Any Recognise These Potential Virus Related Problems With Their Laptops?

I've been getting more than usual of late so I said I'd better look into it. Some, but not all of these problems come and go on their own, so I'm sometimes I might actually be completely free from any one particular issue for quite a while, before it comes back.

One problem I've been having is that a new window that offers a survey, arbitrarily opening when you click on something with your mouse. This is the hyperlink that it has in case any of you recognise it, not that I'd recommend clicking on it! http://cdncache-a.akamaihd.net/pd.html?r=894912332.641684

I also get a lot of drop-down ads, mainly from amazon which cover a lot of the page I'm trying to view. And I get a lot of those underlined words in the form of a virus. I've tried fiddling about with the command promt and the task manager, but that didn't seem to have any effect. I also tried malwarebytes anti-virus which didn't work either.

Here's a list of just about all the other problems I come across. I'm not sure if I could even call some of these viruses, but please share your thoughts if you recognise any of these problems:

'RegClean pro', which is apparantly some antivirus software has some how got into my pc, and I can't even close it when it's pops up.

When I open a youtube video, it starts playing for the first 10 seconds or so, and then goes back to the start with the big play icon on the video screen.

When I start typing sometime into the google search bar, it then switches what I'm typing to the main internet search

Another one appears, blocking the web page saying "a message from our sponsors, redirecting shorting"

 

i clicked the link .. im not scared. it looked like an advertisement for antivirus software ..

with that said, we really need more information about your system, such as what operating system, which web browser you are using, etc .. otherwise one would have to make a few assumptions about the software environment on your machine. i could assume from your post that you are running some version of windows OS

if you could post a list of current processes running in userspace (or tasks as they are known in windowsland) that may be somewhere to start.

going with the assumption that you are running windows, open a terminal and type "systeminfo" .. copy and paste the output of that here.
also run the command "tasklist" at command line terminal and paste that as well.

 

what might be more useful, is to post a list of currently installed software.

run the command

Code:

reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s

post it here

 

Scan with MalwareBytes...

 

I'm no computer expert but here is the system I use.
First, clean up your junk with CC cleaner.
Second, run MS security essentials; the full scan once, (it will take several hours but it's worth it). Follow any suggestions it gives you.
Third, ruin Malware bytes, the full scan once, (it will take several hours). Follow any suggestions it gives you.
Fourth, every week or so run CC cleaner then the quick scan of Microsoft security essentials and Malware bytes and follow any suggestions they give you.
This has kept me out of trouble for over a year.
PS, If you get a warning from Microsoft or Malware about a problem follow their advise. Do not play around to see what will happen unless you can afford to bring your computer to the shop for a repair.

 

You've got malware.

cdncache is fine, it's a content delivery system that's used by advertisers. It's not as scrupulous as adwords, but it's still not a mallicious URL. You're downloaded malware that's exploiting a pay per click program they use with their affiliates. It's also likely regulated to your user account.

Create a new user account in windows. Open whicherever the new user account and go to whichever browser you were using and open up youttube. If you're not experiencing problems you have an easy fix.

Step one: Run Microsoft update.

Step Two: Download malwarebytes, and update it. Download it from the malware bytes URL and not file hippo.

Step three: Transfer any files you want from your original user account to a USB disk.

Step four: Delete the original user account.

Step five: Don't run 6 or 7 different anti-malware programs. They'll make your computer run terrribly, and in the case of RegClean pro, are malware.

This is the referer whose getting paid '94912332.641684'. Feel free to hunt them down and demand your clicks back.

 

Thanks, it's windows 7, with mozilla firefox

 

I don't understand?

 

I can't seem to copy and paste in the task manager

Here's some stuff from the command promt!

Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Dell\Downloads>netstat -ano

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 952
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING 4852
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:7112 0.0.0.0:0 LISTENING 2228
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1052
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1156
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 756
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 732
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 1892
TCP 127.0.0.1:7112 127.0.0.1:49159 ESTABLISHED 2228
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 1732
TCP 127.0.0.1:27015 127.0.0.1:49158 ESTABLISHED 1732
TCP 127.0.0.1:49158 127.0.0.1:27015 ESTABLISHED 1976
TCP 127.0.0.1:49159 127.0.0.1:7112 ESTABLISHED 3192
TCP 127.0.0.1:49161 127.0.0.1:49162 ESTABLISHED 3380
TCP 127.0.0.1:49162 127.0.0.1:49161 ESTABLISHED 3380
TCP 192.168.1.1:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.1:58242 74.125.24.93:443 ESTABLISHED 3380
TCP 192.168.1.1:58496 74.125.24.132:443 ESTABLISHED 3380
TCP 192.168.1.1:58589 74.125.24.102:443 ESTABLISHED 3380
TCP 192.168.1.1:58593 74.125.24.102:443 ESTABLISHED 3380
TCP 192.168.1.1:58606 54.197.238.119:443 TIME_WAIT 0
TCP 192.168.1.1:58607 54.197.238.119:443 TIME_WAIT 0
TCP 192.168.1.1:58630 74.125.24.93:443 ESTABLISHED 3380
TCP 192.168.1.1:58631 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58634 74.125.24.100:443 ESTABLISHED 3380
TCP 192.168.1.1:58635 74.125.24.104:443 ESTABLISHED 3380
TCP 192.168.1.1:58640 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58641 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58642 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58643 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58644 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58647 74.125.160.25:443 TIME_WAIT 0
TCP 192.168.1.1:58648 74.125.160.25:443 TIME_WAIT 0
TCP 192.168.1.1:58649 74.125.160.25:443 TIME_WAIT 0
TCP 192.168.1.1:58653 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58655 66.249.138.141:80 TIME_WAIT 0
TCP 192.168.1.1:58656 74.125.24.120:443 ESTABLISHED 3380
TCP 192.168.1.1:58657 74.125.138.113:443 ESTABLISHED 3380
TCP 192.168.1.1:58658 86.43.63.47:443 ESTABLISHED 3380
TCP 192.168.1.1:58662 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58663 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58664 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58665 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58666 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58667 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58668 86.43.63.47:443 ESTABLISHED 3380
TCP 192.168.1.1:58669 86.43.63.47:443 ESTABLISHED 3380
TCP 192.168.1.1:58670 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58671 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58672 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58673 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58674 86.43.63.47:443 TIME_WAIT 0
TCP 192.168.1.1:58675 86.43.63.47:443 TIME_WAIT 0
TCP [::]:135 [::]:0 LISTENING 952
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:554 [::]:0 LISTENING 4852
TCP [::]:2869 [::]:0 LISTENING 4
TCP [::]:10243 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 628
TCP [::]:49153 [::]:0 LISTENING 1052
TCP [::]:49154 [::]:0 LISTENING 1156
TCP [::]:49156 [::]:0 LISTENING 756
TCP [::]:49157 [::]:0 LISTENING 732
UDP 0.0.0.0:5004 *:* 4852
UDP 0.0.0.0:5005 *:* 4852
UDP 0.0.0.0:5355 *:* 1392
UDP 0.0.0.0:49154 *:* 1892
UDP 127.0.0.1:1900 *:* 3180
UDP 127.0.0.1:49152 *:* 1732
UDP 127.0.0.1:49153 *:* 1732
UDP 127.0.0.1:49156 *:* 1976
UDP 127.0.0.1:49157 *:* 1976
UDP 127.0.0.1:61945 *:* 3180
UDP 127.0.0.1:64322 *:* 1392
UDP 192.168.1.1:137 *:* 4
UDP 192.168.1.1:138 *:* 4
UDP 192.168.1.1:1900 *:* 3180
UDP 192.168.1.1:5353 *:* 1892
UDP [::]:5004 *:* 4852
UDP [::]:5005 *:* 4852
UDP [::]:5355 *:* 1392
UDP [::]:49155 *:* 1892
UDP [::1]:1900 *:* 3180
UDP [::1]:5353 *:* 1892
UDP [::1]:61944 *:* 3180
UDP [fe80::e900:4c90:ef71:8e69%11]:1900 *:*
3180

C:\Users\Dell\Downloads>

 

pay per click ads .. the malware causes links to be followed. someone gets paid for those "clicks".

most of the time, the intention of malware isn't simply just to "fuck ur computer up" .. it's not like they really would get to see the effects of that anyway. it does happen sometimes, but most of the time there another motive, to either generate ad traffic or other type of to for action gathering which benefits someone, but certainly. it the one that running it on their machine.

 

]

well, at least that shows you the pid of the processes making each session, now list current processes and match the pid .. most of those don't really need a network session, that doesn't mean they have to be malware tho. some of them might be.

 

Okay. Here's what I do to keep my computer nice and tidy. As far as I'm concerned, CCleaner and Spybot are a thing of the past for me. And, me, having an older system (by old, I mean it works better as a paperweight. Loading youtube videos makes my computer overheat and melt into a pathetic puddle of used-to-be electronic garbage lol) Antivirus software only makes my system even worse with memory-hungry processes that run in the background. Though, I have heard there's some form of AVG that runs quite silently, uploading results to a cloud server... I don't trust this cloud thing either... ANYWAYS!

IObit.com - Download Advanced System Care 8 Free Edition.

Once you install and open it, go to the Action Center and hit "Get All"
OR
If you want to save yourself some time (idk why they do it this way) just download all the extra free software separately from their website. Driver Booster 2, IObit Uninstaller, Smart Defrag 3, and IObit Malware Fighter 3. You can download and install them all through the Advanced System Care application, but for some reason it installs earlier versions and when you open each individual program, it will ask to update it. No biggie, just easier this way I guess.

I'm pretty smart about what sites to open and which not to open, so I usually don't have many problems to deal with, but after scanning with IObit Malware Fighter 3, Spybot came up with no results. (Of course, I didn't run in safe mode... I can't really, since my system overheats and shuts itself down lol. Just horribly made hardware. It does that when I try to re-install Windows too.)


Second. Browser setup.

I use Firefox. My addons include

AdBlock Plus
AdBlock Plus Popup Addon
Ghostery (you'll have to set it up once you install and restart browser. I just block everything lol)
Advanced System Care Surfing Protection 2.0 (installs with IObit Advanced System Care)
(optional) Anonymox (Useful if you want to appear anonymous on certain websites)
(optional) DownThemAll (download manager)
(optional) Personas Plus (Makes your browser look badass!)

Keeps my browser and entire PC pretty clean that way!

Another thing you might want to do is download the all the latest Adobe software (Acrobat/Reader, Flash, Shockwave) and JavaRE (current version is 8u31?)

There is a way to uninstall Adobe and Java completely to prevent overlapping or "security holes" I can look for the links and post them if you'd like. Hope this helps! Let me know if you need more info

 

uninstall Java? u do realize what Java is? sure not having a JVM on ur system might protect u from some "security holes" but that's kinda sidestepping the issue I think as Java is just executable code ...

with that said, if u don't need it, don't install it (or uninstall it if u don't need it and it's installed already) .. any unneeded software is just another possible attack if it has a process running and has bound a network socket on ur system.