Zuhl3156
Omnipotent Enthusiast
- Total Posts : 13061
- Reward points : 0
- Joined: 2010/03/23 12:52:50
- Location: Kidnapped by Gypsies
- Status: offline
- Ribbons : 34
Don't know where else to put this except under General Software so here goes... I was reading some webpage after doing a Google search when suddenly I got screaching alarms, a large warning banner with some gibberish about Windows Defender (I have it disabled) detected something or another and I should pay them now for doing something. I couldn't exit Firefox so I did a hard shut down. Turned back on just fine. Malwarebytes showed no infections, AVG showed everything was clean, MRT showed as many as 31 infections but when it finished it told me it found nothing. Hitman Pro found several items. One was deleted from SysWOW32 and several PB items were quarantined because they weren't signed or counterfit. Apparently FF was still running in the background without my knowledge and started doing the same 'stuff' when I opened it again. This was when I decided to try the Hitman Pro. I guess it worked, IDK. I have been getting more and more SPAM emails and robo-calls from all over the country. Apparently I made it to the top of someone's shirt-list. If anyone can enlighten me to some software to trace this to a single individual I would like to hear about it. Screenshots where MRT shows infected files but finishes saying nothing was found:
|
bcavnaugh
The Crunchinator
- Total Posts : 38977
- Reward points : 0
- Joined: 2012/09/18 17:31:18
- Location: USA Affiliate E5L3CTGE12 Associate 9E88QK5L7811G3H
- Status: offline
- Ribbons : 282
Re: Virus, no virus???
2017/02/28 16:42:01
(permalink)
Better get it cleaned up. You are the first one that I have ever finding infected files.
|
Zuhl3156
Omnipotent Enthusiast
- Total Posts : 13061
- Reward points : 0
- Joined: 2010/03/23 12:52:50
- Location: Kidnapped by Gypsies
- Status: offline
- Ribbons : 34
Re: Virus, no virus???
2017/02/28 16:50:24
(permalink)
I think it was this browser redirect cookie "clickserve.dartsearch.net". This is the only thing safe to post from the search results about these scumbags: "A description for this result is not available because of this site's robots.txt". It's very difficult to remain politically correct when dealing with people like this especially the ones based in China.
|
kougar
CLASSIFIED Member
- Total Posts : 3034
- Reward points : 0
- Joined: 2006/05/08 10:11:19
- Status: offline
- Ribbons : 22
Re: Virus, no virus???
2017/03/01 06:41:56
(permalink)
Zuhl3156 Don't know where else to put this except under General Software so here goes... I was reading some webpage after doing a Google search when suddenly I got screaching alarms, a large warning banner with some gibberish about Windows Defender (I have it disabled) detected something or another and I should pay them now for doing something.
Probably weren't even infected, just a malicious website using your browser to make you think you were so you'd use their software or pay them to make it go away. Since you can't find anything I'd just nuke the cookies and browser cache and move on. And probably avoid that website that triggered it... If you have Windows Defender disabled then it's not going to detect anything, and anything claiming to be Defender is a fake.
Have water, will cool.
|
LJennings
SSC Member
- Total Posts : 535
- Reward points : 0
- Joined: 2002/01/23 17:23:41
- Location: N. Ridgeville, OH
- Status: offline
- Ribbons : 4
Re: Virus, no virus???
2017/03/01 06:55:32
(permalink)
kougar
Zuhl3156 Don't know where else to put this except under General Software so here goes... I was reading some webpage after doing a Google search when suddenly I got screaching alarms, a large warning banner with some gibberish about Windows Defender (I have it disabled) detected something or another and I should pay them now for doing something.
Probably weren't even infected, just a malicious website using your browser to make you think you were so you'd use their software or pay them to make it go away. Since you can't find anything I'd just nuke the cookies and browser cache and move on. And probably avoid that website that triggered it... If you have Windows Defender disabled then it's not going to detect anything, and anything claiming to be Defender is a fake.
I agree. It has happened to me a few times to my wife, my mom and my aunt. The one time this has happened to me in the past, I just unplugged my computer, powered it back up, did a scan and cleared cookies.
Heatware i7 860, EVGA P55 SLI, EVGA GTX 660 Ti SC+ 3GB, Win 10 Pro 64-Bit, Crucial 240GB SSD, WD 500gig Caviar Black, Corsair Vengence 2x4gigs
|
Zuhl3156
Omnipotent Enthusiast
- Total Posts : 13061
- Reward points : 0
- Joined: 2010/03/23 12:52:50
- Location: Kidnapped by Gypsies
- Status: offline
- Ribbons : 34
Re: Virus, no virus???
2017/03/01 07:59:05
(permalink)
One of those AV cleaners borked my OneDrive and network connections for some apps and not others. Decided it was best to just restore my latest System Image and be done with it. Should be done in a few minutes.
|
Sajin
EVGA Forum Moderator
- Total Posts : 49164
- Reward points : 0
- Joined: 2010/06/07 21:11:51
- Location: Texas, USA.
- Status: offline
- Ribbons : 199
Re: Virus, no virus???
2017/03/01 12:38:06
(permalink)
Zuhl3156 One of those AV cleaners borked my OneDrive and network connections for some apps and not others. Decided it was best to just restore my latest System Image and be done with it. Should be done in a few minutes.
I was about to suggest a re-install. Looks like you're already on it by using a backup image.
|
rjohnson11
EVGA Forum Moderator
- Total Posts : 102241
- Reward points : 0
- Joined: 2004/10/05 12:44:35
- Location: Netherlands
- Status: offline
- Ribbons : 84
Re: Virus, no virus???
2017/03/01 12:42:31
(permalink)
Sajin
Zuhl3156 One of those AV cleaners borked my OneDrive and network connections for some apps and not others. Decided it was best to just restore my latest System Image and be done with it. Should be done in a few minutes.
I was about to suggest a re-install. Looks like you're already on it by using a backup image.
For those of you who are still wondering if you should buy a NAS this a good excuse to buy one.
|
Zuhl3156
Omnipotent Enthusiast
- Total Posts : 13061
- Reward points : 0
- Joined: 2010/03/23 12:52:50
- Location: Kidnapped by Gypsies
- Status: offline
- Ribbons : 34
Re: Virus, no virus???
2017/03/01 14:10:59
(permalink)
Eh, creating a regular System Image has saved my bacon more than once. I just ordered a 1 TB SSD because using a 2 TB Western Digital 5400 RPM HDD took almost 6 hours to save 474 GB of a 1 TB RAID-0 array. I never should have increased my array to 1 TB but I hated having to remove then re-install games when I ran out of space.
|
Cool GTX
EVGA Forum Moderator
- Total Posts : 30974
- Reward points : 0
- Joined: 2010/12/12 14:22:25
- Location: Folding for the Greater Good
- Status: offline
- Ribbons : 122
Re: Virus, no virus???
2017/03/01 14:26:18
(permalink)
5400 rpm drives are slow...... even compared to 7200 rpm drives Might want to download SuperAntiSpyware - free version
|
Vlada011
Omnipotent Enthusiast
- Total Posts : 10257
- Reward points : 0
- Joined: 2012/03/25 00:14:05
- Location: Belgrade-Serbia
- Status: offline
- Ribbons : 11
Re: Virus, no virus???
2017/03/01 15:12:39
(permalink)
Pull out Internet Cable. That's very nice when someone search you in computer and you disconnect from net and after 30min when I back new OS is installed and everything on drive is destroyed. You should remove and another HDD if you continue to try to destroy him because they could remove on some other partition or HDD.
|
Zuhl3156
Omnipotent Enthusiast
- Total Posts : 13061
- Reward points : 0
- Joined: 2010/03/23 12:52:50
- Location: Kidnapped by Gypsies
- Status: offline
- Ribbons : 34
Re: Virus, no virus???
2017/03/02 10:03:48
(permalink)
Vlada011 Pull out Internet Cable. That's very nice when someone search you in computer and you disconnect from net and after 30min when I back new OS is installed and everything on drive is destroyed. You should remove and another HDD if you continue to try to destroy him because they could remove on some other partition or HDD.
I have a docking station on my case and I make a spare System Image on a removable drive that gets stored in a safe place for later use or emergencies. When you think about it, I can take my entire OS with all programs and games installed anywhere in the world and install it on whatever PC I am using at the time. Maybe not but it is a nice thought.
|
un4givn85
SSC Member
- Total Posts : 903
- Reward points : 0
- Joined: 2011/02/01 14:35:34
- Location: MT
- Status: offline
- Ribbons : 1
Re: Virus, no virus???
2017/03/02 15:13:13
(permalink)
I recently "fixed" a guys computer because he fell for this spam crap. They "installed", and I use that term loosely, .exe on desktop, some "Identity Protection" apps and then called him and asked for $650 for 5 years of protection. I got rid of their crap and ran about 6 different scans to be sure it was gone. The guy is happy now, and knows not to believe that stuff anymore.
|
xoctavia
New Member
- Total Posts : 1
- Reward points : 0
- Joined: 2017/03/03 01:55:14
- Status: offline
- Ribbons : 0
Re: Virus, no virus???
2017/03/03 01:58:38
(permalink)
Hi..Do u know how to deal with stubborn redirect virus? I got Quidt.com on computer and have tried all tools I know. It just did not go away. I also tried manual removal guide one by one as . None of them works....
|
Zuhl3156
Omnipotent Enthusiast
- Total Posts : 13061
- Reward points : 0
- Joined: 2010/03/23 12:52:50
- Location: Kidnapped by Gypsies
- Status: offline
- Ribbons : 34
Re: Virus, no virus???
2017/03/03 08:52:21
(permalink)
xoctavia Hi..Do u know how to deal with stubborn redirect virus? I got Quidt.com on computer and have tried all tools I know. It just did not go away. I also tried manual removal guide one by one as . None of them works....
Search for 'Quidt.com' in your system drive particularly in your browser's Folder and delete it. Right-click on your browser to get this option box. It is often hidden in here as a special instruction or in your Task Scheduler as an unwanted startup Task that will load the virus each time you start up and login. Good luck. It's easier to sit at a PC and fix a problem than it is to try and explain it to someone through a forum. I have repaired several of these type of redirect viruses and you should have success checking in the area I listed above.
|
knightsilver
Omnipotent Enthusiast
- Total Posts : 9430
- Reward points : 0
- Joined: 2008/11/21 13:42:06
- Location: Nebraska
- Status: offline
- Ribbons : 14
Re: Virus, no virus???
2017/03/04 22:47:26
(permalink)
Ive been toying with the idea of running a boswer in a Ramdrive, running no-scripts just isnt enough these dayz...
|
DAVE2HOT4U
FTW Member
- Total Posts : 1114
- Reward points : 0
- Joined: 2009/10/27 09:38:02
- Status: offline
- Ribbons : 3
Re: Virus, no virus???
2017/03/04 23:36:42
(permalink)
knightsilver Ive been toying with the idea of running a boswer in a Ramdrive, running no-scripts just isnt enough these dayz...
I run a beagle in a Ramdrive
|
Zuhl3156
Omnipotent Enthusiast
- Total Posts : 13061
- Reward points : 0
- Joined: 2010/03/23 12:52:50
- Location: Kidnapped by Gypsies
- Status: offline
- Ribbons : 34
Re: Virus, no virus???
2017/03/05 09:34:16
(permalink)
I don't think I was actally infected but the Malicious Software Removal tool from Microsoft would jump to 15 then 30 and finally 31 but when the run was finished there were no infections found. I'm baffled. I think I parked my cursor on a 'hidden' ad by ABP and when it reached its time out limit it went into it little routine. Philadelphia City Council got nailed with Ransomeware this weekend. If I wasn't sitting here to immediately shut down I might have my files being held hostage for a Bitcoin ransome right now too. I just remember the site had the word "Extreme" in there and it was blue themed.
|
20213763057143
New Member
- Total Posts : 59
- Reward points : 0
- Joined: 2017/03/17 20:48:05
- Status: offline
- Ribbons : 0
Re: Virus, no virus???
2017/03/24 20:53:31
(permalink)
Hi Mate. I'm very careful when I'm on the internet and for the couple of years I haven't run into any problems. My machine is set to automatically scan each day with Malwarebytes. Sometimes this would warn me of malicious websites or those with poor reputation. I use Adguard which also comes with it's own built in browser extension. The internet traffic will be filtered, blocking ADS on both websites and installed applications. Either warned about a suspicious website or immediately block this as well. I haven't noticed any slowness of internet connection. Using google chrome.
|
rsabatino
FTW Member
- Total Posts : 1169
- Reward points : 0
- Joined: 2010/02/04 14:00:46
- Location: new jersey usa
- Status: offline
- Ribbons : 6
Re: Virus, no virus???
2017/04/03 21:39:39
(permalink)
a lot that garbage are scare tactics they sound an alarm tell to call this number. happens to me a lot on some posts a friend shares on Facebook all you do close your browser with the task manager.
Operation System Microsoft Windows 11 Pro Processor AMD Ryzen 9 5950X 16-Core Processor Memory 24.2 GB Free (31.9 GB Total) Graphics Card NVIDIA GeForce RTX 3070 Ti (8.0 GB) Monitor HP 32 Display (1920 x 1080 @ 60 Hz) Disk Storage 5240.5 GB Free of 6542.2 GB Audio NVIDIA High Definition Audio Motherboard ASUSTeK COMPUTER INC. (ROG CROSSHAIR VIII HERO (WI-FI)) Mouse Razer BlackWidow V3 Tenkeyless Keyboard Razer Viper
|
Zuhl3156
Omnipotent Enthusiast
- Total Posts : 13061
- Reward points : 0
- Joined: 2010/03/23 12:52:50
- Location: Kidnapped by Gypsies
- Status: offline
- Ribbons : 34
Re: Virus, no virus???
2017/04/04 09:03:50
(permalink)
rsabatino a lot that garbage are scare tactics they sound an alarm tell to call this number. happens to me a lot on some posts a friend shares on Facebook all you do close your browser with the task manager.
I did not appreciate the humor of it. I searched for an answer and went to a site that informed me it would cost me $1.87 to respond to the post. That is when everything went haywire. I think it was called 3D-EXTREME. No harm done but I did not like it. That website should be banned for doing that. My AV/AS kept me from getting infected by real redirect links and ransomware. I am just getting really tired of AVG spamming 45 to 50 Restart Manager warnings every time it updates. I tried complaining to their support staff but the creeps don't even understand English! I might try esetNOD next. Anything that works and doesn't fill my Event Viewer is fine with me.
|