How can I find and remove hidden malware from my computer?

  • Thread starter Thread starter nomadreid
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around finding and removing hidden malware from a computer, focusing on symptoms experienced by the original poster, including webpage redirects, double-underlined words, and pop-ups. Participants share various methods and tools for malware detection and removal, as well as browser-specific issues related to add-ons and plugins.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested
  • Experimental/applied

Main Points Raised

  • The original poster describes multiple symptoms of malware infection and lists several cleaning programs used without success.
  • Some participants suggest that the issue may be related to browser plugins, particularly in Firefox.
  • There are recommendations to check for unusual add-ons in Firefox and to consider uninstalling and reinstalling the browser if issues persist.
  • A suggestion is made to use HijackThis for a deeper analysis of the system.
  • One participant reports that disabling a suspicious add-on resolved the issues, while others emphasize the importance of running full system scans with antivirus software.
  • There is a discussion about the effectiveness of various tools like Malwarebytes and the importance of resetting browser settings to factory defaults.
  • Some participants express differing opinions on the use of NoScript versus other ad-blocking tools, highlighting the trade-off between security and convenience.
  • Concerns are raised about the legitimacy of certain links shared in the discussion, with warnings about potential risks associated with short URLs.

Areas of Agreement / Disagreement

Participants generally agree on the need for thorough scanning and the potential role of browser add-ons in malware issues. However, there are competing views on the best tools and methods for addressing the problem, and the discussion remains unresolved regarding the effectiveness of specific solutions.

Contextual Notes

Some participants note that not all malware is easily detectable, and there may be additional hidden threats beyond what has been identified. The discussion also reflects varying levels of technical knowledge among participants, influencing the suggestions made.

Who May Find This Useful

Individuals experiencing similar symptoms of malware infection, those seeking advice on malware removal tools, and users interested in browser security enhancements may find this discussion relevant.

nomadreid
Gold Member
Messages
1,771
Reaction score
255
I have recently had some malware infect my Internet sites, of three types all at once
one, a webpage will disappear and in its place a page saying "And now a word from our sponsors... you will be redirected in a moment" (at which point I kill it);
two, words on the web page are double-underlined and a window appears for it, and
three, pop-ups).
I scanned and cleaned the computer with the (free versions of the ) following programs:
Malwarebytes
Super Anti-Spy
Adwcleaner
Junk Removal Tool
(I also then scanned it with HitmanPro, but no results were found, which is good because it won't fix anything unless you buy it.)
Of course even before that I looked for unwanted programs in Control Panel>Programs and Features, but naturally not all sneaky programs are listed.
I also read of Combofix, but it was advised not to use it unless I had considerable technical knowledge, which I don't.
Anyway, with all these attempts, the infections are still there. Well hidden. What else can I do?
 
Computer science news on Phys.org
Do you have them independent of the browser? They could be some sort of browser plugin.
 
  • Like
Likes   Reactions: nomadreid
Good question. So far I have been using only Firefox. I just tried Internet Explorer and Chrome, and the problem doesn't arise on a five-minute trial, but I shall try using only the other two browsers for a while to see what happens. So, let us assume that it is only Firefox. How do I go about getting rid of the plug-in or whatever it is?
 
(Firefox) Click on tools -> add-ons. Look at extensions and plugins to see if you have anything unusual.
 
  • Like
Likes   Reactions: Silicon Waffle and nomadreid
And if they don't show up there, save your bookmarks and so on before if you want to keep them, deinstall Firefox, remove the folder (if still there) and reinstall.
 
  • Like
Likes   Reactions: nomadreid
Thanks, mathman, mfb, and StevieTNZ. (Sorry for the delay in the reply: different time zone) I will try one thing at a time. First, mathman's suggestion: in "Add-ons" I have three items, two of which are disabled and known, but one of which is odd: it is listed as "S-Foxer 1.2" from "sfoxer", with a website listing email address, and installed last Sunday. I googled "S-foxer" but the search came up with nothing. For the moment I have disabled it, but before removing it altogether will wait to see if (a) that solves it, and (b) any of you helpful people can tell me whether it is something legit. Thanks!
 
I get the impression it wouldn't be an add-on in Firefox causing the page re-directs and links appearing with pop-up boxes, but I could be wrong.
 
  • Like
Likes   Reactions: nomadreid
I used Firefox for a whole day after I had disabled that add-on, and no more pop-ups and underlinings occurred; they also didn't occur in the other two browsers. So, apparently that was the problem. It's nice to have the other suggestions for the future, though. So, again many thanks to all three of you who responded!
 
  • #10
Malware rarely ever installs itself in isolation. If a toolbar/add-on managed to get on your system, it's likely there's other things on there too.
I would suggest running some scans on your computer in addition to just disabling add-ons. First do a full system scan with whatever antivirus software you are currently using. Fix/Clean/Quarantine if it finds things.

Then go get MalwareBytes anti-spyware, the free version
https://www.malwarebytes.org/bf3/

This is one of the best free tools available. Download>Install>Update>Scan>Clean>Reboot>Scan>Clean>Reboot.

Once you have done scanned and cleaned twice, you'll effectively have the system about as clean as it's going to get without getting help from someone trained in using tools like Hijackthis. In the majority of cases, just doing a Malwarebytes scan is good enough.
 
  • Like
Likes   Reactions: nomadreid
  • #11
Thanks, Routaran. However, notice that in my original post I mentioned that I had scanned my system with Malwarebytes as well as a few other good cleaning programs that I listed. In fact, I scan with Malwarebytes and Super Anti-Spy regularly. As you say, good programs.
 
  • #12
  • Like
Likes   Reactions: nomadreid
  • #13
Thanks for the good suggestions and links, Routaran. Very good idea.
 
  • #14
nomadreid said:
I used Firefox for a whole day after I had disabled that add-on, and no more pop-ups and underlinings occurred; they also didn't occur in the other two browsers. So, apparently that was the problem. It's nice to have the other suggestions for the future, though. So, again many thanks to all three of you who responded!

Installing the FireFox addon "NoScript" will dramatically lower your odds of getting this type of adware again ... http://en.wikipedia.org/wiki/NoScript [ it's free ]
 
  • Like
Likes   Reactions: nomadreid
  • #15
Thanks, BOb-A. Sounds very good. I presume I can add to the whitelist, which is good, except that I would have to investigate which of the sites I use depend on JavaScript. What is your comment to the following notes in the link you sent?
"NoScript's default behavior is to block all scripts that are not whitelisted. This may prevent a large number of sites from automatically working due to their reliance on JavaScript technologies ... Users may find this behavior overkill, unnecessary, or tedious despite the additional security."
 
  • #16
nomadreid said:
... What is your comment to the following notes in the link you sent? ...

There is always a trade-off between security and convenience : unlocked doors are more convenient than locked ones , but unlocked ones are not secure,

Without something like NoScript your doors are unlocked : and are vulnerable to driveby-downloads.

Once you've white-listed your frequently-visited trusted-websites , NoScript is not very intrusive ,
( it blocks animated-adverts that require adobe-flash which are intrusive , and use lots of internet bandwidth and CPU ).

I would not browse the internet without NoScript or an equivalent.
 
Last edited:
  • Like
Likes   Reactions: nomadreid
  • #17
Thanks, BOb-A and Ross Franklin.
BOb-A: sounds good (I looked up other reviews): I will try it.
Ross Franklin: that link is about one particular Trojan (Hey, how did you know that I can read Russian? ), but it does give some general methods as well. Thanks, спасибо.
 
  • #18
I use malwarebytes, It stores the threat in quarantine, so if u have not deleted it yet, then please do so.
 
  • #19
Thanks for trying, ImperialThinker (avatar Dr. House), but if you go back to my original post, I explicitly mentioned that Malwarebytes did not catch the problem. I found the problem the way mathman (above) suggested. However, I appreciate the effort.
 
  • #20
noma: Instead of Noscript (which I've used, and found tedious to use), I use Ghostery and AdBlock. I never get redirected anywhere, no ads to click on, and can watch 8-second videos without a 30 second advertisement.
 
  • #21
nomadreid said:
Thanks for trying, ImperialThinker (avatar Dr. House), but if you go back to my original post, I explicitly mentioned that Malwarebytes did not catch the problem. I found the problem the way mathman (above) suggested. However, I appreciate the effort.
I assumed you were lying... Everybody lies.
 
Last edited:
  • #22
nomadreid said:
Ross Franklin: that link is about one particular Trojan (Hey, how did you know that I can read Russian? ), but it does give some general methods as well. Thanks, спасибо.

You shouldn't have clicked on the "bitl.y" short URL from first-time-poster Ross Franklin.
In this case the short URL is apparently to a disreputable site , see ...
https://www.mywot.com/en/scorecard/www.delete-malware.com says "unsatisfactory site",
http://www.siteadvisor.com/sites/www.delete-malware.com says "dangerous site".

Shortened URLs can be used to disguise malware sites which would have otherwise been blocked by your browser ...
wikipedia.org/wiki/Short_URL said:
... The short URL can allow blacklisted URLs to be accessed ..."
http://en.wikipedia.org/wiki/Short_URL#Privacy_and_security

If you clicked on the Ross's Bitly link my suggestion would be do a "system restore" to a point in time prior to clicking on it , just in case visiting that webpage installed malware.
 
Last edited:
  • #23
My last resort malware buster is Exterminate It I don't know if a legitimate free version is available but even a test version would tell you where the malware is hidden.
I only say last resort because it takes about 15 minutes to run and spills out the result at the last moment but it has never failed me
 

Similar threads

Is My New Windows 11 Laptop Infected with Malware?
  • · Replies 12 ·
Replies
12
Views
2K
What is the NWJS virus and how can I protect my computer from it?
  • · Replies 17 ·
Replies
17
Views
6K
Should I be worried that I contracted malware?
  • · Replies 3 ·
Replies
3
Views
2K
How can I remove a stubborn virus from my computer?
  • · Replies 15 ·
Replies
15
Views
5K
How Can I Update Skype Without Installing MSN?
  • · Replies 5 ·
Replies
5
Views
3K
How can I protect my flash drive from reformat?
  • · Replies 5 ·
Replies
5
Views
2K
What is Xp internet security 2011 and how do I remove it from my computer?
  • · Replies 17 ·
Replies
17
Views
5K
How do I fix 100% CPU usage with explore.exe on my Vista computer?
  • · Replies 2 ·
Replies
2
Views
8K
How do I remove spyware from my computer?
  • · Replies 16 ·
Replies
16
Views
4K
Is My Laptop Possessed?
  • · Replies 17 ·
Replies
17
Views
5K