A.R.S.E.

This is one stubborn bastard. Anyone know how the hell you are meant to kill this thing?

Before anyone decides to do a quick google and send me a link to one of the sites claiming to have steps to remove it... none of them work. The list of anti malware software I've downloaded and tried seems to be growing, and will not get rid of it. I've run HitmanPro, Malware bytes, AdwCleaner, and JRT... I've also completely removed my browsers and shortcuts and reinstalled them. I may get it fixed for a bit, then do a restart, fucking homepage is back to searching.com. At this stage all I can think of is to format windows.

Any chance it could be a rogue browser plugin?

I had popup ads in chrome recently, redirecting links to a spam site etc. All the searches pointed to a virus and related removal instructions. Ran malwarebytes etc but it didn't find anything. Turned out to be the "adblock" plugin that was doing it.

Seems that particular adblock plugin got hijacked and it's turned to shit. I switched to "adblock plus" which is what I use in firefox, but others are switching to ublock origin, which is apparently by the original creator of "adblock".

I don't think so. I don't really run any plugins. I think the only one I used to run was to stop DNS leak. I had a lot of shit go down after my gf tried to install codecs to play a video she downloaded and it did add a lot of browser plugins. One of the first things I did was remove them all.


Sent from my iPhone using Tapatalk

Time for a format

I might have gotten rid of it last night. Removed browsers again, then ran all the anti malware progs again, hasn't shown up after a couple of restarts. Fingers crossed its gone.


Sent from my iPhone using Tapatalk

I had something similar recently that would come back after anti-malware scans. It was fixed after I cleared the browser cache and cookies after the malware sweep.

Back again. FFS,

I haven't had one of these for years but I had a couple that I could only get rid of by running the programs that you already have whilst the computer is in safe mode.

Format

I'll try safe mode, cheers speed.

I'll likely format if all else fails. But off overseas on Monday, so probably have to wait till I get back.

- Checked the Windows hosts file?
- Have you tried creating a new windows user?

plastik8 wrote:- Checked the Windows hosts file?
- Have you tried creating a new windows user?

Plastik, just with notepad or a text editor for the hosts file? I assume it's large, so just CTRL F and look for 'searching' specifically?

I haven't tried making a new user. I hadn't really thought of it, but how do I use that to fix my admin account?

I know it's weird, but I kinda feel like i've been beaten if I format lol.

DexterPunk wrote:I know it's weird, but I kinda feel like i've been beaten if I format lol.

Trouble is you don't know what else it might be doing in the background. You might feel beaten, but if you can't be confident it's gone then formatting is your only option from a security standpoint.

Any chance it's auto-running off a thumb drive or something like that?

I'll have a look. And you're right. No idea what security breaches may be happening. It's only a gaming machine / downloads machine but you never know what you may log into, and give away. Cheers. I'll do a proper back up of what I need and nuke it when I get back from holidays.


Sent from my iPhone using Tapatalk

did you install any free programs recently?

sort of... It was a video file that apparently needed a new codec to be downloaded though windows media player. It seemed weird but I thought oh well, let her go, surely it can't be too much trouble if it's media player doing the install. Some divX 10 updater got installed and after running it, things went berserk. Pretty sneaky, and to be honest I can't really blame her for it. I reckon it would have caught me out too. I don't really use the Windows video playing software, pretty much never had an issue using VLC. In hind sight I should have just got her to download a new version of VLC. If they still didn't work I'd have known something was dodgy. Since I don't use the Windows player much though it seemed reasonable that it may need to update a codec.

It took me a while to stop random programs installing. It was a chain reaction of shit and for a moment I was about to pull the Ethernet cord out till I got things under control.


Sent from my iPhone using Tapatalk

Did you uninstall the video codec that installed it? Sometimes that can remove it too. It's really easy to get caught out during the install process because we are so conditioned to just click yes or agree that we don't realise one of them was to install something else with it.

I'm pretty sure everything that was installed got un-installed. Either manually from control panel and then by the various malware removal progs.

People keep suggesting that the searching prog will be gone, and that you need to delete/change the target html in the shortcuts you use. All examples seem to be using win7 but I'm on win 10. I just removed the browsers entirely instead. It fixes it for a bit, then returns again. So I don't think there's an issue with the short cuts.

I don't really understand why the malware progs can't find the issue. Surely they are updated such as an antivirus would be.


Sent from my iPhone using Tapatalk

Dex, this sounds like the same fark'n thing I had to deal with a little while ago. How the hell someone has been able to do this & make it look like a legit WMP codec install is pretty ingenious.
What I found was that it has an auto-installer which kicks off again at every re-boot. But I did beat it eventually...

iirc the way I got rid of it was to monitor task manager to see strange tasks being opened then select one to see what folder it was coming from. I then deleted the suspicious looking folder/files until the auto-installer didn't start on the next re-boot. You will also need to un-install all the suspicious programs it has installed from control panel, programs & features.
I found the foldesr & files causing all this had names with random letters that didn't form a word, they also contained a combination of caps & lwr case letters.

I hope this helps you too.

If Dukes solution doesnt work.... then what r8 said

I spent hours trying to remove the bastard from my inlaws computer. Its the only virus thats totally defeated me! Reformatted with my tail between my legs.

Thanks guys. That gives me something else to try.

If no better I'll format it. Thanks again.


Sent from my iPhone using Tapatalk

Would turning on UAC force it to prompt you to allow it to install? That might also provide you with the exe name to hunt down.

Don't forget Windows 10 has a reset feature, saves doing a reformat and reinstall.

In the time you've spent wasting trying to find solutions that obviously haven't worked, you could've formatted and had a clean install of windows running.


If anyone spends more than 3 hours trying to fix an issue, they could easily format and be up and running within 2 hours.

Last time I formatted I backed up my steam folder. After format replaced the folder, it found the games and then for some reason decided it wanted to install (download) everything again. No idea why. Done it before with no issues at all.

Generally I agree though. Probably spent an hour on it at this point. Just didn't wanna have to go through the process as I'm pretty time poor right now.


Sent from my iPhone using Tapatalk