Adlice forum

General Category => Malware removal help => Topic started by: Jman on October 22, 2015, 11:40:41 PM

Title: Browser redirects & pop ups - what is safe to delete?
Post by: Jman on October 22, 2015, 11:40:41 PM

My Chrome browser which is set simple with no extensions has tabs popping up when clicking on various areas of some pages. The pop ups on the page have to be killed in task manager.

Many of the results are coloured orange & I'm not sure. Can someone please tell me what I should delete? I'm worried about the red results in MBR, would deleting it delete some part of the mbr I need or just the infection itself?

I attached results notepad file
thanks

Title: Re: Browser redirects & pop ups - what is safe to delete?
Post by: Curson on October 23, 2015, 02:58:35 PM

Hi Jman,

Welcome to Adlice.com Forum.
WARNING : Your computer is infected with a variant of the PSW-Sinowal trojan which has passwords stealing abilities. Please refrain to use this computer for important transactions until the end of the removal procedure.

Please download TDSSKiller (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  (http://i1118.photobucket.com/albums/k611/lhs22/tds2.jpg)
  
  
• Check Loaded Modules and Detect TDLFS file system. 
  
• If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
  
  (http://i1118.photobucket.com/albums/k611/lhs22/2012081514h0118.png)
  
  
• Click Start Scan and allow the scan process to run.
  If threats are detected select Cure / Deletefor all of them unless I instruct you otherwise.
  
• Click Continue
  
  (http://i1118.photobucket.com/albums/k611/lhs22/tds6.jpg)
  
  
• Click Reboot computer
  

Please attach the file TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically C:\) in your next reply.

Please download Farbar Recovery Scan Tool (x32) (http://download.bleepingcomputer.com/farbar/FRST.exe) and save it to your Desktop.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please attach log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
  

Regards.

Note : This thread has been moved to the "Malware removal help" section for clarity.