EvilZone
Hacking and Security => Hacking and Security => : Xedafen August 30, 2014, 08:02:18 PM
-
I have a major problem and maybe some other people are having this too. I lost my avast and norton protection, and I have a BAD google chrome virus. Like really bad. I tried re installing chrome and it doesn't work. I am very aware of what I do on the internet as far as viruses go, and cautious. I have a big problem though and I need help, please. Every time I use google chrome AND internet explorer, it redirects me to yahoo when i search. When I go to google from the yahoo search, it redirects me to some malware ads like "Your computer is at risk" etc. I littlerly CANNOT use google at ALL. Cannot search anything. All spams ads and pop ups. And for the few times I CAN google something, the searches are changed by something called "Clearthink", and when i enter a website I get at least six ads a page, and I cannot click out of them. I cannot find ANY help anywhere else, so it would be great if I could have some tips.
-
Okay, first of it would be nice to know what system you're on (I'll assume Windows).
Second, this sounds like "simple" adware. Scan your system with Malware bytes and AdwCleaner. When you've done this, take a look at your Chrome extensions, I'm pretty you're you'll find some unwanted extensions. Remove those and then change your default search engine to what you like.
-
I have a major problem and maybe some other people are having this too. I lost my avast and norton protection, and I have a BAD google chrome virus. Like really bad. I tried re installing chrome and it doesn't work. I am very aware of what I do on the internet as far as viruses go, and cautious. I have a big problem though and I need help, please. Every time I use google chrome AND internet explorer, it redirects me to yahoo when i search. When I go to google from the yahoo search, it redirects me to some malware ads like "Your computer is at risk" etc. I littlerly CANNOT use google at ALL. Cannot search anything. All spams ads and pop ups. And for the few times I CAN google something, the searches are changed by something called "Clearthink", and when i enter a website I get at least six ads a page, and I cannot click out of them. I cannot find ANY help anywhere else, so it would be great if I could have some tips.
Did you backup google?
-
I don't get why these clowns do things like this. They aren't going to get any pages views, if that's what they want(atleast not willingly)
-
I don't get why these clowns do things like this. They aren't going to get any pages views, if that's what they want(atleast not willingly)
I'm guessing those are PPV ads so this would roughly be the scenario:
1. Shove adware down the throat of thousands of people
2. Wait and hope someone gets to the landing page and bites the bullet
3. ????
4. PROFIT!!!
@OP
NoScript, RequestPolicy and AdBlock with a few good lists may take a while to get used to but they are lifesaving addons.
As for the adware, look for anything suspicious in your profile folder or scrap the one you're using now and make a new one to see if the problem persists. Optionally, ditch Chrome together with all the stuff it leaves after an uninstall and switch browsers.
-
@OP
NoScript, RequestPolicy and AdBlock with a few good lists may take a while to get used to but they are lifesaving addons.
As for the adware, look for anything suspicious in your profile folder or scrap the one you're using now and make a new one to see if the problem persists. Optionally, ditch Chrome together with all the stuff it leaves after an uninstall and switch browsers.
That's just hiding the problem instead of fixing it.
Do what Phage said. Also check your DNS settings. If your having issues doing any of this, do it in safemode.
-
Try This :
One - Scan your system with any "anti-malware" software (I prefer Malware Bytes)
Two - Check your Themes & Addons
Three - Make the move to Firefox =D
-
I consider myself a jaded internet user, and still got stuck with adware on a fresh install of windows the other week lol. You probably want to go ahead and get MalwareBytes from http://www.malwarebytes.org/ (http://www.malwarebytes.org/) you will want the free version.
Next step is logical, scan and let it remove the infectious disease.
You might even want a second opinion like Adaware. With the adware deleted, you might want to install Revo Uninstaller free version, and completely remove Chrome. This is because some of the settings might of been changed on you as well as a possibility of bad extensions. Reinstall, re log in, and you should be good to go! If you have something worse than just adware, you might want to consider a System Restore if on windows if residual files were left on your computer.
-
Instead of just using all kind of scanners and tools, get some knowledge about the malware first. You can make a malwarebytes scan without immediately removing anything, then do some research for the found threats (you can also post the malwarebytes scan results here and I will look over it).
Look at the running processes for suspicious stuff as well and in the locations of the registry that are often used to get persistent on the system.
The problem with removing the threats immediately is that scanner you used might not remove everything that belongs to the threat, but remove the traces of the infection. Other tools that are better suited for that kind of infection might not be able to detect anything, because you remove the obvious stuff with that other tool.
Get knowledge about the malware first, what it does, where it came from. E.g. if you know it downloads other malware as well you will have to look for more malware on your system. You also need to know what kind of changes where made to the system so you can reverse them, in case these scanning tools don't.
If you only rely only on malwarebytes you risk a crippled system and some malware leftovers.
Edit: A quick research came up with this: http://malwaretips.com/blogs/remove-clearthink-virus/
But check for other malware on your system too, before you apply these steps.
-
Alright thanks guys. I got rid of it with adware cleaner and I am downloading malwarebytes now. Thanks again.
-
I know this bro fixed his problem, but adwares can simply be removed by uninstalling any "suspicious" named program in the installed programs list. If that doesn't cut it, I would resort to malware bytes and similar software.
Just saves you some hustles.
-
I know this bro fixed his problem, but adwares can simply be removed by uninstalling any "suspicious" named program in the installed programs list. If that doesn't cut it, I would resort to malware bytes and similar software.
Just saves you some hustles.
The problem here is not that the ad-ware program couldn't be uninstalled (if you knew what to look for), the problem comes from possible unseen malicious activities like changed registry values, web-browsing configuration changes (redirecting, and click jacking). A simple uninstallation might get rid of 1 instance of the program, if it is a worm or virus the program will be installed again. Hell the program might not even be listed if it tries to hide itself.
-
The problem here is not that the ad-ware program couldn't be uninstalled (if you knew what to look for), the problem comes from possible unseen malicious activities like changed registry values, web-browsing configuration changes (redirecting, and click jacking). A simple uninstallation might get rid of 1 instance of the program, if it is a worm or virus the program will be installed again. Hell the program might not even be listed if it tries to hide itself.
Well exactly, but recently I dealt with lots of adware, even from programs like Daemon Tools (like seriously wtf daemon)...
First thing I did, I installed malwarebytes, but it removed ads for like 10 minutes.
Then I simply uninstalled some programs and it's clear.
I think most of the show up as "legit" programs and are labeled as enhancers of certain web apps:
Youtube Accelerator, Shopper Pro etc.
-
Well exactly, but recently I dealt with lots of adware, even from programs like Daemon Tools (like seriously wtf daemon)...
First thing I did, I installed malwarebytes, but it removed ads for like 10 minutes.
Then I simply uninstalled some programs and it's clear.
I think most of the show up as "legit" programs and are labeled as enhancers of certain web apps:
Youtube Accelerator, Shopper Pro etc.
It is correct that you can remove some adwares simply by uninstalling them. But there are nasty ones that will bite you if you try. E.g. uninstalling Conduit SearchProtect will render a Windows XP machine unbootable.
That's why I emphazised: Before you do anything about malware or PUPs, you must research!
These are some malwares and PUPs you can safely uninstall with Add/Remove program:
ADWARE.ADTOMI
APROPOS MEDIA
BARGAIN BUDDY - only some of the infections can be uninstalled. If evidence of infection remains then use the Task Manager to End Task and Delete the Files
BROADJUMPCLIENT FOUNDATION
COMET CURSOR - Use Add/Remove Programs - if only partially uninstalled then reinstall and use their uninstaller to remove http://www.cometcursor.com/
COMMONNAME - Use Add Remove Programs for some versions others need SpybotSD, Ad-Aware and HijackThis to remove the infection
DATE MANAGER
DOWNLOADWARE - use Add/Remove Programs but sometimes leaves files behind use Spybot and AdAware to remove if files remain
FAVORITE MAN - F1 and ZZ versions should be uninstalled with Add/Remove Programs other versions will need Spybot and Ad-Aware
GATOR/GAIN/DATE MGR
HUNTBAR - listed in Add/Remove Programs as 'INTERNET 404', 'MSIETS', 'TOOLS FOR INTERNET EXPLORER','WINTOOLS'
if removal is incomplete download and use the uninstaller http://www.huntbar.c...lbar/remove.cab
**It appears that Huntbar is completely offline at present and therefore the uninstaller is not available**
KAZAA
KEEN VALUE V1 Variant(only)- Use Add REmove Programs to uninstall then delete folder in Program Files
LIMESHOP
LYCOS SIDESEARCH
MEMORY METER - in Safe Mode - Use Add/Remove Programs Uninstall 'MemoryMeter' + 'TV Media Display (TVMD.EXE IN %windir%) - Use Spybot SD for clean up.
MS T MEDIA
MYSEARCH
MYSEARCH BAR
MY WEB SEARCH BAR
MY WEB SEARCH ASSISTANT
NEWDOTNET - Optional Removal - very important that this be uninstalled - never use HJT to remove or you will break their internet connection If it resists uninstalling then there is an uninstaller from NEW http://www.newdotnet.com/#remove
OPENSITE
P2P Networking
PEOPLEONPAGE - Use Add/Remove Programs but if the user registered with 'POP' they will need to unregister at website first then uninstall
POWER REG SCHEDULER
PRECISION TIME - Use Add/Remove Programs but gator will remain when uninstall completed. Make certain to have the victim uninstall the gator application
SAVENOW - Use Add/Remove Programs to remove 'savenow', 'whenushop'
SPEED BLASTER - Use Add/Remove Programs in Safe Mode - 'speedblaster' + 'TV T-media' display (TVTMD.exe IN %windir%) Use Spybot to clean up the files that are left
SPYWARE HUNTER
SPYWARE KILLER
TOTAL VELOCITY - also uninstall 66.159.219.201
TWAIN-TECH - version 1 - Use Add/Remove Programs to uninstall - entries should not be deleted with HJT until uninstalled
WEATHERBUG may need to End Task'weatherbug.exe' before using Add/Remove
WINTOOLS Use Add/Remove then clean up by deleting files in safe mode
These are some programs you need to remove with antispyware-programs or other methods:
ABETTERINTERNET - is Look2Me and requires extensive uninstall procedures plus Ad-Aware
BACKWEB-XXXXXXXX.exe (BackWeb. The XXXXXXXX denotes the version number) - Disable startup, end task on executable then delete files
BONZI BUDDY - has it's own uninstaller on the Start Menu in the Bonzi Buddy Directory
CLICK2FIND/I-LOOKUP use uninstaller then use CWShredder
FAST SEARCH use CWShredder
FAVORITE MAN - F1 and ZZ versions should be uninstalled other versions will require Spybot SD and Ad-Aware
FREESCRATCHANDWIN/XZOOMY - Use its own uninstaller from the website, delete files, then reset the Settings in IE
GOHIP-Has it's own uninstaller
HUGE SEARCH - end task on executable, use HJT then delete files
KEEN VALUE/INCREDIFIND - will be partial uninstall only, with Internet connection Remove folders in Program Files 'PowerSearch Toolbar for IE', 'Incredifind' and 'Dynamic Toolbar\PWRS0RBI'then delete files. Entry in hosts file = 12.129.205.209 search.netscape.com delete it.
I-LOOKUP/CLICK2FIND - Has two different uninstallers available - to remove End Task, unregister dll, regedit
LOOK2ME - Please see instructions in canned fixes and tutorials
LOOKFOR.cc/IEFEATS.A - Use CWShredder and Online AV scans
LOP - Use Ad-Aware and Spybot SD
NCASE - In Safe Mode Use HJT to remove msbb.exe and the O16 entry and delete folders 'Ncase', '180 Solutions'
PEPER - User Peper fix uninstaller tool
-
PROLIVATION - Use Spybot SD
RAPID BLASTER - Use RBKiller to remove
ShopAtHome (SAH) - Use HJT to remove Registry entries and will probably need LSPFix followed by deletion of files
SEARCH-SPACE/START-SPACE - Use CWShredder
SMARTSEARCH.ws - Use CWShredder
WINPUP - in Safe Mode End Task of the executable then Use HJT to remove the entries in the log file, delete files
XUPITER - Use AdAware and Spybot SD
Always do research and if you are unsure, consult an expert.