Sudden pop-ups and slow computer

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Jack Reynolds, Apr 7, 2015.

  1. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,


    I've suddenly started getting pop-ups whenever I go on a website. Sometimes I'm able to use the website while the pop-ups remain in the background, but other times I'm not even able to go on the website and am instead redirected to a pop-page that is difficult to get away from. My computer also seems to be slower than usual.

    The problem seems to be Sale Plus/SailePlus/SaleePplus because it says Sale Plus on some of the pop-ups. A full computer scan with Malwarebytes Anti-malware and AVG removed some problems but did not detect and remove this problem. I noticed Saile Plus and something similar in the extensions area of Google Chrome and deleted the extensions, but doing that has not removed the problem as I'm still getting the pop-ups.

    Please can someone let me know where to go from here. If you need any more information please let me know.


    Thanks,

    Jack
     
  2. Jack Reynolds

    Jack Reynolds Private E-2

    Hi again,

    I noticed the READ & RUN ME FIRST Malware Removal Guide after I posted my first message earlier on today. I'm on Step 1 working through the Fixing Google Redirection/Hijacking Problems Guide as I feel it's appropriate in my case. I ran Junkware Removal Tool, and got the log on completion. I'm going to attach it to this post as requested by the guide. I'll be back later.

    Jack
     

    Attached Files:

    • JRT.txt
      File size:
      1.8 KB
      Views:
      3
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK when you have posted the rest of the logs, I'll review them and get back to you with a response. :)
     
  4. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,


    Thanks very much for replying to my message. I'm on step 6 of the malware removal guide. Please can you give me some advice on where to download the MGTools program to as I don't know where is best.


    Thanks,

    Jack
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You should download MGTools directly to your C: drive.....if you can't then download to your desktop.
     
  6. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,


    Thanks for replying. I downloaded all of the programs, ran the RougeKiller scan and saved the log, and I just ran the Malwarebytes Anti-malware scan. In the guide by Kestrel13 it says to click the "Quarantine All" button, but it isn't an option in the version of the program that is provided. On the "Threat Scan Results" page, for me, there is a "Next" button, and if I select the two threats that came up there is a "Remove Selected" button instead. There is also a "Save Results" option and a "Cancel" option. Please can you or someone else let me know where to go from here. Maybe I have to click the "Next" button to get to "Quarantine All", but I don't want to click anything just in case it causes a problem.


    Thanks,

    Jack
     
    Last edited: Apr 9, 2015
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes go ahead and click the NEXT button :)
     
  8. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,

    Thank you. In the malware guide I'm sure it said to only use the computer to work my way through the guide once I'd started and for nothing else, but I had to use Shopify and Hotmail earlier so that I could sort out a customer order. Hopefully it won't have had any significant impact; it's not like I've installed a program or something. I'll continue working my way through the guide now, and I'll be back later. I will have to use Hotmail and Shopify again at some point, possibly eBay too, but I'll make sure I'm not running a scan at the time.

    Jack
     
  9. Jack Reynolds

    Jack Reynolds Private E-2

    Hi again,

    I clicked the "Next" button, but there is no "Quarantine All" option. I'm asked, "What should Malwarebytes do with the 2 unchecked item(s)?", and the options I have are "Ignore Once", "Ignore Always", and "Cancel". Which option out of the first two should I select? Please let me know as soon as you can.

    Thanks,

    Jack
     
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Let me know what it is detecting, give full file path to "threat" please.
     
  11. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,


    *Threat: PUP.Optional.Multiplug
    Category: Potentially Unwanted Program
    Type: Registry Key
    Location: HKU\S-1-5-21-1482476501-2...C-404A-9118-C1D91F537040}

    *Threat: PUP.Optional.Multiplug
    Category: Potentially Unwanted Program
    Type: Registry Key
    Location: HKU\S-1-5-21-1482476501-2...7-49FF-BFEE-D22869AC4326}

    I hope that's all the information you need; if not, please let me know.


    Talk to you soon,

    Jack
     
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK now continue on with the other steps. ;)
     
  13. Jack Reynolds

    Jack Reynolds Private E-2

    Okay, but first should I remove or ignore the threats since there doesn't seem to be the option of quarantining them?
     
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Remove it!!! :) Yes. Remove *is* quarantine
     
  15. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,

    I just saw your message. Ah okay, I thought quarantine meant something else all together: keeping the malware but isolating it so that it can't trouble the system. I ended up clicking "Ignore Once" in the end because I thought it was the right thing to do. I then saved the log to the desktop. I want to run the scan again and remove the threats, but in the malware removal guide it says to ensure that each scan is run only once, so please can you let me know if I should run it again or move on to scanning with the next program.

    Thanks,

    Jack
     
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Run the scan again, either remove or quarantine the threat. This thread is going to go on for a long time if we don't get to grips with it soon.
     
  17. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,


    I ran Malwarebytes and all of the other scans, and I'm still having problems, so I've attached the requested logs.

    My computer is still unusually slow, and I'm still getting lots of annoying SalePlus advertisments. These advertisements appear on many websites including Shopify and this forum. Sometimes I'm redirected to another website when I click on a link that has nothing to do with it. This all started 1 - 2 weeks ago (I think) when I was using www.vidtomp3.com to convert a YouTube video (again I think).

    Please let me know where to go from here.


    Thanks,

    Jack
     

    Attached Files:

  18. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    First re run Hitman and have it remove all it finds.

    If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Delete these:
    • C:\Documents and Settings\All Users\Application Data\17831145676164683841
    • C:\Documents and Settings\All Users\Application Data\fkgaomfindaadbogiaeajaigadbnjkpf
    • C:\Documents and Settings\All Users\Application Data\knmmklkiomighjjonbhfhpgiijamahbk
    • C:\Documents and Settings\All Users\Application Data\mejgkdofpfkpigdmdoocljdflklaicbb
    • C:\Documents and Settings\All Users\Application Data\{7505c50d-b490-b992-7505-5c50db491436}



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
  19. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,

    I've done everything you asked me to do, and I've attached the requested files. There were no problems. My computer is now running much more smoothly and all the SalePlus advertisements seem to have gone. Also, so far I haven't been redirected in any way. It looks like my computer is now clean. If there is anything else you would like me to do please let me know. Thank you very much for your help.

    Jack
     

    Attached Files:

  20. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am very glad to hear everything is running nicely. I am not seeing anything else to do. :)



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
  21. Jack Reynolds

    Jack Reynolds Private E-2

    Hello,


    Yes my computer is fine now. Thanks again for your help.


    Jack
     
  22. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You are most welcome!! :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds