New
#11
i uploaded the log file .
What do i "uncheck"
i uploaded the log file .
What do i "uncheck"
You've got software installed that I know little about namely:
Popcorn Time
Daemon Tools
Wondershare Video Converter
Gyazo
Most of your Chrome extensions I've not heard of either.
I'd uncheck everything except the following:
Path: C:\Windows\KMSAuto.exe
Threat level: High
Malware type: Malware.6181.48
Item state: Checked
Path: C:\Windows\system32\Tasks\KMSAuto
Threat level: High
Malware type: Malware.6181.48
Item state: Checked
And these settings for the following:
Malware related optional fixes:
Option name: Empty temporary folders
Item state: Checked
Option name: Run an SFC scan
Item state: Unchecked
Option name: Repair Windows with DISM
Item state: Unchecked
Option name: Reset the DNS settings
Item state: Checked
Option name: Reset the hosts file
Item state: Unchecked - at your option. Check it manually first.
Option name: Reset IP, Winsock and proxy
Item state: Checked
Option name: Reset and fix the Windows firewall
Item state: Unchecked
Option name: Reset the SubSystems registry key
Item state: Unchecked
cleaned it a few times. tested stuff and removed other stuff. None of it worked and the ads keep changing in name , radiorage, contentlikes, flightsearchapp, etc.
What the F did i install to get all these bundles. the only recent installs are the anti malware programs i installed to delete the malware of my pc.
Okay maybe a more detailed look at what's going on might help. Try running a scan with UVK - settings as shown in the image:
https://www.carifred.com/uvk/
Upload the log and I'll look at it later. Will be busy for a couple of hours.
Also on the system repair tab try running the Avast Browser Cleanup option and see if anything shows up.
there, the log
Popcorn Time Movie watching program
Daemon Tools ISO Image loading program
Wondershare Video Converter Video converter / Youtube downloader
Gyazo Instant photo / video capture tool
Most of your Chrome extensions I've not heard of either.
adblock is adblock. blocks advertisements
enchanged steam, ban checker steam, inventory helper are all for steam ( gaming platform )
FB Purify is for facebook mod, makes it better for my experience
Unseen is for facebook took, makes the person on the other end not get notified that i read his / her message
Last pass is a password management addon
Lounge destroyer , csgo stuff ..
magic actions , addon for youtube, makes it amazing
Reddit enhancement suite , addon to make reddit better
I don't have any other extensions .
Okay thanks for the log. I don't see any obvious problem. You could try running this script:
Ultra Virus Killer.txt
If you download the file and rename it with .uvk extension instead of .txt you can double click to run it.
Contents of file:
After a reboot if the problem remains try running FARBAR.Code:<UVKCommandsScript> <CleanAllUsersTemp> <EmptyBrowsersCache> <CleanupAppData> <Reboot>
Downloading Farbar Recovery Scan Tool
Save it to your Desktop and double-click the file to run it.
Run a scan then upload FRST.txt and Addition.txt that you should find on your desktop once the scan completes.
Cheers.
The malware advertisements get changed all the time. What is causing this
I scan constantly with malwarebytes and i find PUPs .... literally always 1 or 2 come . Am i getting targeted? due to work during the day my pc is usually turned off. But when it is on i don't do anything "shady" . Facebook, youtube, reddit, and steam games. . .
website new examples
https://gyazo.com/310cdb730fe12f908faf0ef4dfe9fb54
https://gyazo.com/4094878cb9d07900b62c6bf6b50274b0
https://gyazo.com/b6bd519fcba4706d90b4d63f6cde7995
uploaded the files
Okay I will look at your Farbar results soon. If those websites are the ones that open in the problematic pop up windows then from your UVK log:
So I'd suggest removing that lot.Code:<RunningProcess> | C:\Program Files (x86)\Gyazo\GyStation.exe | Gyazo Station | 9EC99AA73DAEE0B85444AAA9D2AE0E42 | Signed : Nota Inc. <MemoryModules> | C:\Program Files (x86)\Gyazo\GyStation.exe | Gyazo Station | 9EC99AA73DAEE0B85444AAA9D2AE0E42 | Signed : Nota Inc. <@Friki\Run> | Gyazo | C:\Program Files (x86)\Gyazo\GyStation.exe | Gyazo Station | 9EC99AA73DAEE0B85444AAA9D2AE0E42 | Signed : Nota Inc. <ScheduledTasks> | GyazoUpdateTaskMachine | C:\Program Files (x86)\Gyazo\GyazoUpdate.exe | Gyazo Auto Update Machine | 469BBAE7812E02F2E9878436D78FB5F0 | Signed : No publisher <ScheduledTasks> | GyazoUpdateTaskMachineDaily | C:\Program Files (x86)\Gyazo\GyazoUpdate.exe | Gyazo Auto Update Machine | 469BBAE7812E02F2E9878436D78FB5F0 | Signed : No publisher <HKLMW6432...Uninstall> | {6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1 | Gyazo 3.3.1 | Nota Inc. | C:\Program Files (x86)\Gyazo\unins000.exe <@Friki\MuiCache> | C:\Program Files (x86)\Gyazo\GyazoGIF.exe | GyazoGIF | DA612C3FE6512BFC26C767F7608E163B | Signed : Nota Inc. <@Friki\MuiCache> | C:\Program Files (x86)\Gyazo\Gyazowin.exe | Gyazo: Screen Uploader | A2AAE3C00DDB01F1C813944932B3C8EC | Signed : Nota Inc. <ContentsCommonAppData> | Gyazo | 13.2 MB | Directory <ContentsProgramfiles(x86)> | Gyazo | 20.4 MB | Directory <@Friki\Appdata> | Gyazo | 32 bytes | Directory
Here's a script that you can run:
As before download the attached file to your desktop and rename it to Ultra Virus Killer Fix List.uvk
In other words save it with the .uvk extension and double click to run. Once complete you will need to reboot.
You can check the log after a reboot by launching UVK then navigate to "Delete Files and Folders" tab and open it, At the bottom of the window there is a "View Log" button. Click it and check to see what was deleted.
Okay the FARBAR scan pretty much agrees with the UVK one. I reckon that Gyazo screenshot program could be the problem. If you don't want to run the script you could just try uninstalling it via add/ remove programs and see if the problem remains.
RE: PUPS. Before installing software download the installer and then scan it with this:
Download VirusTotal Scanner - MajorGeeks
Or if you keep UVK installed just scan any downloaded installers before you run them.
There's a couple of ways of getting a Virus Total report in UVK: