1st time post - Live Computer Help infection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tspnyc, May 14, 2015.

  1. tspnyc

    tspnyc Private E-2

    I have used this site many times when helping others, when on a corporate help desk. Now it is my turn.

    I seem to have an infection related to the Live Computer Help scam.

    When I look it up in Google I get pages and pages of sites claiming to offer an easy fix.

    All of them give basic instructions to go into Control Panel/Programs and Uninstall the offending program, which of course is not found.

    And then they basically all say "If that does not work, download OUR software that will do the trick."

    But none of these sites appear to be any of the major anti-malware companies. So I suspect they are just more malware.

    ***

    I use Windows Defender as my only Anti-Virus and normally only have Spybot on my PC as anti-spyware scanning.

    I have installed and run AdAware, Spybot, Malwarebytes and only the last found anything at all, but whatever it found is unrelated to the infection.

    ***

    Main symptoms are popups and browser tabs urgently offering antivirus and antimalware help; fake hyperlink tags in forum pages that all go to the same popup offering a free credit check because of "recent data breach"; extreme PC overload when in any browser, etc.

    I assume you guys know what this is and what to do about it, but I am not even able to read your Read Me page, as I keep be sent to the bottom of the page over and over, until Firefox crashes.

    Please Advise.
     
  2. tspnyc

    tspnyc Private E-2

    Apparently I may not edit my own posts in this forum. So here is a follow up.

    Someone at the Firefox forum linked me to another site, where I learned to do the following: Install and run AdwCleaner, after running Malwarebytes and CCleaner.

    All of them found various things. I ran all the fixes and they all said the fixes were complete.

    But it has done NOTHING to end this infection of "Text Enhance" tags in forums, nor the continual popups and redirects to fake Anti-malware services..

    Also, I have no add-ons or extensions in Firefox - some forums suggested fixing these problems by deleting such things, but I never use them.

    (I also get the same issues in IE but really never use it.)

    It is impossible to DO anything with a browser open as it eats all of my processing power and everything slows to a crawl.
     
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  4. tspnyc

    tspnyc Private E-2

    YES I have been through the READ AND RUN ME FIRST Malware Removal Guide

    YES I am still having problems

    LOGS ARE ATTACHED

    My issues only concern browsers and email, in terms of noticeable infection.

    Here is a list of my symptoms:

    1 - False ad tags

    All forums, web articles, site menus (including your Read and Run Me) are full of fake tags that look like they will lead to word definitions, or legit ads etc. all lead to fake internet security sites.

    I never click on them, but hovering brings up popups, and sometimes launches separate small windows.

    2 - False Anti-malware ads everywhere.

    Clicking anywhere on most websites, and always on any kind of link (like to download the software you recommend for example) launches a browser tab advertising Anti-malware services. Sometimes it is a popup rather than a tab.

    The specific fake notice/ad varies. Most of the time they are trying to make me think they are the link I was trying to open.

    A second click on the legitimate link or webpage is required to get to the real link or download page, etc. I am in the habit of X-ing out the bad tab before it finished loading and clicking on the real link again.

    Also, sites with legit banner ads, like WordPress blogs have a fake banner floating above the legit ad, also advertising Antivirus, Anti-malware companies, including ones claiming to be "better than CCLean" or whatever programs I am actually trying to acquire.

    3 - Internet bogs down and strains PC power.

    Most any webpage that has banner ads, video ads, etc continues to spin its hourglass/arrow wheel as if it is perpetually loading. PC fan comes on and all browsing or typing gets very slow.

    This is without any antivirus or anti-malware programs running.

    Firefox often crashes as a result. As it did when I was uploading my logs here on first attempt. I do not have Chrome installed and almost never use IE unless I am testing what one of my websites looks like.

    I also have no add-ons or extra extensions in Firefox.

    4 - NOTE: NONE of the programs you had me install and run automatically created a log file, except for MGTools. This may be related to the latest version of the software, but I am mentioning it in case something was blocking the log creation.

    I had to manually find where to download a log, and in the case of TDSKiller, I had to copy and paste the report results into a txt document.

    5 - My email account is compromised.

    I am getting lots of non-deliverable messages, so my email account is compromised. During the course of running your suggested software Outlook prompted me to log into my mail servers, but it does not recongize my password. I am going to call my cable company to reset the password, but am waiting until I hear back from you guys about all this.

    I have removed all security programs as requested and currently have the default Windows Defender (inactive for these procedures) and now the five programs required as per the Read and Run Me First instructions.

    Please Advise. Thanks.
     

    Attached Files:

  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding any malware in your logs. Reset your password and username for your email program. Have you installed an Ad blocker?
     
  6. tspnyc

    tspnyc Private E-2

    Thank you.

    No, I do not have an Adblocker other than the default popup blockers.

    This all started after I fell for a message saying Firefox was missing Windows 8.1 updates. I ran those updates and then all this stuff started happening.

    As mentioned, these are not normal ads, they are all trying to get me to use LiveComputerHelp and other similar baddies. None of the ads are legitimate.

    So while I could use an Adblocker to suppress the malicious tabs and popups, it seems something is still targeting my browsers.

    Is there any particular Adblocker that is recommended? I will try that but if I see anything else suspicious I will likely reformat the hard drive and start from scratch.

    Thanks for effort!
     
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Have you tried a system restore?
     
  8. tspnyc

    tspnyc Private E-2

    Doh!

    I Forgot I was waiting to hear from you guys before continuing the instructions.

    The two steps left are 5. Enable User Account Control, and 6. Toggle System Restore.

    But are you suggesting I do a system restore rather than the toggle? (I have never done one and will have to look up instructions.)

    If so, should I enable UAC before I do that?

    Also

    Should I enable Disc Emulation before I run a system restore?

    Thanks
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I suggest you first try a system restore.
     
  10. tspnyc

    tspnyc Private E-2

    Restore failed.

    Said it could not access a file. Then it said possibly my anti-virus needs turned off, but it is off (Windows Defender)

    Could this be caused by one of the five programs installed to do the Read and Run Me First stuff?

    Also, Could this be related to my disabling User Account Control, and Disc Emulation, as per the same instructions?

    PS - the scams have changed. Latest tab that launches claims to be Time Warner Cable saying I have popup ads and to call an 877 number to disable them.
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    None of those issues are caused by the Read and Run programs.

    Which browser is being affected?
     
  12. tspnyc

    tspnyc Private E-2

    Hi Tim.

    Thanks.

    But what about having User Account Control and Disc Emulation disabled?

    The Read and Run Me says to wait to turn those back on until I get the all clear from you guys.

    But could either of those things be the cause of the Restore not running?

    As to your question:

    It is Firefox that I am using daily.

    I have Internet Explorer, which I only use to see how my WordPress sites look in IE.

    But IE DOES have the same issues.

    It has now become apparent that Firefox is caching websites even though I have the cache settings at 0MB, manual override is engaged, and I have even gone into about:config and changed the settings that should make sure no websites cache.

    I do this so I can make sure I am seeing real time versions of my sites as I edit them.

    But Firefox is no longer abiding by these rules. I must clear cache manually and restart Firefox to see edits to my websites.

    I am investigating reformatting my C drive.

    I have full Windows 8.1 Pro and supposedly all I have to do is set my CD drive as the primary boot drive, put in the disks and reinstall Windows from the CDs.

    In your guys' opinion, does this pose any issues and will it likely solve the ghostly malware issues I am currently having?
     
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Disc emulation and UAC being off would not cause those issues.

    If is fairly easy to do a reinstall.....and yes, it should clear up your issues.
     
  14. tspnyc

    tspnyc Private E-2

    Thanks again.

    I am almost through getting my various files onto a external drive and will proceed with a reinstall of Windows tomorrow.

    Wish me luck.
     
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good luck!! ;)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds