Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: [Moved] Google Chrome advertisement malware

15 May 2017   #11
Frikster

Windows 7 64bit
 
 

i uploaded the log file .
What do i "uncheck"




Attached Files
File Type: txt Log.txt (32.4 KB, 5 views)
My System SpecsSystem Spec
.
15 May 2017   #12
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

You've got software installed that I know little about namely:

Popcorn Time
Daemon Tools
Wondershare Video Converter
Gyazo
Most of your Chrome extensions I've not heard of either.

I'd uncheck everything except the following:

Path: C:\Windows\KMSAuto.exe
Threat level: High
Malware type: Malware.6181.48
Item state: Checked

Path: C:\Windows\system32\Tasks\KMSAuto
Threat level: High
Malware type: Malware.6181.48
Item state: Checked

And these settings for the following:

Malware related optional fixes:

Option name: Empty temporary folders
Item state: Checked

Option name: Run an SFC scan
Item state: Unchecked

Option name: Repair Windows with DISM
Item state: Unchecked

Option name: Reset the DNS settings
Item state: Checked

Option name: Reset the hosts file
Item state: Unchecked - at your option. Check it manually first.

Option name: Reset IP, Winsock and proxy
Item state: Checked

Option name: Reset and fix the Windows firewall
Item state: Unchecked

Option name: Reset the SubSystems registry key
Item state: Unchecked
My System SpecsSystem Spec
16 May 2017   #13
Frikster

Windows 7 64bit
 
 

cleaned it a few times. tested stuff and removed other stuff. None of it worked and the ads keep changing in name , radiorage, contentlikes, flightsearchapp, etc.

What the F did i install to get all these bundles. the only recent installs are the anti malware programs i installed to delete the malware of my pc.
My System SpecsSystem Spec
.

16 May 2017   #14
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay maybe a more detailed look at what's going on might help. Try running a scan with UVK - settings as shown in the image:




https://www.carifred.com/uvk/

Upload the log and I'll look at it later. Will be busy for a couple of hours.

Also on the system repair tab try running the Avast Browser Cleanup option and see if anything shows up.
My System SpecsSystem Spec
16 May 2017   #15
Frikster

Windows 7 64bit
 
 

there, the log

Popcorn Time Movie watching program
Daemon Tools ISO Image loading program
Wondershare Video Converter Video converter / Youtube downloader
Gyazo Instant photo / video capture tool

Most of your Chrome extensions I've not heard of either.

adblock is adblock. blocks advertisements
enchanged steam, ban checker steam, inventory helper are all for steam ( gaming platform )
FB Purify is for facebook mod, makes it better for my experience
Unseen is for facebook took, makes the person on the other end not get notified that i read his / her message
Last pass is a password management addon
Lounge destroyer , csgo stuff ..
magic actions , addon for youtube, makes it amazing
Reddit enhancement suite , addon to make reddit better

I don't have any other extensions .


Attached Files
File Type: txt Ultra Virus Killer log.txt (773.4 KB, 3 views)
My System SpecsSystem Spec
16 May 2017   #16
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay thanks for the log. I don't see any obvious problem. You could try running this script:

Ultra Virus Killer.txt

If you download the file and rename it with .uvk extension instead of .txt you can double click to run it.

Contents of file:

Code:
<UVKCommandsScript>
<CleanAllUsersTemp>
<EmptyBrowsersCache>
<CleanupAppData>
<Reboot>
After a reboot if the problem remains try running FARBAR.

Downloading Farbar Recovery Scan Tool

Save it to your Desktop and double-click the file to run it.
Run a scan then upload FRST.txt and Addition.txt that you should find on your desktop once the scan completes.

Cheers.


My System SpecsSystem Spec
17 May 2017   #17
Frikster

Windows 7 64bit
 
 

The malware advertisements get changed all the time. What is causing this
I scan constantly with malwarebytes and i find PUPs .... literally always 1 or 2 come . Am i getting targeted? due to work during the day my pc is usually turned off. But when it is on i don't do anything "shady" . Facebook, youtube, reddit, and steam games. . .

website new examples

https://gyazo.com/310cdb730fe12f908faf0ef4dfe9fb54

https://gyazo.com/4094878cb9d07900b62c6bf6b50274b0

https://gyazo.com/b6bd519fcba4706d90b4d63f6cde7995

uploaded the files


Attached Files
File Type: txt FRST.txt (42.9 KB, 6 views)
File Type: txt Addition.txt (60.8 KB, 5 views)
My System SpecsSystem Spec
18 May 2017   #18
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay I will look at your Farbar results soon. If those websites are the ones that open in the problematic pop up windows then from your UVK log:

Code:
<RunningProcess> | C:\Program Files (x86)\Gyazo\GyStation.exe | Gyazo Station | 9EC99AA73DAEE0B85444AAA9D2AE0E42 | Signed :  Nota Inc.
<MemoryModules> | C:\Program Files (x86)\Gyazo\GyStation.exe | Gyazo Station | 9EC99AA73DAEE0B85444AAA9D2AE0E42 | Signed :  Nota Inc.
<@Friki\Run> | Gyazo | C:\Program Files (x86)\Gyazo\GyStation.exe | Gyazo Station | 9EC99AA73DAEE0B85444AAA9D2AE0E42 | Signed :  Nota Inc.
<ScheduledTasks> | GyazoUpdateTaskMachine | C:\Program Files (x86)\Gyazo\GyazoUpdate.exe | Gyazo Auto Update Machine | 469BBAE7812E02F2E9878436D78FB5F0 | Signed :  No publisher
<ScheduledTasks> | GyazoUpdateTaskMachineDaily | C:\Program Files (x86)\Gyazo\GyazoUpdate.exe | Gyazo Auto Update Machine | 469BBAE7812E02F2E9878436D78FB5F0 | Signed :  No publisher
<HKLMW6432...Uninstall> | {6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1 | Gyazo 3.3.1 | Nota Inc. | C:\Program Files (x86)\Gyazo\unins000.exe
<@Friki\MuiCache> | C:\Program Files (x86)\Gyazo\GyazoGIF.exe | GyazoGIF | DA612C3FE6512BFC26C767F7608E163B | Signed :  Nota Inc.
<@Friki\MuiCache> | C:\Program Files (x86)\Gyazo\Gyazowin.exe | Gyazo: Screen Uploader | A2AAE3C00DDB01F1C813944932B3C8EC | Signed :  Nota Inc.
<ContentsCommonAppData> | Gyazo | 13.2 MB | Directory
<ContentsProgramfiles(x86)> | Gyazo | 20.4 MB | Directory
<@Friki\Appdata> | Gyazo | 32 bytes | Directory
So I'd suggest removing that lot.

Here's a script that you can run:
Ultra Virus Killer Fix List.txt
As before download the attached file to your desktop and rename it to Ultra Virus Killer Fix List.uvk

In other words save it with the .uvk extension and double click to run. Once complete you will need to reboot.

You can check the log after a reboot by launching UVK then navigate to "Delete Files and Folders" tab and open it, At the bottom of the window there is a "View Log" button. Click it and check to see what was deleted.


My System SpecsSystem Spec
18 May 2017   #19
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay the FARBAR scan pretty much agrees with the UVK one. I reckon that Gyazo screenshot program could be the problem. If you don't want to run the script you could just try uninstalling it via add/ remove programs and see if the problem remains.
My System SpecsSystem Spec
18 May 2017   #20
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

RE: PUPS. Before installing software download the installer and then scan it with this:

Download VirusTotal Scanner - MajorGeeks

Or if you keep UVK installed just scan any downloaded installers before you run them.

There's a couple of ways of getting a Virus Total report in UVK:
[Moved] Google Chrome advertisement malware-file-information.jpg
[Moved] Google Chrome advertisement malware-tools-tweaks-ultra-virus-killer.jpg


My System SpecsSystem Spec
Reply

 [Moved] Google Chrome advertisement malware




Thread Tools




Similar help and support threads
Thread Forum
Firewall or Malware interferes with Google Chrome
Every time I go on Google Chrome I keep getting messages like This Page is not available or Unable to Access the Network messages I click onto details and that mention's Firewall or Malware issue's does that mean Firewall or Malware is interfere? I read somewhere so Firewall or Malware can be...
System Security
Hit by Happili Malware on Google Chrome
Just got infected with the Happili malware while using Google Chrome. Seems to be the only browser affected by it, as Firefox and IE don't seem to trigger the redirect. Running MSE and MBAM at the time, neither could get to it. I looked up the info on this nasty SOB along with all the other...
System Security
Change Color Of Advertisement Box In Google Search
As the title says, I want to change the color of the box that seperates the advertisements from the actual search results(right at the very begining of the results from the search). Reason being, it's hard to see the difference between the ads and the search results and alot of the time I end up...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:54.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App