Solved Techbrowsing adware

[yomama365]

Ok so this all started 3 days ago on my probook 4530s running win 7 pro x64. A chrome window randomly opened and i just closed it thinking teamviewer opened their site. Today it happened again and i let it load to see what was going on. It was a site called Techbrowsing and i looked it up to find what it is. It is adware that can be installed in a software bundle aka a PuP. It monitors browsing and opens techbrowsing sometimes along with lots of other sites. I have only had it open techbrowsing twice in 3 days so i may have caught it early on. The reason i hope i caught it early on is it can collect personal data but thankfully all i used since it was on here was my mainly empty gmail, school email (that admin will sort out if issues arise), and minecraft account witch i doubt anyone would want. I have seen what to do online (scanning with Mailwarebytes ect) but virus scanners dont seem to pick it up, it also suggests checking chrome extensions but there is nothing strange in there. My pc seems secure and 100% clean but somehow this site has opened twice randomly in 3 days. I can't find much info about this PuP and its likely not to steal data as whereever it came from was proberly a ok site as i havent been going to shady sites. Any ideas please because it seems like im powerless

 

[yomama365]

And it just hit my second pc

 

[ThrashZone]

Hi,
If you have and is effecting Chrome it might not get picked up because it's a browser extension
View attachment 380304

 

[yomama365]

Hi,
If you have and is effecting Chrome it might not get picked up because it's a browser extension
View attachment 380304

Thanks ill try this as well as deleting my sync data on chrome. Its possible it got to my second pc via chrome. But the extentin is not in the lost on either pc.

 

[ThrashZone]

Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
http://www.sevenforums.com/system-security/316404-instant-savings-app.html
On the BleepingComputer site use the button that looks like this,

 

[yomama365]

Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
http://www.sevenforums.com/system-security/316404-instant-savings-app.html
On the BleepingComputer site use the button that looks like this,

Ive run adwcleaner in both PC's and it didnt find anything that i could relate to this adware, i cleaned the stuff i didnt need. Also on the laptop, witch has been running the malware for 3 days before i noticed took action, does not find any PuP/adware except for candy bar witch is most likely not associated to this adware. On my desktop, witch i took action as soon as the site opened, found 83 PuPs from slicksavings, OutBrowse, esafe, somoto, lightning, Qone8 and spigot, of witch some of these lay withing google chrome registry keys. I do not know if any of thease are capable of opening chrome without it being open, i hope thease are the cause but its worrying as my laptop does not detect thease like my desktop. Im running Microsoft Safty Scanner on both pc's. So far ive uses spybot, avast, security essentials, mbam, adwcleaner, ccleaner an now msert.

 

[yomama365]

Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
http://www.sevenforums.com/system-security/316404-instant-savings-app.html
On the BleepingComputer site use the button that looks like this,

Also when connected to the net my cursor can freeze a bit as it moves around and programs can become less responsive. After a while offline its ok again

 

[yomama365]

I dont know what to do anymore, assistance would be amazing my sense of security is gone bc i dont know if its gone or not

 

[Barman58]

You could try Malwarebytes anti-malware

https://www.malwarebytes.org/antimalware/

Make sure you choose the free version (which uses all the same algorithms of The paid for version but only operates manually)

Run a full scan on both systems

 

[yomama365]

You could try Malwarebytes anti-malware

https://www.malwarebytes.org/antimalware/

Make sure you choose the free version (which uses all the same algorithms of The paid for version but only operates manually)

Run a full scan on both systems

They cleaned threats off both pc's ( i did it earlier), non of the threats from what i can tell is related to this malware. Also, i scanned afterwords with SUPERantispyware and the second infected pc found the exact same amount and same threats as malwarebytes even though malware bytes removed them. I reset my google sync data as well to stop plugins. I havent seen the pop up again yet but the fact the second pc found the same PuPs twice (84 of them) is strange. Any help asap would be great because ive been fighting it for 2 days and its unbearable and i feel hopeless

 

[Barman58]

I know there are specialist tools available that I am not trained enough to use, our Member Jacee is the best person to advise on this matter - As she is based in the US it may take a few hours before she is available, but I would advise that you wait as she is your best option to clear this nasty

I have asked her to take a look at your issue

 

[yomama365]

I know there are specialist tools available that I am not trained enough to use, our Member @Jacee is the best person to advise on this matter - As she is based in the US it may take a few hours before she is available, but I would advise that you wait as she is your best option to clear this nasty

I will wait and hope they see this thread. Thanks . This has literally ruined my holidays

 

[ThrashZone]

Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
http://www.sevenforums.com/system-security/316404-instant-savings-app.html
On the BleepingComputer site use the button that looks like this,

Ive run adwcleaner in both PC's and it didnt find anything that i could relate to this adware, i cleaned the stuff i didnt need. Also on the laptop, witch has been running the malware for 3 days before i noticed took action, does not find any PuP/adware except for candy bar witch is most likely not associated to this adware. On my desktop, witch i took action as soon as the site opened, found 83 PuPs from slicksavings, OutBrowse, esafe, somoto, lightning, Qone8 and spigot, of witch some of these lay withing google chrome registry keys. I do not know if any of thease are capable of opening chrome without it being open, i hope thease are the cause but its worrying as my laptop does not detect thease like my desktop. Im running Microsoft Safty Scanner on both pc's. So far ive uses spybot, avast, security essentials, mbam, adwcleaner, ccleaner an now msert.

You should post the scan results.
Candy bar should be cleaned why would you want to keep it ?

 

[cptlicku]

sounds like you need to check your taks manager..shit will set triggers in your tm..also when it pops up immedietly and look at new tasks

 

[torchwood]

Browser

Hi Yomama,

Not an ideal way to fix the error.
But you could try another browser, IE or Firefox and unistall Chrome.

Roy

 

[Layback Bear]

I know there are specialist tools available that I am not trained enough to use, our Member Jacee is the best person to advise on this matter - As she is based in the US it may take a few hours before she is available, but I would advise that you wait as she is your best option to clear this nasty

I have asked her to take a look at your issue

 

[yomama365]

I prefer chrome so its not ideal as there is always the possibility it could infect firefox. Candy bar was deleted lol that page still hasnt opend on me but its known for taking a while between goes. I will try bit defender. I kept the pc's offline as long as possible to stop any virus from calling home but i had to connect to install windows updates on the second pc. Its strange it seems when connected to the internet while running scans explorer is a little unresponsive and the cursor freezes during movement a bit. This doesn't seem to happen offline. I also used currports and there is an unknown program and its connecting to another pc in the house, as well as a few domains, i dont know if its tge virus or part of windows, i cant determin.

 

[torchwood]

7 and 10

Hi Yomama

Although you unsynced Chrome, did you do the same with W10.

Roy

 

[yomama365]

Hi Yomama

Although you unsynced Chrome, did you do the same with W10.

Roy

The pc's use win 7, its 7 forums unless thats not what you mean by W10. I will try running scanners in safe mode and using offline live cd's to see if that finds it, also under Currports (scans tcp/udp ports) there is a prosses listed as unknown connected to multiple ip's, non of witch are malicious to what i see but still concerning. On my laptop (the first one to get the virus) there are less outgoing connections and i reset IE in safe mode on the laptop and these connections terminated. From here on out ill refer to the first pc to get infected as the laptop and second to get infected as the desktop. I hope this all can be resolved ;D

 

[yomama365]

Any ideas on how to trace back the unknown connections and remove this, i havent kept a backup, last one got deleted.