Persistent Warning

[Juliet]

Possibly a connection, I really don't know.

Hold off on downloading another then.

DelFix

• Please download DelFix or from Here and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Activate UAC
• Remove disinfection tools
• Click the Run button.
• -- This will remove the specialized tools we used to disinfect your system.
  Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**************

 

[gin_jammer]

Here's what Delfix did:

# DelFix v1.010 - Logfile created 07/02/2018 at 09:55:51
# Updated 26/04/2015 by Xplode
# Username : Ed - ED-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Ed\Desktop\Addition.txt
Deleted : C:\Users\Ed\Desktop\AdwCleaner.exe
Deleted : C:\Users\Ed\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Ed\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\Ed\Desktop\Fixlog.txt
Deleted : C:\Users\Ed\Desktop\FRST.exe
Deleted : C:\Users\Ed\Desktop\FRST.txt
Deleted : C:\Users\Ed\Desktop\HijackThis.exe
Deleted : C:\Users\Ed\Desktop\RogueKiller_portable32.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

 

[Juliet]

Your good to go!

 

[gin_jammer]

Okay! Thank you very much.

 

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

 

[Juliet]

Re-opened

For the most part, if you see a browser based tech support scam, then you can simply close the browser and start it again.


please download Emsisoft Anti-Malware
https://www.bleepingcomputer.com/download/emsisoft-anti-malware/

Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup_bc.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.


If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking you to agree to a license agreement. Please access the agreement and click on the Install button to continue with the installation.

You will eventually get to a screen asking what type of license you wish to use with Emsisoft Anti-Malware.
select the Freeware or Test for 30 days, free option. If you receive an alert after clicking this button that your trial has expired, just click on the Yes button to enter freeware mode, which still allows the cleaning of infections.



You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and select your choice to continue.(Users choice)

Emsisoft Anti-Malware will now begin to update it's virus detections.

Please be patient as it may take a few minutes for the updates to finish downloading.


When the updates are completed, you will be at a screen asking if you wish to enable PUPs detection. We strongly suggest that you select Enable PUPs Detection to protect your computer from nuisance programs such as toolbars and adware.


You will now be at the final installation screen. Please click on the Finish Installation button end the setup and automatically launch Emsisoft Anti-Malware.

Emsisoft Anti-Malware will now start and display the start screen.

At this screen, please left-click on the Scan section.

You will now be at a screen asking what type of scan you would like to perform.

Please select the Malware Scan option to begin scanning your computer for infections. The Malware Scan option will take longer than the Quick Scan, but will also be the most thorough.

Please be patient while Emsisoft Anti-Malware scans your computer.

When the scan has finished, the program will display the scan results that shows what infections where found.
Please copy and paste this into your next reply.

Now click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so. Otherwise you can close the program.

 

[gin_jammer]

Downloaded EMSISOFT, but when I tried to run installation, I got a popup (see attached image) saying I needed to remove AVG. I'm reluctant to do so without first asking you about it.

 

[Juliet]

I see, thats from installing and using it for free for the 30 day trial period.

Let's try something else.

Malwarebytes Anti-Malware (MBAM)

• Open Malwarebytes Anti-Malware.
• Click the Settings tab, followed by Detection and Protection and place a checkmark next to Scan for rootkits.
• Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
• Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
• If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs, followed by the first Scan Log.
• Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

ESET Online Scanner

• Download and execute ESET Online Scanner
• Check the following settings (two of them are under Advanced Settings, click on it to display them):
  • Enable detection of potentially unwanted applications
  • Enable detection of potentially unsafe applications
  • Scan archives
  • Scan for potentially unsafe applications
  • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan
• After you're done checking these options, click on the Scan button and ESET Online Scanner will download its virus signature database before starting the scan
• Once done, the scan will start automatically. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete
• On completion, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined
• Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply
• Once you're done, click on the Back button, then click on the Finish button

~~~~

Please post these 2 logs when finished.

 

[gin_jammer]

I tried to download Malwarebytes, but was denied. See attachment.

 

[Juliet]

Please follow this link to run the MalwareBytes Clean up tool and download a current version.
https://support.malwarebytes.com/docs/DOC-1112

 

[gin_jammer]

Did the Malwarebytes cleanup and installed new version. When I ran it, there were no threats found, see attached image.

 

[Juliet]

Good deal

What we can do is to install a tool that helps stops malicious java scripts, many people don't care for the tool since it can take quite a while to get used to.

NoScript
https://noscript.net/

How is the computer now?

 

[gin_jammer]

I got hit with the fake "warning" (which also halts my browser) twice in one day, and then I haven't seen it again since I notified you that it was back. Do you have any idea what triggers it?

 

[Juliet]

These are fake warnings - scams.

Please read: PSA: Tech Support Scams Pop-Ups on the Rise
https://blog.malwarebytes.com/threat-analysis/2014/11/psa-tech-support-scams-pop-ups-on-the-rise/

Also please read: Beware of Phony Tech Support Scams
https://www.bleepingcomputer.com/fo...-security-questions-best-practices/?p=3897161

Use the task manager to close your browser.
How to Use the Task Manager in Windows 7
http://windows.microsoft.com/en-us/windows/end-process#1TC=windows-7

 

[gin_jammer]

Some questions before I try anything else:

1 - When I clicked on "http://windows.microsoft.com/en-us/w...#1TC=windows-7" to see what I could learn about using Task Manager in Windows 7, I did not find anything about Task Manager use. Can you steer me to it?

2 - You cautioned that some users don't care for the NoScript tool. Can you be more specific about that?

3 - I have not seen the fake warning pop-up in more than a week. Do you know if something specific triggers it, or whether it launches itself at random time intervals?

 

[Juliet]

Some questions before I try anything else:

1 - When I clicked on "http://windows.microsoft.com/en-us/w...#1TC=windows-7" to see what I could learn about using Task Manager in Windows 7, I did not find anything about Task Manager use. Can you steer me to it?

2 - You cautioned that some users don't care for the NoScript tool. Can you be more specific about that?

3 - I have not seen the fake warning pop-up in more than a week. Do you know if something specific triggers it, or whether it launches itself at random time intervals?

I'll supply a different link for task manager.
What I attempt to teach people is how to keep the window for task manager open, look at resources being used and which app or .exe is using the most and if it should be.
https://support.microsoft.com/en-us...troubleshoot-issues-with-windows-task-manager
Myself, I don't allow self updaters to run. If a tool or program needs to update I go to the tool myself or to the web site to check.
This would apply to Adobe, Firefox, Chrome, Windows Updates, Java....it's a long list.

NoScript. Can be a handy tool to add to browsers. It has a way of being complicated but does do a good job on blocking out java script.
Some consider it annoying to use because you have to open the tool from your addons list to disable it to run on sites you know to be legit. (Then leaving the site enable it again)
Which, in itself can be a guess because at times some legit sites can be altered or attacked with malicious scripts and the developer of the site doesn't always know this without interactions from people who visit and or some kind of alerts to a problem.

fake warning pop-up in more than a week <= this is good.
I don't think it launches itself at random time intervals but rather it was web site related. What you can do and, to all those who might read over this topic is to buckle down with good security and layered protection in an aid to fight in browser protection.

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

• uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
• HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
• Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
• NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
• uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
• LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

• The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer on Heimdal Security
• Seven Useful Habits For A Safer Internet on Kapsersky Blog
• Tips for Secure Web Browsing: Cybersecurity 101 on VeraCode
• Safe browsing habits on Internet Safety Project Wiki

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

created by Aura

 

[Juliet]

Are we finished?

 

[gin_jammer]

Every time I begin to think we are, the pop-up reappears, sometimes after several days of not having done so, and always for no apparent reason...except that I have my browser running. It of course does no permanent damage, but it stops whatever I'm trying to do at the time. Do you have any other removal tools I can try?

 

[Juliet]

We can continue to scan the computer till the cows come home.
My opinion is, it's coming from a web site your visiting.

Tried a different browser and have the same luck?

~~~~~~~~~~~~~~~~~~~~~~

Zemana AntiMalware - Fix

• Download and install Zemana AntiMalware
• Open Zemana AntiMalware, and click on the Scan button
  
  
• Wait for the scan to complete
  
  
• Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
  
  
  
  
  
• If it asks you to reboot your computer to finish the clean-up, do so
  
  
• After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
  
  
• A log will open in Notepad
• Copy/paste the content of that log in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~`

• Please download HitmanPro from here (32-bit) or here (64-bit).
• Double click on
  
  to start the program. (Windows Vista/7/8 users: Accept UAC warning if it is activated)
  Note: If HitmanPro refuses to start then please hold down Ctrl when starting HitmanPro to activate Force Breach.
• When HitmanPro's main screen appears, choose Next.
• Place a checkmark in I accept the terms of the license agreement, then click Next.
• Choose No, I only want to perform a one-time scan on this computer, then click Next.
• Wait for HitmanPro to finish scanning your computer. This should take about 5 to 10 minutes.
• When the scan is finished, all detected items will be displayed.
• Referring to the screenshot below, click on the dropdown menu of an item in the list (if any) -> choose Apply to all -> click Ignore <= IMPORTANT!
  
  
• This should apply the "Ignore" function to all detected items in the list. Then click Next.
• Click Save log at the bottom of the HitmanPro window, and save the opened file to your Desktop.
  
  
• Please Copy and Paste the contents of the log in your next reply.

 

[gin_jammer]

Can I keep my browser open while running these so I may refer to your step-by-step instructions?