Solved

Adware on a laptop

Posted on 2012-03-13
7
559 Views
Last Modified: 2013-12-06
Hi Experts. My teenaged niece just got a laptop (Toshiba/Windows 7). She went online without installing any anti virus software. Both IE and Mozilla are going straight to advertisement page when opened. Any troubleshooting advice is greatly appreciated. Are there any programs that can be installed on a USB? So that I can hopefully install on her laptop to correct the issue? Thank you experts!
0
Comment
Question by:Rhiaanon44
7 Comments
 
LVL 8

Expert Comment

by:Tymetwister
ID: 37717904
Please download malwarebytes (http://www.malwarebytes.org/) and run that, for starters... that should help clear up a lot of it.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 37717916
As you just found, it can take but seconds to hose a computer with no protection.

You need to get her (or her caregivers) to purchase a top-rated, paid Anti Virus, install it and scan.

Even to start, she (or you) could download Microsoft Security Essentials to get started. But do follow up with paid Anti Virus. ... Thinkpads_User
0
 
LVL 8

Expert Comment

by:Tymetwister
ID: 37717931
And just to build on the above comments, if she got malware that quickly, it may be advisable to educate her on best practices to avoid getting an infection so that it doesn't keep happening after the issue is cleared up:

http://www.techsoup.org/learningcenter/software/page5498.cfm

http://www.readwriteweb.com/archives/how_to_avoid_malware_on_facebook_and_twitter_8_best_practices.php
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 37717962
Highly doubtful that any single scanner is going to help you at all. With known infected systems you are probably going to need a 'rogue process' stopper to get your scanners to work.

Malwarebytes (mentioned above) is one of the best tools out there, but it is targeted by a lot of malware and is often blocked from running.

RogueKiller and TheKiller are two great tools for stopping those processes. EE Article here: Rogue-Killer-What-a-great-name

TheKiller
Download TheKiller to your Desktop
http://maliprog.geekstogo.com/explorer.exe

Note that TheKiller is renamed as explorer.exe
Run it by double click
Press OK button after program finish
Do not restart your system after this step, but immediately run the next scan: MalwareBytes, TDSSKiller, ComboFix

**************

For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

**************
Proper use of several scanner tools is outlined in this EE Article:
Stop-the-Bleeding-First-Aid-for-Malware
0
 
LVL 1

Expert Comment

by:DrMadAxe
ID: 37756197
Just another step to add to make sure you get complete rid of those terrible things:

Reboot in safemode by hitting F8 when booting the computer.

Select Safe Mode.

Run your anti virus and anti spyware progs ( malwarebytes, Spybot Search and Destroy , paid for , super anti spyware. ) I use multiple for sweeps.

If you can without cringing turn off your system restore. sometimes those buggers like to hide in there.

If you have multiple accounts on the computer repeat the steps on each account to keep them from reinfecting one another.

Take the other advice posted as well. : )
0
 
LVL 38

Expert Comment

by:younghv
ID: 37756381
There are a number of reasons for NOT doing your scans in "Safe Mode"; as delineated here:
Malware Fighting – Best Practices

There is no good reason to delete your System Restore points and several good reasons not to. Details here: Viruses in System Volume Information (System Restore)
0
 

Author Closing Comment

by:Rhiaanon44
ID: 37778640
Thank guys! Definitely needed this info!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Comments needed on ransomware & mitigation methods 12 144
McAfee Client Proxy Removal 15 44
Nessus scan 5 84
VMware Black Screen 13 27
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now