It started 3 days ago this popup kept appearing on firefox and chrome known as adultcameras.info . I tried everything from malware bytes and spybot S&D but nothing helped. I formatted my PC yesterday but strangely the same popup appeared immediately after visiting a few websites . I didnt opened any malicious websites nor downloaded any cracked software.Can anybody tell me what's happening?
Unfortunately, but rare, there is malware that can attach itself to the MBR, and even memory of some hardware that remains in the computer after a format. Experts in this area will be here to help soon. While waiting you may want to try scanning with ADW cleaner
AdwCleaner Download
After the format, what did you do, reinstall with a DVD, an image?
When you reformatted, did you do all partitions?
Did you visit that site before the popups started?
I would appreciate it if after your problem is resolved you let us know and tell us what action was necessary to stop the problem
Last edited by richc46; 07 Mar 2015 at 08:47.
Might be a good idea to run TDSSKiller to see if you have a rootkit. Some rootkits can survive a reinstall.
Note: When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.
Remove Adultcameras.info pop-up ads (Virus Removal Guide)
After the format, what did you do, reinstall with a DVD, an image? - I used bootable DVD. Formatted c:/ and reinstalled.
When you reformatted, did you do all partitions? - No, i only formatted c:/, d:/ and e:/ remained intact.
Did you visit that site before the popups started? - I am not sure of the origin of this popup. But i am pretty sure i didn't visit any such website.
I tried Tdsskiller and other steps but nothing found.
One more thing i have noticed is that this popup is not very regular. For hours it doesn't show up and then it becomes quite regular. Stays pretty much inactive during morning and noon but becomes very active during night it seems.
Below is a screen shot of process list. Anything suspicious?
I didn't use Hitman 3 Pro until now and here's the log: Sorry for missing it.
Malware _____________________________________________________________________
C:\Users\icon\Downloads\YTDSetup.exe
Size . . . . . . . : 103,896 bytes
Age . . . . . . . : 5.9 days (2015-03-06 19:28:23)
Entropy . . . . . : 7.2
SHA-256 . . . . . : D20B0AEBB6BFB8AC7496D325C9A6FA0D71A17ED6FD9FDEAF8087D3A0786B5B8A
Product . . . . . : YTD Video Downloader
Publisher . . . . : GreenTree Applications SRL
Description . . . : YTD Video Downloader stub installer
Version . . . . . : 4.8.9.7
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:HEURownloader.Win32.Generic
Fuzzy . . . . . . : 99.0
References
HKU\S-1-5-21-1560840918-2128215864-809325102-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\icon\Downloads\YTDSetup.exe
Suspicious files ____________________________________________________________
C:\Windows\SysWOW64\MSCOMCTL.OCX
Size . . . . . . . : 1,077,344 bytes
Age . . . . . . . : 5.9 days (2015-03-06 20:25:43)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 185388FD2E9FA698C6A08BB98ADEF33156B5C01FCCBD830B6A92543D051242FA
Product . . . . . : MSCOMCTL
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Common Controls ActiveX Control DLL
Version . . . . . : 6.01.9545
Copyright . . . . : Copyright © 1987-2000 Microsoft Corp.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Go here, run this & lets make sure the MS software is valid, please post the results.
Genuine Microsoft Software
Last edited by Borg 386; 12 Mar 2015 at 09:39.
I recently installed windows update hoping for a secure computer, but i got a message
'this copy of windows is not genuine'. But now i have got rid of the message. I thought your asking for a validation has something to do with that. This is what i get.
Enter a genuine Windows product key.
The product key used to activate Windows on your PC is already in use on another PC or has been blocked by Microsoft. Not to worry, we can help you with that.
Yes i know it's not genuine.
I have removed ytdsetup.exe and the popup haven't appeared for today. But it's inconclusive that i am virus free.
Posted in our Forum Rules:
4) No piracy or discussion of piracy allowed at all. Such as software, music, videos and other intellectual property violations (e.g. downloading youtube videos locally etc).
We cannot help you fix your pirated OS.The product key used to activate Windows on your PC is already in use on another PC or has been blocked by Microsoft. Not to worry, we can help you with that.
Yes i know it's not genuine.
