Adware/spyware attack!

Thread Starter

DerStrom8

Joined Feb 20, 2011
2,390
Hey guys. I've been trying to figure this out for the past 24 hours but to no avail. Hopefully I can get a little help here.

I recently noticed that when I was running windows 7 ultimate on my machine (one side of the partition), I kept getting blue, underlined words in the middle of web pages, and if you hover over them, it says it's an ad by Browse to Save. I don't know how this program got installed on my computer. All I can think of is that it attached itself to a program I recently installed to read the video files from my new HD video camera.

The first thing I did was check my browser to see if it was a simple add-on that could be easily removed. No such luck. I checked both Chrome and IE, neither of which had it listed as a plugin or add-on, but they both showed the "hidden" links.

Next thing I did was run spybot to try to remove it, assuming it was adware/spyware/malware. Spybot found several problems, but did not fix the issue. I also ran Microsoft Security Essentials, which also found some problems, but did not fix the issue. I've since tried Malwarebytes and Superantispyware, but still no luck. I've manually looked through my list of programs, folders, program files, even down to my registry and system32 folder, found several items that could have been the problem, but removing them still didn't help. I tried a system restore as well, but again, to no avail.

Now for the scariest part. I just booted into Windows 7 in safe mode with networking, but the ads even showed up there. If adware can sneak its way into safe mode, then it must be buried deep in the system, am I correct?

Anyway guys, I'm becoming desperate. I must get rid of this thing, as I've read that Browse to Save can be very dangerous. It's no simple adware attached to the browser, it's a program installed deep in my computer and I can't figure out where it's hiding or how to get rid of it. I've tried just about every tutorial I found on Google to get rid of it, none of which worked. Has anyone else here had an issue with Browse to Save, and perhaps know how to remove it altogether? Any help or suggestions would be very much appreciated!

Regards,
Matt

P.S. My Windows 8 side works fine, so I'll be using that for the time being. Unfortunately, I still have some important documents on 7, so I can't just not use it.
 

mcgyvr

Joined Oct 15, 2009
5,394
,.did you try the numerous uninstall procedures on the internet..
Does is show up when you try to remove programs from your computer.
Someone even said that if you click on the links it will take you to there website where they actually have an uninstall procedure too.

Googling "browse to save malware" yielded TONS of results on removal..
 

Thread Starter

DerStrom8

Joined Feb 20, 2011
2,390
,.did you try the numerous uninstall procedures on the internet..
Does is show up when you try to remove programs from your computer.
Someone even said that if you click on the links it will take you to there website where they actually have an uninstall procedure too.

Googling "browse to save malware" yielded TONS of results on removal..
Yes, I tried dozens of suggestions from the internet, none of which worked. It does not show up as an installed program, so there's no way to tell it to uninstall. Two problems with clicking the links: One, it downloads trojans to your computer (I can confirm this firsthand), and Two, it claims it's just a browser add-on, which it is not.

I googled it and read most of the "TONS of reults". None of them seemed to work.
 

JohnInTX

Joined Jun 26, 2012
4,787
I know of several folks that used Microsoft paid support (using the remote desktop) and had good results getting rid of rootkits and other nastyware that they could not get rid of. They came away pretty happy.
 

Thread Starter

DerStrom8

Joined Feb 20, 2011
2,390
Is it showing up in your task manager?
It's not showing up in the applications, and I don't see it under processes, though it could be disguised. I googled most of the processes I saw that didn't have a legitimate-looking description, but nothing came up as dangerous or potentially harmful.

I know of several folks that used Microsoft paid support (using the remote desktop) and had good results getting rid of rootkits and other nastyware that they could not get rid of. They came away pretty happy.
I may have to do that, though I'm not really in a position to pay for assistance. If it comes to it, though, I suppose I have no other choice.

An alternative last resort would be for me to back up my important documents and just install a fresh version of windows. I hate to do this though, because I have a lot of programs installed that would be a pain to reinstall. At least it would be free--I still have the installation disk. It's still a last resort, though.
 

Thread Starter

DerStrom8

Joined Feb 20, 2011
2,390
I should have also asked if you are looking at processes from all users.

Check what's running under the "Services" tab.
Yes, I checked the box for "all users". I also looked under the "services" tab and didn't see anything out of place. However, like I said, it could be disguised as a critical process/service.
 

Thread Starter

DerStrom8

Joined Feb 20, 2011
2,390
According to this, it goes by basicscan.exe....
Yup, looked that up last night and there is no file by that name. I have a feeling this is a new generation of Browse to Save and it's got new aliases that nobody's seen before. That's what worries me.
 

JohnInTX

Joined Jun 26, 2012
4,787
.. before reinstalling windows, try resetting to an earlier restore point. Control Panel->System and Security -> Action Center -> Restore Computer to an earlier point in time.

In the System Restore dialog, you can highlight a restore point and hit Scan for affected programs to see what's affected at a particular date/time. Maybe something will jump out or try an earlier point.

Good Luck!
 

Thread Starter

DerStrom8

Joined Feb 20, 2011
2,390
.. before reinstalling windows, try resetting to an earlier restore point. Control Panel->System and Security -> Action Center -> Restore Computer to an earlier point in time.

In the System Restore dialog, you can highlight a restore point and hit Scan for affected programs to see what's affected at a particular date/time. Maybe something will jump out or try an earlier point.

Good Luck!
Thanks John. I tried that last night, but a system restore did no good. It did not affect the files at all, only the system itself. If I could somehow restore it in a way that removes any files added between the restore point and current date, that would be ideal, but I am not aware of any way to do that. Thoughts?
 

JohnInTX

Joined Jun 26, 2012
4,787
.. Have you tried disabling/uninstalling javascript, flash and activeX (can you even on IE/Chrome?)

Try Firefox with NoScript and AdBlock Plus extensions. In the JavaScript console, try to see what's running on an infected page.

Run MSCONFIG.exe and deselect any suspect startup programs/services.
 

Thread Starter

DerStrom8

Joined Feb 20, 2011
2,390
.. Have you tried disabling/uninstalling javascript, flash and activeX (can you even on IE/Chrome?)

Try Firefox with NoScript and AdBlock Plus extensions. In the JavaScript console, try to see what's running on an infected page.

Run MSCONFIG.exe and deselect any suspect startup programs/services.
Hmm, never thought to do that. I'm not even sure I know how to disable/uninstall javascript, flash, and/or activeX. I don't suppose they appear in the list of programs when you go to uninstall or change a program, do they?

Also, I have no idea what the "JavaScript console" is. I usually just let these things run on their own :p

I'll check msconfig though. I completely forgot I was going to try that earlier :rolleyes:

I'll let you know how it turns out!

Matt
 

Wendy

Joined Mar 24, 2008
23,415
I use a site called Major Geeks.com for those kind of problems. I used to be a regular there, before I found here. I still recommend it for malware/spyware issues.
 

#12

Joined Nov 30, 2010
18,224
It seems to me that re-installing the OS wipes the HDD and THEN loads the OS. Am I wrong?

(I use acronis to make images of my OS and use them to wipe the HDD and reinstall the OS. It seems to work for me.)
 

Thread Starter

DerStrom8

Joined Feb 20, 2011
2,390
Well guys, I am EXTREMELY P***ed off right now. It was looking like there was no way I could get rid of the virus without reinstalling Windows 7, which is what I did. I had the setup on a flash drive (yes, it was 100% legal). I ran the setup to reinstall windows 7 ultimate, and it went through the process, but once it was finished, it started running this really cr*ppy version of windows, with a stupid looking resolution (everything was supersized and stretched) and it wouldn't let me change it to the correct one for my computer. It also doesn't have any drivers installed, so I can't use USB devices, the network adapter (to access internet), or anything. I can't even go online to install the drivers I need! Windows 8 was working fine, but windows 7 was not. So I re-ran the installer, wondering if I'd chosen a wrong setting somewhere during the installation, but I ended up with the same problem. I then noticed that it had replaced my working windows 8 OS with this cr*ppy windows 7! So I lost ALL of my work, programs, settings, and decent OS's, and my laptop is practically a brick now. I have no idea what happened, or more importantly, how to fix it. I can't even begin to describe how annoyed I am. I don't know what I'm going to do. I need this computer for work-related things and I really can't go without it.

For the time being, I'm using my old Acer, but this thing really can't run any of the programs I need, so it's not a replacement. I need my old one back ASAP and have no idea what to do. Any ideas? Please tell me there are real computer geeks or even former members of the Geek Squad, or SOMEONE out there who can help me. I have faith in you guys. My stress level is just through the roof.

Regards,
Matt
 

nerdegutta

Joined Dec 15, 2009
2,684
Oh, man... :(

You are in kneedeep s**t if the HDD is formatted. Thought you had the 2 OS's on different partitions. If the partitions are erased, and re-formatted, then I don't think you can save any data. Unless you have some low-level data reconstruction program.

Before I start messing with my OS, I always check which programs to backup, and which files to save on different USB stick. I have been loosing data on a regular basis since my first C64 in '83. :rolleyes:

Have you, by any chance, tried Ultimate Boot CD. Maybe there is a program there to get into the HDD and save some of your work. Applications are always available, but it is loosing your work that sucks!
 
Top