Offers4U malware/spyware - Multiple solutions tried - Zero luck!

[HBgamer]

Hi guys, hope all is well.

I've been attempting to fix possibly the most vicious piece of spy/malware I have ever personally experienced and am having no luck whatsoever. Yesterday I turned on my PC to find it was unbelievably slow at start-up (a good 10 minutes until I was able to open Chrome) and when I went onto Amazon I found out why. A huge banner along both the top and bottom of the screen appeared in front of me showing shopping deals linked with my current web page.

After some digging I found that the malware was called Offers4U. I went through the usual motions of attempting to disable using it's own settings cog, removing an extension from Chrome (nothing there), resetting Chrome completely, going into add or remove programs to hunt it down (again nowhere to be seen) but still the problem persisted.

I did the obvious and searched online and found a fair few people have been hit with the same thing but found solutions. I followed step after step and while some people were granted relief from option B or E or N I am stuck here having tried everything and the damn thing is still flashing it's awful bargains in my face.

At the last count I have ran a full scan with Avast, MalwareBytes, AdwCleaner, CC Cleaner and iObit Malware Fighter but none have found the file in question.

I read that the free version of SpyHunter 4 wasn't the best but was good at revealing / deleting rootkits (which I believe this is) so in a moment of frustration I went for it. It ran a full scan, took nearly 2 hours, apparently found 162 problems then tried to charge me £31 to fix them!!! Of course I asked for this and understand that in a moment of weakness / stupidity downloaded a terrible program. Please don't ridicule me I already feel bad enough!

I am now in the process of using MalwareBytes Anti-Rootkit beta program to see if that sniffs it out. But past that I really am out of ideas. If anyone could advise on the virus itself, what tools I should aim to use or any other opinions that would be massively appreciated. I would rather avoid wiping and starting over as I have a fair amount of music / videos / pictures / installed games I could do without the hassle of shifting

Thanks in advance. HB

 

[Math Geek]

since it is so new, try a system restore to an earlier time. go back a week or so if possible. this often works for me. if it does not and since you have tried all these other options, it might only be solvable through a windows install.

a second option is to boot into safe mode and try to seek out and delete the files, registry entries and any other place you can find with it.

not to beat a dead horse but this is why i suggest people keep data on a separate partition at the least or even better on a separate drive to prevent such issues. if your data was on a different partition, then dropping a windows disk in would be easy and little worry for you. something to think about

 

[HBgamer]

since it is so new, try a system restore to an earlier time. go back a week or so if possible. this often works for me. if it does not and since you have tried all these other options, it might only be solvable through a windows install.

a second option is to boot into safe mode and try to seek out and delete the files, registry entries and any other place you can find with it.

not to beat a dead horse but this is why i suggest people keep data on a separate partition at the least or even better on a separate drive to prevent such issues. if your data was on a different partition, then dropping a windows disk in would be easy and little worry for you. something to think about

Thanks for the quick reply. I have the majority of 'bulk' files on my second HDD but surely it's possible for the virus to be within there somewhere? I have recently bought an SSD I hoped to install this week. I was going to use the software that came with it to transition files etc and have Windows and core programs on the SSD but it's looking increasingly likely I'll have to start over. It's just such a chore when I have saves for 200+ steam games among other things.

One thing I'm not too familiar with is the booting in Safe Mode option. While I have done so in the past during issues I have never played with the registry in this state. Could I just work my way through and delete items without it creating a serious lasting effect or is it just a method to find the issue, then you revert back to Normal Mode and delete the same key?

 

[Math Geek]

the virus/malware sets itself to run when windows boots up and can be really good at misleading or outright messing up programs trying to detect and remove it. safe mode boots up only the basic core windows and nothing else. this is good for troubleshooting and for removing things that don't want to go. the virus won't be running in safe mode and therefore the malware scan or manual deletion will be easier to do.

press f8 at startup to get into safe mode, then run your scans from there and see if that helps. you can edit the registry and delete files and such from here and then if you think you have it, reboot back to regular windows and see if it is gone.

the good news is you wish to migrate to an ssd anyway. so the windows install is not a total waste. your steam saves should be in the cloud and will reinstall with the game and the virus should not be hiding in your data. if you remove the drive and put the ssd in alone, then install windows. you will be safe to then hook up the second drive, move the data you wish to save and then format it to remove the malware from it for it's use as a back-up drive.

 

[HBgamer]

the virus/malware sets itself to run when windows boots up and can be really good at misleading or outright messing up programs trying to detect and remove it. safe mode boots up only the basic core windows and nothing else. this is good for troubleshooting and for removing things that don't want to go. the virus won't be running in safe mode and therefore the malware scan or manual deletion will be easier to do.

press f8 at startup to get into safe mode, then run your scans from there and see if that helps. you can edit the registry and delete files and such from here and then if you think you have it, reboot back to regular windows and see if it is gone.

the good news is you wish to migrate to an ssd anyway. so the windows install is not a total waste. your steam saves should be in the cloud and will reinstall with the game and the virus should not be hiding in your data. if you remove the drive and put the ssd in alone, then install windows. you will be safe to then hook up the second drive, move the data you wish to save and then format it to remove the malware from it for it's use as a back-up drive.

Hello again. Sorry for late reply - I was attempting a few more scans etc before coming to the sorry conclusion I will have to migrate Windows and format the existing drive.

For some reason I couldn't get my PC into Safe Mode. It didn't matter what I tried, when I started pressing F8, how often, if I held it - nothing would bring up the boot option screen. Weird. I've definitely done it before so seemed a bit odd.

So my plan is to spend the first hour or so after work moving anything I need from the current Windows HDD to my secondary (which, luckily, has most of the files I wish to keep anyway). The main C drive is mainly game installs which I can easily redo - however the saves are still a ball-ache. While some are within Steam Cloud the majority aren't and I have other games from other means / librarys (e.g. Origin/Uplay) which will need to be manually handled.

I'm not 100% I know where my Windows 7 Home disc is but I've seen before it's fairly simple to burn a new one?

 

[Math Geek]

it is easy to get and burn a new iso if you need it. MS offers it through their site and only asks for your key to authorize the download. then just burn it and install away. here is the link to MS recovery site http://www.microsoft.com/en-us/software-recovery

you will want something to burn the iso with if you don't already have one. win 7 has an add on you can install that will do it or you can use one of the may other image burners out there.

 

[HBgamer]

it is easy to get and burn a new iso if you need it. MS offers it through their site and only asks for your key to authorize the download. then just burn it and install away. here is the link to MS recovery site http://www.microsoft.com/en-us/software-recovery

you will want something to burn the iso with if you don't already have one. win 7 has an add on you can install that will do it or you can use one of the may other image burners out there.

Hi Math Geek. When I got home I decided to try to get into Safe Mode one more time as I was switching it on anyway. Surprise surprise it worked and I managed to start up as I'd wanted to last night. I left MalwareBytes running a full scan while I made dinner and when I came back it had found one single file. It didn't look/sound like it had anything to do with the Offers4U virus but it was within the registry so I removed it.

Went back to Normal Mode and, as of the last 20 minutes, I have been virus free. I've restarted and tried numerous sites / browsers and nothing appears any more so I may be in luck.

My next step is to progress onto the SSD install. Do you think it's now worth using the Samsung migration software to transfer what I need from the current HDD to the SSD then continue to use the HDD after. Or do you think it's not worth the risk and I should format the current was-infected HDD just to be sure?

 

[Math Geek]

i'd format it to be sure. better safe than sorry. copy what you need to save and then just clean it for safety sake.

glad the safe mode worked as it does not always. but it is always a good thing to keep in mind. i tend to let this be my first stop, since it keeps the bad file from running and messing with any scans.