How can I find and remove hidden malware from my computer?

  • Thread starter nomadreid
  • Start date
In summary, disabling an add-on might not be the answer. Resetting your browser to its factory defaults might help, and installing the FireFox addon "NoScript" will dramatically lower your odds of getting this type of adware again.
  • #1
nomadreid
Gold Member
1,665
203
I have recently had some malware infect my Internet sites, of three types all at once
one, a webpage will disappear and in its place a page saying "And now a word from our sponsors... you will be redirected in a moment" (at which point I kill it);
two, words on the web page are double-underlined and a window appears for it, and
three, pop-ups).
I scanned and cleaned the computer with the (free versions of the ) following programs:
Malwarebytes
Super Anti-Spy
Adwcleaner
Junk Removal Tool
(I also then scanned it with HitmanPro, but no results were found, which is good because it won't fix anything unless you buy it.)
Of course even before that I looked for unwanted programs in Control Panel>Programs and Features, but naturally not all sneaky programs are listed.
I also read of Combofix, but it was advised not to use it unless I had considerable technical knowledge, which I don't.
Anyway, with all these attempts, the infections are still there. Well hidden. What else can I do?
 
Computer science news on Phys.org
  • #2
Do you have them independent of the browser? They could be some sort of browser plugin.
 
  • Like
Likes nomadreid
  • #3
Good question. So far I have been using only Firefox. I just tried Internet Explorer and Chrome, and the problem doesn't arise on a five-minute trial, but I shall try using only the other two browsers for a while to see what happens. So, let us assume that it is only Firefox. How do I go about getting rid of the plug-in or whatever it is?
 
  • #4
(Firefox) Click on tools -> add-ons. Look at extensions and plugins to see if you have anything unusual.
 
  • Like
Likes Silicon Waffle and nomadreid
  • #5
And if they don't show up there, save your bookmarks and so on before if you want to keep them, deinstall Firefox, remove the folder (if still there) and reinstall.
 
  • Like
Likes nomadreid
  • #7
Thanks, mathman, mfb, and StevieTNZ. (Sorry for the delay in the reply: different time zone) I will try one thing at a time. First, mathman's suggestion: in "Add-ons" I have three items, two of which are disabled and known, but one of which is odd: it is listed as "S-Foxer 1.2" from "sfoxer", with a website listing email address, and installed last Sunday. I googled "S-foxer" but the search came up with nothing. For the moment I have disabled it, but before removing it altogether will wait to see if (a) that solves it, and (b) any of you helpful people can tell me whether it is something legit. Thanks!
 
  • #8
I get the impression it wouldn't be an add-on in Firefox causing the page re-directs and links appearing with pop-up boxes, but I could be wrong.
 
  • Like
Likes nomadreid
  • #9
I used Firefox for a whole day after I had disabled that add-on, and no more pop-ups and underlinings occurred; they also didn't occur in the other two browsers. So, apparently that was the problem. It's nice to have the other suggestions for the future, though. So, again many thanks to all three of you who responded!
 
  • #10
Malware rarely ever installs itself in isolation. If a toolbar/add-on managed to get on your system, it's likely there's other things on there too.
I would suggest running some scans on your computer in addition to just disabling add-ons. First do a full system scan with whatever antivirus software you are currently using. Fix/Clean/Quarantine if it finds things.

Then go get MalwareBytes anti-spyware, the free version
https://www.malwarebytes.org/bf3/

This is one of the best free tools available. Download>Install>Update>Scan>Clean>Reboot>Scan>Clean>Reboot.

Once you have done scanned and cleaned twice, you'll effectively have the system about as clean as it's going to get without getting help from someone trained in using tools like Hijackthis. In the majority of cases, just doing a Malwarebytes scan is good enough.
 
  • Like
Likes nomadreid
  • #11
Thanks, Routaran. However, notice that in my original post I mentioned that I had scanned my system with Malwarebytes as well as a few other good cleaning programs that I listed. In fact, I scan with Malwarebytes and Super Anti-Spy regularly. As you say, good programs.
 
  • #12
  • Like
Likes nomadreid
  • #13
Thanks for the good suggestions and links, Routaran. Very good idea.
 
  • #14
nomadreid said:
I used Firefox for a whole day after I had disabled that add-on, and no more pop-ups and underlinings occurred; they also didn't occur in the other two browsers. So, apparently that was the problem. It's nice to have the other suggestions for the future, though. So, again many thanks to all three of you who responded!

Installing the FireFox addon "NoScript" will dramatically lower your odds of getting this type of adware again ... http://en.wikipedia.org/wiki/NoScript [ it's free ]
 
  • Like
Likes nomadreid
  • #15
Thanks, BOb-A. Sounds very good. I presume I can add to the whitelist, which is good, except that I would have to investigate which of the sites I use depend on JavaScript. What is your comment to the following notes in the link you sent?
"NoScript's default behavior is to block all scripts that are not whitelisted. This may prevent a large number of sites from automatically working due to their reliance on JavaScript technologies ... Users may find this behavior overkill, unnecessary, or tedious despite the additional security."
 
  • #16
nomadreid said:
... What is your comment to the following notes in the link you sent? ...

There is always a trade-off between security and convenience : unlocked doors are more convenient than locked ones , but unlocked ones are not secure,

Without something like NoScript your doors are unlocked : and are vulnerable to driveby-downloads.

Once you've white-listed your frequently-visited trusted-websites , NoScript is not very intrusive ,
( it blocks animated-adverts that require adobe-flash which are intrusive , and use lots of internet bandwidth and CPU ).

I would not browse the internet without NoScript or an equivalent.
 
Last edited:
  • Like
Likes nomadreid
  • #17
Thanks, BOb-A and Ross Franklin.
BOb-A: sounds good (I looked up other reviews): I will try it.
Ross Franklin: that link is about one particular Trojan (Hey, how did you know that I can read Russian? ), but it does give some general methods as well. Thanks, спасибо.
 
  • #18
I use malwarebytes, It stores the threat in quarantine, so if u have not deleted it yet, then please do so.
 
  • #19
Thanks for trying, ImperialThinker (avatar Dr. House), but if you go back to my original post, I explicitly mentioned that Malwarebytes did not catch the problem. I found the problem the way mathman (above) suggested. However, I appreciate the effort.
 
  • #20
noma: Instead of Noscript (which I've used, and found tedious to use), I use Ghostery and AdBlock. I never get redirected anywhere, no ads to click on, and can watch 8-second videos without a 30 second advertisement.
 
  • #21
nomadreid said:
Thanks for trying, ImperialThinker (avatar Dr. House), but if you go back to my original post, I explicitly mentioned that Malwarebytes did not catch the problem. I found the problem the way mathman (above) suggested. However, I appreciate the effort.
I assumed you were lying... Everybody lies.
 
Last edited:
  • #22
nomadreid said:
Ross Franklin: that link is about one particular Trojan (Hey, how did you know that I can read Russian? ), but it does give some general methods as well. Thanks, спасибо.

You shouldn't have clicked on the "bitl.y" short URL from first-time-poster Ross Franklin.
In this case the short URL is apparently to a disreputable site , see ...
https://www.mywot.com/en/scorecard/www.delete-malware.com says "unsatisfactory site",
http://www.siteadvisor.com/sites/www.delete-malware.com says "dangerous site".

Shortened URLs can be used to disguise malware sites which would have otherwise been blocked by your browser ...
wikipedia.org/wiki/Short_URL said:
... The short URL can allow blacklisted URLs to be accessed ..."
http://en.wikipedia.org/wiki/Short_URL#Privacy_and_security

If you clicked on the Ross's Bitly link my suggestion would be do a "system restore" to a point in time prior to clicking on it , just in case visiting that webpage installed malware.
 
Last edited:
  • #23
My last resort malware buster is Exterminate It I don't know if a legitimate free version is available but even a test version would tell you where the malware is hidden.
I only say last resort because it takes about 15 minutes to run and spills out the result at the last moment but it has never failed me
 

1. What is "malware hidden from scans"?

"Malware hidden from scans" is a type of malicious software that is designed to evade detection by traditional antivirus or security software.

2. How does malware hide from scans?

Malware can hide from scans by using various techniques such as encryption, fileless attacks, rootkits, and polymorphism. These techniques allow the malware to disguise itself and make it difficult for security software to detect.

3. What are the potential dangers of malware hidden from scans?

The potential dangers of malware hidden from scans include data theft, system damage, and unauthorized access to sensitive information. It can also lead to financial loss and reputational damage for individuals and businesses.

4. How can I protect my device from malware hidden from scans?

To protect your device from malware hidden from scans, it is important to have comprehensive security software that is regularly updated. You should also practice safe browsing habits, avoid clicking on suspicious links or downloading files from unknown sources, and regularly backup your important data.

5. Can malware hidden from scans be removed?

Yes, malware hidden from scans can be removed with the help of specialized malware removal tools or by seeking professional help from a cybersecurity expert. It is important to act quickly and not ignore any signs of malware on your device to prevent further harm.

Similar threads

Replies
17
Views
586
  • Computing and Technology
Replies
3
Views
1K
  • Computing and Technology
Replies
15
Views
5K
  • Computing and Technology
Replies
5
Views
1K
Replies
13
Views
2K
Replies
17
Views
4K
Replies
2
Views
8K
  • STEM Academic Advising
Replies
5
Views
1K
  • STEM Academic Advising
Replies
10
Views
1K
  • Electrical Engineering
Replies
7
Views
2K
Back
Top