Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Please HELP! Invincible Adware!

Author
Message
That C++ Nerd
18
Years of Service
User Offline
Joined: 30th Dec 2006
Location:
Posted: 12th Sep 2009 18:45 Edited at: 12th Sep 2009 21:50
Link
EDIT: Someone help! (See my newest post)
Discovery:


For the past few weeks there's been quite an abundance of adware infecting my internet-connected computer. This is the primary reason why I don't want to hook up my good computer to the net, just in case my anti-virus fails me.

(FYI, here's the spec of the "infected" computer)

(And here's the spec of the "better" computer; irrelevant)


Anyway, the adware infecting my computer is pretty nasty. Here's a rundown of the situation.

- Replaces search links on Google and Yahoo! with adware links.
- Disables right-clicking in Firefox (but only after adware is seen)
- I tried removing it with BitDefender Total Security 2009. The infections were detected and removed, be appeared again on the close of BitDefender.
- Neither BitDefender or ZoneAlarm seem to actually delete the infection, as the adware comes back on the close of either program.
- I tried clearing my cookies, but it eventually came back (after a day or two).
- Often installs the virus PC Anti-Spyware 2010 on my computer.
- An .exe called "braviax.exe" is repeatedly installed in my Windows directory.
- Removing any of the already known files results in their re-installation.

Screenshots
Searched for TGC

The URL will seem okay.

I click it...

This one isn't even that bad. At least this time it doesn't install any virus.


Any ideas that can help me will be GREATLY appreciated. So, does anyone have any ideas?

Thanks in advance.

Your signature has been erased by a mod because it's too big--- 300k!?
Back to top
Profile PM
lazerus
17
Years of Service
User Offline
Joined: 30th Apr 2008
Location:
Posted: 12th Sep 2009 18:54
Link
Spybot search and destroy will burn the little bugger...

"I thought what I'd do was, I'd pretend I was one of those deaf-mutes..."
http://lazerus-reborn.deviantart.com/
Back to top
Profile PM Email
Jimpo
20
Years of Service
User Offline
Joined: 9th Apr 2005
Location:
Posted: 12th Sep 2009 18:55
Link
From past experience, if you can find out the name of the Adware, you can probably download a small program made just to remove it.

If that doesn't work, you can try: http://onecare.live.com. I had an Adware I couldn't remove, and that was the only anti-virus that was able to permanently remove it. Although it used to be free and run from inside your web browser, but it looks like they are charging for it now.

Back to top
Profile PM Email Website
Venge
18
Years of Service
User Offline
Joined: 13th Sep 2006
Location: Iowa
Posted: 12th Sep 2009 18:56 Edited at: 12th Sep 2009 18:57
Link
Are both of your spyware programs up to date? I use AdAware and Spybot Search and Destroy on my system, I don't think it would hurt to try those too in case it's a problem with your programs. I've never had to deal with anything like what you have, though, so maybe someone else will have better advice.

The average smoker spends $1500 per year on cigarettes. That amount of money could feed 16 impoverished third-world children for an entire year.

Enjoy your cancer.
Back to top
Profile PM
Fallout3fan
16
Years of Service
User Offline
Joined: 9th May 2009
Location:
Posted: 12th Sep 2009 18:59
Link
I need some help too my computer has a computer virus on it and it hasn't been deleted for a month

Im a making a game soon..
Back to top
Profile PM Email
That C++ Nerd
18
Years of Service
User Offline
Joined: 30th Dec 2006
Location:
Posted: 12th Sep 2009 19:02
Link
All of my anti-virus programs are up to date.

Thanks for the tip guys, but Spybot S&D won't work for some reason. I'll make sure to try AdAware now.

Your signature has been erased by a mod because it's too big--- 300k!?
Back to top
Profile PM
That C++ Nerd
18
Years of Service
User Offline
Joined: 30th Dec 2006
Location:
Posted: 12th Sep 2009 21:49
Link
It turns out I've got the nasty Win32.trojan.tdss

Traits
- Replicates itself after deletion
- Stops the user from installing any new anti-malware software
- Only a small handful of anti-virus' detect it
- Only AdAware, Malwarebytes, and Spybot can detect it completely
- AdAware is the only anti-malware tool that can run after infection
- The natural virus file (a few .DLLs) can't be seen by the Windows UI in any manner.
- Often infects the registry and root access

HELP! HELP!

Your signature has been erased by a mod because it's too big--- 300k!?
Back to top
Profile PM
Jeku
Moderator
21
Years of Service
User Offline
Joined: 4th Jul 2003
Location: Vancouver, British Columbia, Canada
Posted: 12th Sep 2009 21:55
Link
If your virus scanner can't kill it, it's usually best to format/reinstall the OS.


Senior Web Developer - Nokia
Back to top
Profile PM Website
NeX the Fairly Fast Ferret
20
Years of Service
User Offline
Joined: 10th Apr 2005
Location: The Fifth Plane of Oblivion
Posted: 13th Sep 2009 00:47
Link
If you know the files you need to get rid of, either boot into DOS and replace manually or use your Windows CD to do a repair installation which does not touch the Documents folders but wipes the Windows directory.

Back to top
Profile PM Website
xplosys
19
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 13th Sep 2009 02:41
Link
I do this for a living and have successfully removed what you have twice in the last week. It is indeed very tricky and heavily protected. I was not able in both cases to remove all the offensive files with the OS running. What I had to do was remove the hard drive, attach it to another system, and run my antivirus/antispyware programs on that drive. In both cases they were completely cleaned of all infections.

I have found simple programs like AVG and SuperAntiSpyware to be effective when used this way.

Best of luck.

Brian.

Back to top
Profile PM
AdrianoJones Wannabe
15
Years of Service
User Offline
Joined: 2nd Jul 2009
Location: Ontario, Canada
Posted: 13th Sep 2009 02:43
Link
Quote: "If you know the files you need to get rid of, either boot into DOS and replace manually or use your Windows CD to do a repair installation which does not touch the Documents folders but wipes the Windows directory."


Yeah, or if all else fails backup your data on a portable hard drive or a USB stick and reformat Windows.
-Adrian

I love Taylor Swift. She's awesome.
Hey guys! Help me! Join the creative design forums! http://creativedesign.candorweb.com/index.php
Back to top
Profile PM Email
Seppuku Arts
Moderator
20
Years of Service
User Offline
Joined: 18th Aug 2004
Location: Cambridgeshire, England
Posted: 13th Sep 2009 02:52
Link
Back-up and reinstall if you're incapable of removing it - it's a much more guaranteed solution, though not always desirable. A decent Internet Security package I think might help you, normally saying paying a little bit of money out each year to protect your computer can give you piece of mind is a good way to go, or at least I found my experience from switching from freebies to Kaspersky has improved.

Back to top
Profile PM Website
Van B
Moderator
22
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 13th Sep 2009 04:51
Link
MalwareBytes anti-malware. It's free and actually fixes the problem. Seriously give it a try, it's fixed these issues on 5 or 6 PC's at work.


Health, Ammo, and bacon and eggs!
Back to top
Profile PM Email
That C++ Nerd
18
Years of Service
User Offline
Joined: 30th Dec 2006
Location:
Posted: 13th Sep 2009 16:19
Link
Thanks for the help guys.

EDIT: I just thought about using Bart's Windows Live CD. I've always used live CDs to fix problems like this. I don't see why it couldn't in this situation.

I probably will reformat just to be safe. Does repairing the Windows directory wipe the registry? Last time I repaired, it wiped my registry clean. I know exactly how to back up my registry in regedit, but sometimes infections can reside in the registry itself. I'll back it up anyway.

Your signature has been erased by a mod because it's too big--- 300k!?
Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2025-05-26 03:54:40
Your offset time is: 2025-05-26 03:54:40