How Do I Remove Spyware and Prevent Future Infections?

[mech-eng]

I have installed a program but a lot of different program has been installed without my permission and most of these strange programs are advertisement programs. And there is a registry cleaning program which has been installed secretly. For example, some links are added by theirselves on the Internet Explorer window and sometimes there are chat Windows in which a bot woman wants to speak on love. I have uninstalled some of them via control panel but it haven't worked and I have made an antivirus scan but it also hasn't worked. How can I rescue my PC from them and how can I prevent these situations from occurring to not to have same problems in the future?

Thank you.

Note: My antivirus program is Vipre.

 

[phinds]

You need to figure out exactly what was installed and do a Google search for how to get rid of it. And you DEFINITLY should get rid of it since this sounds like exactly the kind of thing that puts malware on your computer.

 

[mathman]

There is a program "Malwarebytes" by Anti-Malware (you can get it from CNET) which might help.

 

[StevieTNZ]

Which was the original program you installed? Naming it (and also the source from where you downloaded it, if you did download it) might help us to find out what else it installed, and how those additional programs be removed.

It sounds like the original program was a virus and/or malware to begin with, as any legitimate program that wants to install additional programs should give you the option to opt out (and even if you didn't opt out, I wouldn't expect the behaviour on your computer you are experiencing).

 

[jim mcnamara]

Try anti-malwarebytes first.

Modern viruses can actually prevent anti-virus programs from running correctly against them. Anti-malwarebytes does work well, but if your malware is entrenched it may undo or prevent the installation. At work we just wipe PC's C drives when things are bad. We can rescue them by removing the infected C drive. Then attaching the as a D: on a machine with malwarebytes already on it. Full scan the D: drive. Next replace the D: drive back into its home as C:. Disconnect the internet and see if you can boot without a bunch of error messages, if so, connect to the internet, download anti-malware bytes, install it and run a full scan.

 

[Borg]

@mech-eng A couple of pieces of advice. I would not log into anything with that computer until you are sure that it is clean. Assume that it has also installed a key-logger and is secretly sending logins and passwords to a server somewhere. If you can, try to install a firewall and set it to notify you if anything attempts to connect to the internet. This can help you to find and exterminate the programs that have been installed. I use ZoneAlarm which has a free version that works very well. There are two classes of connections that it will tell you about - programs that are trying to connect to the internet and programs that are trying to act as a server. There are very few that need to act as a server but I would be suspicious of everything at this point.

 

[B0b-A]

... How can I rescue my PC from them ...

You mentioned "Internet Explorer" , so you're on Windows , so you can do a "system restore" to a point in time before you installed the unwanted programs. That should return your computer's registry to how it was. Folders created by installing the unwanted programs will remain, but the unwanted programs won't run.

... how can I prevent these situations from occurring to not to have same problems in the future?

Use something like the browser addon NoScript will stop drive-by-downloads. But if you authorised the download, without reading the small-print , there is no fix to prevent that occurring again, just more caution on your part.

 

[StevieTNZ]

If your machine runs Vipre as security software, surely during the installation of the additional program it would have notified you something suspicious was being installed... and if that was malware -- http://www.vipreantivirus.com/VIPRE-antivirus/ -- that 100% rating doesn't seem to have worked for you.

 

[B0b-A]

... But if you authorised the download, without reading the small-print , there is no fix to prevent that occurring again, just more caution on your part.

On second thoughts there is a software solution. There is software by Acronis which has a "try&decide" option which virtualizes the entire machine, so operates like Windows "system-restore", but will restore the entire computer , not just the Operating System. So you run Acronis before you install any software, you can then try the software, if you don't like it have Acronis put everything back to the pre-install state. Acronis "try&decide" is not free software ... http://www.acronis.com/en-gb/support/documentation/ATIH2014/299.html

 

[Gracie thomas]

Whenever you install something on your computer, make sure you carefully read all disclosures, including the license agreement and privacy statement. Sometimes the inclusion of unwanted software in a given software installation is documented, but it might appear at the end of a license agreement or privacy statement

 

[mech-eng]

Which was the original program you installed? Naming it (and also the source from where you downloaded it, if you did download it) might help us to find out what else it installed, and how those additional programs be removed.

It sounds like the original program was a virus and/or malware to begin with, as any legitimate program that wants to install additional programs should give you the option to opt out (and even if you didn't opt out, I wouldn't expect the behaviour on your computer you are experiencing).

The original program is googlebooksdownloader but I do not remember whether or not it is from the official site. It is just 643 Kb. Some secretly installed programs were Apple Inc's programs. One is opera, another is bonjour. When I try to close that chat window, this link opens:
but then it turns into this Edit by mentor: links to questionable sites removed
I have also realized that my computer's internet speed has lowered.

Here are the programs probably installed with that virüs:

Mystartseach as a search engine. It is strange that when I try to uninstall this, it prompts a verification code to be uninstalled.

Another one is reg-clean pro by systweak.com
Another one is Steelcut:mysteelcut.com
If I open my pc with a Linux live cd, the virus probably cannot be active so can I find and delete it by this method?
Can you using "resmon" help me determine which program is the virus, and can making a soft recovery which uninstalls all programs but not delete files be solution for getting ride of the virus? What should I do with the installation file which includes the virus. Should I send it to Vipre for examining? How can I learn the name of this virus?

Note:Above information might not be exactly correct.

Should I send the installation file via e-mail to vipre

Thank you.

 

[B0b-A]

... When I try to close that chat window, this link opens: https://secure-fra.adnxs.com ... .

This link looks relevant to your problem ... http://malwaretips.com/blogs/secure-fra-adnxs-com-removal/
[ I've not had this "secure-fra.adnxs.com" problem, or tried this solution myself though ]

 

[mech-eng]

Then attaching the as a D: on a machine with malwarebytes already on it. Full scan the D: drive. Next replace the D: drive back into its home as C:. Disconnect the internet and see if you can boot without a bunch of error messages, if so, connect to the internet, download anti-malware bytes, install it and run a full scan.

Hi, Jim Mcnamara. I cannot understand "Then attaching the as a D:" part and why do you disconnect internet? What does "attaching the as a D: refer to? Would you like to explain in a different way

Thank you.

 

[StevieTNZ]

D: means D drive (rather than C Drive which is usually where the OS, documents, programs are installed). D drive usually contains the factory settings.

If you Internet speed is slower, I would suspect something is using the bandwidth: most likely the spyware/virus/malware installed. You may even be being DdoS'd.

 

[B0b-A]

If you Internet speed is slower, I would suspect something is using the bandwidth: most likely the spyware/virus/malware installed. You may even be being DdoS'd.

Apparently that "secure-fra.adnxs.com" problem does hog the internet ...

 

[StevieTNZ]

Apparently that "secure-fra.adnxs.com" problem does hog the internet ...

View attachment 83068

That symptoms message is really badly done. Where did you get that from?

 

[StevieTNZ]

Edit by mentor: links to questionable sites removed

I got a mentor to edit your post in case someone accidentally clicked the (then) active links, potentially infecting their computer.

 

[WWGD]

How about starting up in safe mode and using the tools available there?

 

[harborsparrow]

There is a program "Malwarebytes" by Anti-Malware (you can get it from CNET) which might help.

I have been using Malwarebytes and it is very good. It is not free ($30 or $40, not sure), but it had paid for itself several times over. Periodically, unwanted programs and ads get onto my puter despite the antivirus I am using, and this program has quickly cleaned them out.

If you use Malwarebytes (and it can be tried out for free), be sure to disable the Windows Firewall and Windows Defender before running it. I've found I needed to run it every few weeks to keep things clean (or if haywire ads start appearing).

 

[OCR]

It is not free ($30 or $40, not sure...

A free home version is available...

http://www.malwarebytes.org/products/

https://blog.malwarebytes.org/

 

[Greg Bernhardt]

If you use Malwarebytes (and it can be tried out for free), be sure to disable the Windows Firewall and Windows Defender before running it. I've found I needed to run it every few weeks to keep things clean (or if haywire ads start appearing).

Why? I run Malwarebytes with Win FW and Defender running just fine.

 

[B0b-A]

Why? I run Malwarebytes with Win FW and Defender running just fine.

Simultaneously running two real-time anti-virus programs can cause conflict.
However the free version of Malwarebytes doesn't have real-time scanning , the paid-for version does ...

If you are running the paid version of Malwarebytes, then you’ll need to turn of[f] the real-time scanner of either Malwarebytes ... or of Security Essentials ...

http://superuser.com/questions/695149/is-running-windows-defender-with-malwarebytes-safe

Why You Shouldn’t Run Multiple Antivirus Programs At Once
... These [real-time] programs hook deep into your Windows operating system and are not designed to work together. In a best case scenario, running multiple antivirus programs at once could result in degraded performance. In a worst case scenario, the programs could interfere with each other and cause system crashes.

http://www.howtogeek.com/133704/how-to-scan-your-computer-with-multiple-antivirus-programs

 

[Tosh5457]

Enter into safe mode and do a scan using an antivirus and Spybot (you can do both at the same time). Many of these spywares/virus hide and lock themselves when Windows starts, so they either can't be found or even if they're found, they can't be removed. In safe mode only the really essential Microsoft services will be ran so they won't be able to hide/lock themselves, then you can also uninstall them via control panel.

 

[bietthuco]

i think Avg and Avast free vesion is very good

 

[OCR]

Enter into safe mode and do a scan using an antivirus and Spybot (you can do both at the same time).

Or, do a boot-time scan if you use Avast...

https://www.winhelp.us/avast-free-antivirus-boot-time-scan.html