yaggaz
FTW Member
- Total Posts : 1509
- Reward points : 0
- Joined: 2007/04/12 19:10:22
- Status: offline
- Ribbons : 1
Just a repast from Tom's Hardware as no suggestions there fixed this.
I was following a Gothic I remaster tutorial when I accidently hit the trick download button instead of the file I wanted and now this thing is popping up like crazy. For example right now it's showing a square that covers the "Show Hidden Icons" popup in the bottom right. It's currently a Norton ad (And keeps changing every 10 seconds) and below that "Microsoft Edge - pushwelcome.com" then Open / Close. Hitting either opens up a new browser tab.
- It is not listed in the Add remove Programs section of Windows 10
- I'm using the updated Edge, not the standard one that comes with windows 10. I have looked in apps and extensions and dont see it in there.
- Malwarebytes didn't find it.
- Hitman Pro got rid of it after a scan but as soon as I open Edge again it comes back.
- In processes, shutting down "Data Sharing" got rid of it but then I couldn't browse the net after that.
Any advice appreciated please. Thanks.
|| CPU: Intel 10700k || GPU: evga 3080 XC3 Ultra Hybrid || MB: Gigabyte z490 UD AC || RAM: 2 x 16GB 3000mhz DDR4 SDRAM || Samsung EVO 970 Plus 2TB || Dell S2417DG Monitor || Soundblaster AE-7 || Phanteks p400a Case || be Quiet! Dark Rock Slim CPU Cooler || Corsair AX1600i PSU || 9 Fans total in system ||
|
Sajin
EVGA Forum Moderator
- Total Posts : 49168
- Reward points : 0
- Joined: 2010/06/07 21:11:51
- Location: Texas, USA.
- Status: online
- Ribbons : 199
Re: Need help with malware called "pushwelcome"
2020/06/04 19:22:49
(permalink)
Use hitman pro to get rid of it again, then do this to uninstall/reinstall edge. Note: Make sure you delete the folder in step #3.
|
KenMcC
CLASSIFIED Member
- Total Posts : 3329
- Reward points : 0
- Joined: 2010/07/02 07:02:23
- Location: Garland, TX
- Status: offline
- Ribbons : 21
Re: Need help with malware called "pushwelcome"
2020/06/04 20:21:34
(permalink)
Did you keep a copy of IE-11 on your desktop? If so you can ask for download of the Latest Edge which came out about 2 weeks ago. I don't remember but, IE11 could be an app in windows 10 on the "control panel" upper Left "Turn Windows features on or off" Then you could download the fresh copy of Edge. ??  Edit. I like Sajin post, but if you can delete edge, perhaps with Sajin link and then use IE-11 might be slightly less complicated.
post edited by KenMcC - 2020/06/04 20:25:17
KenMcC Z170 Classy K; i7-6700 CPU, Corsair CMK16GX4M2A2400C14 Seasonic SSR-360GP 360W; Samsung 950 Pro M.2 256 GB Samsung 850 Evo 500 GB SATA Samsung 850 Evo 256 GB SATA Samsung SSD 840 Series 250 GB SATA Samsung 860 EVO 1 TB SATA Windows 10 x64 Prof.
|
yaggaz
FTW Member
- Total Posts : 1509
- Reward points : 0
- Joined: 2007/04/12 19:10:22
- Status: offline
- Ribbons : 1
Re: Need help with malware called "pushwelcome"
2020/06/04 22:01:29
(permalink)
Thank you for the help but even after completely uninstalling Microsoft Edge (I even searched for every other Edge file and folder on my drive and deleted them just to be sure) I then booted back in and tried to open Edge, okay completely gone.
So I then go to the Microsoft site and manually redownload Edge. As soon as it downloads and opens. Bang. The pushwelcome thing is back. How is this possible?
I even noticed my favourites are all restored, which shouldn't be possible and I backed them up and zipped them, then deleted it all.
It feels like there is some other, deeper directory somewhere for "The new microsoft Edge" files?
|| CPU: Intel 10700k || GPU: evga 3080 XC3 Ultra Hybrid || MB: Gigabyte z490 UD AC || RAM: 2 x 16GB 3000mhz DDR4 SDRAM || Samsung EVO 970 Plus 2TB || Dell S2417DG Monitor || Soundblaster AE-7 || Phanteks p400a Case || be Quiet! Dark Rock Slim CPU Cooler || Corsair AX1600i PSU || 9 Fans total in system ||
|
bob16314
Omnipotent Enthusiast
- Total Posts : 8048
- Reward points : 0
- Joined: 2008/11/07 22:33:22
- Location: Planet of the Babes
- Status: offline
- Ribbons : 761
Re: Need help with malware called "pushwelcome"
2020/06/04 22:41:40
(permalink)
Any weird things in Task Scheduler that shouldn't be there? Just a thought.
* Corsair Obsidian 450D Mid-Tower - Airflow Edition * ASUS ROG Maximus X Hero (Wi-Fi AC) * Intel i7-8700K @ 5.0 GHz * 16GB G.SKILL Trident Z 4133MHz * Sabrent Rocket 1TB M.2 SSD * WD Black 500 GB HDD * Seasonic M12 II 750W * Corsair H115i Elite Capellix 280mm * EVGA GTX 760 SC * Win7 Home/Win10 Home * "Whatever it takes, as long as it works" - Me
|
yaggaz
FTW Member
- Total Posts : 1509
- Reward points : 0
- Joined: 2007/04/12 19:10:22
- Status: offline
- Ribbons : 1
Re: Need help with malware called "pushwelcome"
2020/06/04 22:51:40
(permalink)
bob16314
Any weird things in Task Scheduler that shouldn't be there?
Just a thought.
I did go through processes and details earlier. Now I notice something called "hmpdsched.exe" I can't find info on. Not to be confused with mdsched.exe... i think.
|| CPU: Intel 10700k || GPU: evga 3080 XC3 Ultra Hybrid || MB: Gigabyte z490 UD AC || RAM: 2 x 16GB 3000mhz DDR4 SDRAM || Samsung EVO 970 Plus 2TB || Dell S2417DG Monitor || Soundblaster AE-7 || Phanteks p400a Case || be Quiet! Dark Rock Slim CPU Cooler || Corsair AX1600i PSU || 9 Fans total in system ||
|
Sajin
EVGA Forum Moderator
- Total Posts : 49168
- Reward points : 0
- Joined: 2010/06/07 21:11:51
- Location: Texas, USA.
- Status: online
- Ribbons : 199
Re: Need help with malware called "pushwelcome"
2020/06/04 22:58:07
(permalink)
|
bob16314
Omnipotent Enthusiast
- Total Posts : 8048
- Reward points : 0
- Joined: 2008/11/07 22:33:22
- Location: Planet of the Babes
- Status: offline
- Ribbons : 761
Re: Need help with malware called "pushwelcome"
2020/06/04 23:22:49
(permalink)
* Corsair Obsidian 450D Mid-Tower - Airflow Edition * ASUS ROG Maximus X Hero (Wi-Fi AC) * Intel i7-8700K @ 5.0 GHz * 16GB G.SKILL Trident Z 4133MHz * Sabrent Rocket 1TB M.2 SSD * WD Black 500 GB HDD * Seasonic M12 II 750W * Corsair H115i Elite Capellix 280mm * EVGA GTX 760 SC * Win7 Home/Win10 Home * "Whatever it takes, as long as it works" - Me
|
KenMcC
CLASSIFIED Member
- Total Posts : 3329
- Reward points : 0
- Joined: 2010/07/02 07:02:23
- Location: Garland, TX
- Status: offline
- Ribbons : 21
Re: Need help with malware called "pushwelcome"
2020/06/05 07:23:32
(permalink)
Have you tried (in command window with Admin privileges). change to C:\ -- then do "dir /? you will see a bunch of variations. Try dir /s /ah /ar /p push*.* Maybe find your pushwelcome file
KenMcC Z170 Classy K; i7-6700 CPU, Corsair CMK16GX4M2A2400C14 Seasonic SSR-360GP 360W; Samsung 950 Pro M.2 256 GB Samsung 850 Evo 500 GB SATA Samsung 850 Evo 256 GB SATA Samsung SSD 840 Series 250 GB SATA Samsung 860 EVO 1 TB SATA Windows 10 x64 Prof.
|
yaggaz
FTW Member
- Total Posts : 1509
- Reward points : 0
- Joined: 2007/04/12 19:10:22
- Status: offline
- Ribbons : 1
Re: Need help with malware called "pushwelcome"
2020/06/05 15:06:08
(permalink)
Thank you for the help everyone. I was up most the night with this. McAfee finally found it and killed it for good. The grandaddy of virus killers!
|| CPU: Intel 10700k || GPU: evga 3080 XC3 Ultra Hybrid || MB: Gigabyte z490 UD AC || RAM: 2 x 16GB 3000mhz DDR4 SDRAM || Samsung EVO 970 Plus 2TB || Dell S2417DG Monitor || Soundblaster AE-7 || Phanteks p400a Case || be Quiet! Dark Rock Slim CPU Cooler || Corsair AX1600i PSU || 9 Fans total in system ||
|
Sajin
EVGA Forum Moderator
- Total Posts : 49168
- Reward points : 0
- Joined: 2010/06/07 21:11:51
- Location: Texas, USA.
- Status: online
- Ribbons : 199
Re: Need help with malware called "pushwelcome"
2020/06/05 15:09:01
(permalink)
|
yaggaz
FTW Member
- Total Posts : 1509
- Reward points : 0
- Joined: 2007/04/12 19:10:22
- Status: offline
- Ribbons : 1
Re: Need help with malware called "pushwelcome"
2020/06/05 15:11:43
(permalink)
KenMcC
Have you tried (in command window with Admin privileges). change to C:\ -- then do "dir /? you will see a bunch of variations. Try dir /s /ah /ar /p push*.* Maybe find your pushwelcome file
Ah brings back memories of the dos days. Typing in commands to setup the Soundblaster Pro to run Ultima VII lol On the push wildcard it finds: 09/15/2019 12:28AM 270,336 PushToInstall.dll 1 File(s) 270,336 bytes But I think that is the official Windows one if I'm not mistaken?
|| CPU: Intel 10700k || GPU: evga 3080 XC3 Ultra Hybrid || MB: Gigabyte z490 UD AC || RAM: 2 x 16GB 3000mhz DDR4 SDRAM || Samsung EVO 970 Plus 2TB || Dell S2417DG Monitor || Soundblaster AE-7 || Phanteks p400a Case || be Quiet! Dark Rock Slim CPU Cooler || Corsair AX1600i PSU || 9 Fans total in system ||
|
XrayMan
Insert Custom Title Here
- Total Posts : 73000
- Reward points : 0
- Joined: 2006/12/14 22:10:06
- Location: Santa Clarita, Ca.
- Status: offline
- Ribbons : 115
Re: Need help with malware called "pushwelcome"
2020/06/05 19:55:07
(permalink)
My Affiliate Code: 8WEQVXMCJL Associate Code: VHKH33QN4W77V6A   
|
yaggaz
FTW Member
- Total Posts : 1509
- Reward points : 0
- Joined: 2007/04/12 19:10:22
- Status: offline
- Ribbons : 1
Re: Need help with malware called "pushwelcome"
2020/06/08 22:11:13
(permalink)
lol it came back again. I decided this would be the time to install my new SSD and a fresh install of windows.
This thing was nasty, all the current best virus killers couldn't get rid of it.
|| CPU: Intel 10700k || GPU: evga 3080 XC3 Ultra Hybrid || MB: Gigabyte z490 UD AC || RAM: 2 x 16GB 3000mhz DDR4 SDRAM || Samsung EVO 970 Plus 2TB || Dell S2417DG Monitor || Soundblaster AE-7 || Phanteks p400a Case || be Quiet! Dark Rock Slim CPU Cooler || Corsair AX1600i PSU || 9 Fans total in system ||
|