Adware/spyware attack!

Discussion in 'General Electronics Chat' started by DerStrom8, Dec 18, 2012.

  1. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    Hey guys. I've been trying to figure this out for the past 24 hours but to no avail. Hopefully I can get a little help here.

    I recently noticed that when I was running windows 7 ultimate on my machine (one side of the partition), I kept getting blue, underlined words in the middle of web pages, and if you hover over them, it says it's an ad by Browse to Save. I don't know how this program got installed on my computer. All I can think of is that it attached itself to a program I recently installed to read the video files from my new HD video camera.

    The first thing I did was check my browser to see if it was a simple add-on that could be easily removed. No such luck. I checked both Chrome and IE, neither of which had it listed as a plugin or add-on, but they both showed the "hidden" links.

    Next thing I did was run spybot to try to remove it, assuming it was adware/spyware/malware. Spybot found several problems, but did not fix the issue. I also ran Microsoft Security Essentials, which also found some problems, but did not fix the issue. I've since tried Malwarebytes and Superantispyware, but still no luck. I've manually looked through my list of programs, folders, program files, even down to my registry and system32 folder, found several items that could have been the problem, but removing them still didn't help. I tried a system restore as well, but again, to no avail.

    Now for the scariest part. I just booted into Windows 7 in safe mode with networking, but the ads even showed up there. If adware can sneak its way into safe mode, then it must be buried deep in the system, am I correct?

    Anyway guys, I'm becoming desperate. I must get rid of this thing, as I've read that Browse to Save can be very dangerous. It's no simple adware attached to the browser, it's a program installed deep in my computer and I can't figure out where it's hiding or how to get rid of it. I've tried just about every tutorial I found on Google to get rid of it, none of which worked. Has anyone else here had an issue with Browse to Save, and perhaps know how to remove it altogether? Any help or suggestions would be very much appreciated!

    Regards,
    Matt

    P.S. My Windows 8 side works fine, so I'll be using that for the time being. Unfortunately, I still have some important documents on 7, so I can't just not use it.
     
  2. mcgyvr

    AAC Fanatic!

    Oct 15, 2009
    4,770
    970
    ,.did you try the numerous uninstall procedures on the internet..
    Does is show up when you try to remove programs from your computer.
    Someone even said that if you click on the links it will take you to there website where they actually have an uninstall procedure too.

    Googling "browse to save malware" yielded TONS of results on removal..
     
  3. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    Yes, I tried dozens of suggestions from the internet, none of which worked. It does not show up as an installed program, so there's no way to tell it to uninstall. Two problems with clicking the links: One, it downloads trojans to your computer (I can confirm this firsthand), and Two, it claims it's just a browser add-on, which it is not.

    I googled it and read most of the "TONS of reults". None of them seemed to work.
     
  4. tshuck

    Well-Known Member

    Oct 18, 2012
    3,531
    675
    Is it showing up in your task manager?
     
  5. JohnInTX

    Moderator

    Jun 26, 2012
    2,347
    1,029
    I know of several folks that used Microsoft paid support (using the remote desktop) and had good results getting rid of rootkits and other nastyware that they could not get rid of. They came away pretty happy.
     
  6. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    It's not showing up in the applications, and I don't see it under processes, though it could be disguised. I googled most of the processes I saw that didn't have a legitimate-looking description, but nothing came up as dangerous or potentially harmful.

    I may have to do that, though I'm not really in a position to pay for assistance. If it comes to it, though, I suppose I have no other choice.

    An alternative last resort would be for me to back up my important documents and just install a fresh version of windows. I hate to do this though, because I have a lot of programs installed that would be a pain to reinstall. At least it would be free--I still have the installation disk. It's still a last resort, though.
     
  7. nerdegutta

    Moderator

    Dec 15, 2009
    2,515
    785
    Have you tried CTRL+ALT+DEL, and started the taskmanager, and tried to locate the process?


    Oh... Too late. :)
     
  8. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    Hahaha, yes, but thanks anyway nerdegutta :D
     
  9. tshuck

    Well-Known Member

    Oct 18, 2012
    3,531
    675
    I should have also asked if you are looking at processes from all users.

    Check what's running under the "Services" tab.
     
  10. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    Yes, I checked the box for "all users". I also looked under the "services" tab and didn't see anything out of place. However, like I said, it could be disguised as a critical process/service.
     
  11. tshuck

    Well-Known Member

    Oct 18, 2012
    3,531
    675
    According to this, it goes by basicscan.exe....
     
  12. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    Yup, looked that up last night and there is no file by that name. I have a feeling this is a new generation of Browse to Save and it's got new aliases that nobody's seen before. That's what worries me.
     
  13. JohnInTX

    Moderator

    Jun 26, 2012
    2,347
    1,029
    .. before reinstalling windows, try resetting to an earlier restore point. Control Panel->System and Security -> Action Center -> Restore Computer to an earlier point in time.

    In the System Restore dialog, you can highlight a restore point and hit Scan for affected programs to see what's affected at a particular date/time. Maybe something will jump out or try an earlier point.

    Good Luck!
     
  14. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    Thanks John. I tried that last night, but a system restore did no good. It did not affect the files at all, only the system itself. If I could somehow restore it in a way that removes any files added between the restore point and current date, that would be ideal, but I am not aware of any way to do that. Thoughts?
     
  15. JohnInTX

    Moderator

    Jun 26, 2012
    2,347
    1,029
    .. Have you tried disabling/uninstalling javascript, flash and activeX (can you even on IE/Chrome?)

    Try Firefox with NoScript and AdBlock Plus extensions. In the JavaScript console, try to see what's running on an infected page.

    Run MSCONFIG.exe and deselect any suspect startup programs/services.
     
  16. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    Hmm, never thought to do that. I'm not even sure I know how to disable/uninstall javascript, flash, and/or activeX. I don't suppose they appear in the list of programs when you go to uninstall or change a program, do they?

    Also, I have no idea what the "JavaScript console" is. I usually just let these things run on their own :p

    I'll check msconfig though. I completely forgot I was going to try that earlier :rolleyes:

    I'll let you know how it turns out!

    Matt
     
  17. Wendy

    Moderator

    Mar 24, 2008
    20,766
    2,536
    I use a site called Major Geeks.com for those kind of problems. I used to be a regular there, before I found here. I still recommend it for malware/spyware issues.
     
  18. #12

    Expert

    Nov 30, 2010
    16,298
    6,811
    It seems to me that re-installing the OS wipes the HDD and THEN loads the OS. Am I wrong?

    (I use acronis to make images of my OS and use them to wipe the HDD and reinstall the OS. It seems to work for me.)
     
  19. DerStrom8

    Thread Starter Well-Known Member

    Feb 20, 2011
    2,428
    1,328
    Well guys, I am EXTREMELY P***ed off right now. It was looking like there was no way I could get rid of the virus without reinstalling Windows 7, which is what I did. I had the setup on a flash drive (yes, it was 100% legal). I ran the setup to reinstall windows 7 ultimate, and it went through the process, but once it was finished, it started running this really cr*ppy version of windows, with a stupid looking resolution (everything was supersized and stretched) and it wouldn't let me change it to the correct one for my computer. It also doesn't have any drivers installed, so I can't use USB devices, the network adapter (to access internet), or anything. I can't even go online to install the drivers I need! Windows 8 was working fine, but windows 7 was not. So I re-ran the installer, wondering if I'd chosen a wrong setting somewhere during the installation, but I ended up with the same problem. I then noticed that it had replaced my working windows 8 OS with this cr*ppy windows 7! So I lost ALL of my work, programs, settings, and decent OS's, and my laptop is practically a brick now. I have no idea what happened, or more importantly, how to fix it. I can't even begin to describe how annoyed I am. I don't know what I'm going to do. I need this computer for work-related things and I really can't go without it.

    For the time being, I'm using my old Acer, but this thing really can't run any of the programs I need, so it's not a replacement. I need my old one back ASAP and have no idea what to do. Any ideas? Please tell me there are real computer geeks or even former members of the Geek Squad, or SOMEONE out there who can help me. I have faith in you guys. My stress level is just through the roof.

    Regards,
    Matt
     
  20. nerdegutta

    Moderator

    Dec 15, 2009
    2,515
    785
    Oh, man... :(

    You are in kneedeep s**t if the HDD is formatted. Thought you had the 2 OS's on different partitions. If the partitions are erased, and re-formatted, then I don't think you can save any data. Unless you have some low-level data reconstruction program.

    Before I start messing with my OS, I always check which programs to backup, and which files to save on different USB stick. I have been loosing data on a regular basis since my first C64 in '83. :rolleyes:

    Have you, by any chance, tried Ultimate Boot CD. Maybe there is a program there to get into the HDD and save some of your work. Applications are always available, but it is loosing your work that sucks!
     
Loading...