1
1
Dear moderators
This question is not a duplicate, as it is about a special case, not a general question. please open this up and let the problem be solved, as this relates to so many people. you may find the view count intresting
Problem
As for this or this or even this, my computer has been infected to this sh-t and my browsers open an annoying pop-up ( http://wonderlandads.com/afu.php?zoneid=437742 ) on every single click to whatever web page I am visiting and this is repeated really unlimited times, getting me more and more nervous.
It was just Google Chrome ( 47.0.2526.106 m ), but now I have it on Opera ( 34.0.2036.25 ) too, and I think it will go through the Firefox, IE, ... soon.
Environment
- Windows 10 x64 Enterprise (1151) Build 10586.29
My efforts
- I found this link which would be useful.
- Used Chrome's
Help > Report and issue
menu to report it to the Google. - Used the Chrome Cleanup Tool to remove any problems at the very first moment (just before my opera get infected too).
Using the tool, I noticed that the
exe
file ( Chrome Cleanup Tool ) gets deleted automatically right after usage and so I added an audit on the file for deletion to suspect what process deletes thechrome_cleanup_tool.exe
file usingSecurity
section underWindows Logs
inWindows Even Viewr
. The answer was:Object: Object Server: Security Object Type: File Object Name: C:\Users\{my-user-name}\Downloads\chrome_cleanup_tool.exe Handle ID: 0x2c Resource Attributes: S:AI Process Information: Process ID: 0x179c Process Name: C:\Windows\SysWOW64\rundll32.exe Access Request Information: Accesses: DELETE Access Mask: 0x10000
So I am almost sure that my windows has been infected with virus and there is nothing to do with Chrome, Opera, ...
My question
- How can I remove the infection from my computer?
- Any suggestions or similar efforts would be appreciated.
You got a backup? – Ctrl-alt-dlt – 2015-12-22T10:21:21.947
backup of what? – Pmpr – 2015-12-22T10:28:59.960
@Tetsujin has it right. Read the link provided. This is not a special case. It sounds like a bog-standard virus that will take bog-standard removal approaches. Ie, if you think you're good enough, pull out a Live-CD and do it that way, otherwise be prepared to reinstall everything. Based on your 'backup of what?' response to Jamie's comment, I'd go with a reinstallation (backup of your data, downloads, other content, etc, btw). – mcalex – 2015-12-22T11:08:15.387