP:373E1720:$DATA

The File properties show it was created on 18th Sept which, I think, was about the time I first noticed a problem. I haven't managed to find it by tracing the pathway shown. Should I delete it in the rootscan results? Can anyone advise please? Thanks.

tashi
2015-01-27, 05:35
Hello pdrury,

That's a temp file which doesn't show anything on its own. :)

For someone to take a look at the system please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer analyst will advise and guide.

First see that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Best regards.