Daniele Brunengo
asked on
Incredibly nasty malware/adware
Hello, so this customer of mine has a malware opening the usual ad pages while he browses.
This is stuff I tackle daily and I've never had this much trouble.
He is still on XP, so that's a definite minus.
I've gone through all my usual steps: Adwcleaner run (nothing found), Malwarebytes run (just a couple of nothings).
Then I used Autorun to examine all his startup software, and found no anomalies.
The problem comes up with both Firefox and Chrome (tried resetting Chrome, reinstalling it clean to no avail).
I ran Farbar Recovery Scan Tool, I'll attach the files but I don't see anything strange. Not an expert of this software though.
His AV is Nod32, by the way, which is a very good AV but finds nothing in the system.
Do you have any suggestions? Thanks guys.
Addition.txt
FRST.txt
This is stuff I tackle daily and I've never had this much trouble.
He is still on XP, so that's a definite minus.
I've gone through all my usual steps: Adwcleaner run (nothing found), Malwarebytes run (just a couple of nothings).
Then I used Autorun to examine all his startup software, and found no anomalies.
The problem comes up with both Firefox and Chrome (tried resetting Chrome, reinstalling it clean to no avail).
I ran Farbar Recovery Scan Tool, I'll attach the files but I don't see anything strange. Not an expert of this software though.
His AV is Nod32, by the way, which is a very good AV but finds nothing in the system.
Do you have any suggestions? Thanks guys.
Addition.txt
FRST.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've tried that but it varies quite a lot. The network settings are fine.
I had also considered the possibility of a router virus, but other pcs in the network aren't affected.
I had also considered the possibility of a router virus, but other pcs in the network aren't affected.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've seen a couple of D-Link routers get infected actually. Strange stuff. Usually ones with factory passwords. One infection changed the router dns with a malicious one.
ASKER
I checked with Process Explorer, but there's not a single process out of place right now.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I haven't tried a restore because my customer says it's been happening for quite a long time but can't tell me how long exactly.
Scott, it's an idea, I'll try that tomorrow.
Scott, it's an idea, I'll try that tomorrow.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'll check that out this evening (Italy) when I'll have access again to the computer.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I chose my own solution because Combofix made the problem go away.
ASKER