Question adware not getting detected by anything

daniyalkh14

Honorable
Oct 13, 2017
42
0
10,530
hello guts, i got a serious adware on my system it causes popups on my google chrome like getstreamall, pdfpros,latestsocial,installpdf maker paidonlinesites, the virus is also blocking access to all antivirus sites and creating unknown programs at windows startup, i have tried malwarebytes,hitman pro ,ccleaner (trial versions) and searched for any unknown program in add or remove program utitilty in control panel but no luck,i'm getting really pissed that i cant trace this adware ,please help me out in this situation
 

Ralston18

Titan
Moderator
More information needed - OS and software installed on your system?

Where did you get the Google Chrome software?

Windows 10: Look in Task Manager to see what apps are being launched at startup - look for any that you do not recognize or otherwise do not understand what/why they are in startup.

May have snuck in with some other software application being installed. And are now wreaking havoc....

I would start by uninstalling (if possible) Google Chrome.
 
check all your chrome extensions first (chrome '3dots ' pulldown/more tools/extensions), as often one will sneak it's way in there, and give you constant junk headaches forever after.

Do you have a restore point(s) from before your 'unwelcome addition' pop-ups started? (a week ago, last month, etc.)

run a freefixer scan, and examine every line carefully...or post screenshots of it's multi-page output here, I'm sure many folks will be able to spot any miscreant entries...
 

daniyalkh14

Honorable
Oct 13, 2017
42
0
10,530
check all your chrome extensions first (chrome '3dots ' pulldown/more tools/extensions), as often one will sneak it's way in there, and give you constant junk headaches forever after.

Do you have a restore point(s) from before your 'unwelcome addition' pop-ups started? (a week ago, last month, etc.)

run a freefixer scan, and examine every line carefully...or post screenshots of it's multi-page output here, I'm sure many folks will be able to spot any miscreant entries...
i checked the extensions and found nothing unwanted ,reset chrome nothing changed

the freefixer log file is really long , i uploaded it to google drive here is the link
https://drive.google.com/open?id=1V9zHAv-N0E7SpwUhBFGBXB16h4DNjUa0
see if you can find something causeing adware
 

daniyalkh14

Honorable
Oct 13, 2017
42
0
10,530
More information needed - OS and software installed on your system?

Where did you get the Google Chrome software?

Windows 10: Look in Task Manager to see what apps are being launched at startup - look for any that you do not recognize or otherwise do not understand what/why they are in startup.

May have snuck in with some other software application being installed. And are now wreaking havoc....

I would start by uninstalling (if possible) Google Chrome.
os im running is windows 10 home edition bit
there are around 20 softwares that i have installed personally but they are from trusted supplier like nvidia or microsoft
chrome was downloaded from chrome website not from 3rd party website
windows startup has 1 unwanted program that i have disabled
i dont know how this adware got into my system
i dont think deleting chrome can help cuz im also getting popups on edge
 
Last edited:
You have tried rebooting in safe mode and scanning from there?

Get the microsoft Sysinternals utility Autoruns. This will show you MUCH more than what the "start" option will for items being autostarted. You can unhook items from here for next startup as well.

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Run ADWCleaner:


Have you been able to run Farbar? You aren't looking to autofix, you're looking for recent changes in the log files.



You manually checked your services for what is running?
 

daniyalkh14

Honorable
Oct 13, 2017
42
0
10,530
You have tried rebooting in safe mode and scanning from there?

Get the microsoft Sysinternals utility Autoruns. This will show you MUCH more than what the "start" option will for items being autostarted. You can unhook items from here for next startup as well.

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Run ADWCleaner:


Have you been able to run Farbar? You aren't looking to autofix, you're looking for recent changes in the log files.



You manually checked your services for what is running?

most of the sites you are recommending are bloacked cuz of adware, im downloading softwares from another pc,i ran adwcleaner it found some adware in registery and deleted it but no luck,i still cant access anti virus websites and still getting popups i downloaded sysintenal suit there are so many things in there i dont know where to start and what type of scan should i run from safe mode?i got 5 popus while writing this reply ,this is driving me nuts
 
see if you can run process explorer from sys internals/MS, and display Virus Totals as an option...

If you browser is blocking you, you're being redirected....

default your browser ('reset and cleanup' option in Chrome), remove all extensions (more tools/extensions in Chrome) if you don't know which ones are safe...

see if your new hijacked browser will allow a freefixer scan...
 
When using autoruns, put a check in the entry at top menus for "option" "hide microsoft entries"

What you are left with, you may have to research what the entries are, but it will show you what is being autostarted that isn't from microsoft. If you can post screen caps of this list, someone may be able to tell you what is probably good and what entries are suspect

The reason I would guess someone suggested a Chrome wipe and reinstall is that it appears your updater for chrome has been deleted.

If doing a clean reset of chrome (as mdd1963 suggested) does not work, do a clean boot. If the behavior no longer exists, it was one (or more) of those entries to concentrate on. Do you recognize everything being started?
https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

Mandark is correct in that after a certain point, if the malware has damaged windows critical files, changed your DNS , changed many registry entries for functionality that you won't be able to rewrite, from an end-user ease case, it may be easier to kill the current OS install, wipe the partitions, and reinstall from scratch.
 

daniyalkh14

Honorable
Oct 13, 2017
42
0
10,530
i think its getting too complicated chrome restore did not help and virustotal site is getting blocked , best thing to do now is widows reinstall,i have recovery partition of windows 10 ,i know c drive will be wiped but i got too much stuff on other drives ,i know other drives wont be wiped but still anything else i should be worried about?
 

robwright

Distinguished
Feb 16, 2006
1,129
7
19,285
i think its getting too complicated chrome restore did not help and virustotal site is getting blocked , best thing to do now is widows reinstall,i have recovery partition of windows 10 ,i know c drive will be wiped but i got too much stuff on other drives ,i know other drives wont be wiped but still anything else i should be worried about?

This doesn't sound like your typical adware -- it sounds more like pretty persistent malvertising, though I confess I'm not sure what the intent is. Adware usually sticks to the browser of choice, and occasionally they'll block an adware removal tool or two. But whatever you picked up has apparently jumped to other browsers and embedded itself pretty deeply in your system while also blocking different security programs and sites, which is odd.

Couple questions:
Are you getting the same popups on both Chrome and Edge? Or are they different?

Are you getting forced browser redirects or just popups?
 
Does your 'visiting hijacker' allow installation/scanning with freefixer?

Run a scan, and post a few screenshot pics (it'll be a a few screens long) at imgur... (use imgur's 'direct link' to copy pics' links)

IG7SpFv.jpg


Certainly, there will be a point where it might be easiest to throw in the proverbial towel and 'nuke and pave'; a deletion of partition(s) and automatic quick format/reinstall to SSD from USB installer is often only a 5 minute affair any more... (Naturally, it takes longer if reinstalling to a conventional HDD. I'd personally not use the included recovery partition, which will only install the who-knows-how-old factory image unless you are worried about finding correct drivers, etc...; you can make a new Win10 installer with any 8 GB $2 USB flash drive...

https://www.microsoft.com/en-us/software-download/windows10
 
Last edited:
From freefixer

"Free Easy Video Joiner"?

Internet Download Manager?
----------------------------------------------------------------------------
Process Explorer has a little 'Find Windows Process" icon (little cross in a circle) that lets you associate a window with what process is spawning/initiating it...
SImply keep Process Explorer window open, and drag little cross circle over to your popup...

The below screen shot is the result of dragging the circle over to the CALC window...
U4udSjE.png
 

daniyalkh14

Honorable
Oct 13, 2017
42
0
10,530
From freefixer

"Free Easy Video Joiner"?

Internet Download Manager?
----------------------------------------------------------------------------
Process Explorer has a little 'Find Windows Process" icon (little cross in a circle) that lets you associate a window with what process is spawning/initiating it...
SImply keep Process Explorer window open, and drag little cross circle over to your popup...

The below screen shot is the result of dragging the circle over to the CALC window...
U4udSjE.png
yes i had free wasy video joiner ,i deleted it and it didnt change anything ,its seems like whatever i do doesnt work,however i lost my mind last night and tried hp recovery (cuz i own hp laptop),i did a soft recovery ,kept my personal files and system and other softwares were removed and windows was reinstalled,and after that the adware was gone i just had to install my apps again
i thank everyone that tried to help me out in this situtation ,surely someone else will also benefit from all this discussion
again thank you mdd1963,rebwright,cherry blossoms,mandark and ralston 18
cheers!
 

daniyalkh14

Honorable
Oct 13, 2017
42
0
10,530
This doesn't sound like your typical adware -- it sounds more like pretty persistent malvertising, though I confess I'm not sure what the intent is. Adware usually sticks to the browser of choice, and occasionally they'll block an adware removal tool or two. But whatever you picked up has apparently jumped to other browsers and embedded itself pretty deeply in your system while also blocking different security programs and sites, which is odd.

Couple questions:
Are you getting the same popups on both Chrome and Edge? Or are they different?

Are you getting forced browser redirects or just popups?
popups are diffrerent,it seems like adware creates a layer over website where ever i click it jumps to ad
 

daniyalkh14

Honorable
Oct 13, 2017
42
0
10,530
I have an antivirus ESET installed
i think the best thing to do atm would be to go through all the msgs above and do some cleaning in your pc
starting with malwarebytes and their adware cleaner
ckeaning registery with ccleaner
checking startup apps in task manager
check any suspecious program installed
checking chrome extensions and resetting chrome
 
yes i had free wasy video joiner ,i deleted it and it didnt change anything ,its seems like whatever i do doesnt work,however i lost my mind last night and tried hp recovery (cuz i own hp laptop),i did a soft recovery ,kept my personal files and system and other softwares were removed and windows was reinstalled,and after that the adware was gone i just had to install my apps again
i thank everyone that tried to help me out in this situtation ,surely someone else will also benefit from all this discussion
again thank you mdd1963,rebwright,cherry blossoms,mandark and ralston 18
cheers!
Problem is, many of the 'free video players' come with added extras usually not desired by the owner...

Not saying that applies here, but, it would also come as no real shock for such apps to ultimately be the point of entry for such junk as you are now seeing....; once the app is removed, the extra payload that hitched a ride stays for your long term enjoyment..

If you can't track it down with the aforementioned tools, and see no obvious browser add-ons, tasks, etc., at some point a 'delete partitions'/full reinstall will certainly cure it. (a good reason to have a 'quarterly total image backup' of your drive on an external drive. Recovery to the same point at which the image was done can be done in 10-20 minutes...or even 5 -10 minutes if dealing with SSD to SSD image restores....