wozzzzza Posted March 5, 2022 Share Posted March 5, 2022 mate of mine has come ot me with his laptop playing up with pop ups all the time in the bottom left corner. what virus is this and how to get rid of it?? run malware bytes and found nothing. Quote Link to comment Share on other sites More sharing options...
bigbrother Posted March 5, 2022 Share Posted March 5, 2022 Sadly this a Trojan from 2017. If you can download & run Malwarebytes, you should be able to remove it. Quote Link to comment Share on other sites More sharing options...
wozzzzza Posted March 5, 2022 Author Share Posted March 5, 2022 malware bytes doesnt though. Quote Link to comment Share on other sites More sharing options...
Matrix Posted March 5, 2022 Share Posted March 5, 2022 vissha and Reefa 2 Quote Link to comment Share on other sites More sharing options...
bigbrother Posted March 5, 2022 Share Posted March 5, 2022 (edited) 36 minutes ago, wozzzzza said: malware bytes doesnt though. Did you boot into safe mode before scanning? Otherwise, If you're open to downloading an old scanner called "HiJackThis" or "Farbar" and sharing a log file I will try to assist you with manual removal. Spoiler HiJackThis https://github.com/dragokas/hijackthis Download: https://dragokas.com/tools/HiJackThis.zip Farbar: https://support.malwarebytes.com/hc/en-us/articles/360039025013-Run-Farbar-Recovery-Scan-Tool-to-gather-logs Download: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Edited March 5, 2022 by bigbrother Quote Link to comment Share on other sites More sharing options...
rockyanexpert Posted March 5, 2022 Share Posted March 5, 2022 Download any antivirus live cd and run it after booting from it. Quote Link to comment Share on other sites More sharing options...
tipo Posted March 5, 2022 Share Posted March 5, 2022 (edited) https://www.kaspersky.com/downloads/free-virus-removal-tool use kaspersky. It should clean all the cr*p from your friend’s pc. Edited March 5, 2022 by tipo vitorio 1 Quote Link to comment Share on other sites More sharing options...
kasper Posted March 5, 2022 Share Posted March 5, 2022 download program HijackThis https://sourceforge.net/projects/hjt/ 1. Create a Hijackthis folder on the system disk, put the downloaded file in this folder 2. Start HijackThis and in the program window click on the bar- Do a system scan and save a logfile and wait ... 3.After a while, the Notepad window will pop up with a statement of HJT. We will copy this statement and send it to me via a private message or copy it to the post Quote Link to comment Share on other sites More sharing options...
Solution ARMOUR Posted March 5, 2022 Solution Share Posted March 5, 2022 (edited) @wozzzzza I think its Google Chrome notifications advt just disable it from site settings Menu > Settings > Privacy and security > Site Settings > Notifications and also block ads >> Menu > Settings > Privacy and security > Site Settings > Additional content settings Ads. for more: https://support.google.com/chrome/answer/2765944?hl=en&co=GENIE.Platform%3DDesktop&oco=0 Edited March 5, 2022 by ARMOUR vitorio, UpGrade and Akaneharuka 2 1 Quote Link to comment Share on other sites More sharing options...
UpGrade Posted March 5, 2022 Share Posted March 5, 2022 (edited) 1 hour ago, ARMOUR said: @wozzzzza I think its Google Chrome notifications advt just disable it from site settings Menu > Settings > Privacy and security > Site Settings > Notifications and also block ads >> Menu > Settings > Privacy and security > Site Settings > Additional content settings Ads. for more: https://support.google.com/chrome/answer/2765944?hl=en&co=GENIE.Platform%3DDesktop&oco=0 Correct. As @ARMOUR stated, this is a chrome notification ad. Easily removed by following the above post by ARMOUR. It would also be in you best interest to still perform a system scan once it has been removed incase the initial way of compromise was an app / service running on your machine. Edited March 5, 2022 by UpGrade ARMOUR and vitorio 2 Quote Link to comment Share on other sites More sharing options...
Whi5t1eR Posted March 6, 2022 Share Posted March 6, 2022 (edited) Yep, Chrome notifications advt... Sometimes ya don't need the big guns. Edited March 6, 2022 by Matt Removed text formatting. Quote Link to comment Share on other sites More sharing options...
wozzzzza Posted March 6, 2022 Author Share Posted March 6, 2022 yep followed the post above and that seems to have fixed it. was doing my head in with no viruses found using different AV's, but all fixed now thanks. vitorio 1 Quote Link to comment Share on other sites More sharing options...
Administrator Matt Posted March 6, 2022 Administrator Share Posted March 6, 2022 @wozzzzza It's best to use "Mark as Solution" option instead changing the topic title because it will be easier to the members who is looking for a solution for the same issue. wozzzzza 1 Quote Link to comment Share on other sites More sharing options...
Kalju Posted March 6, 2022 Share Posted March 6, 2022 2 hours ago, wozzzzza said: ...and that seems to have fixed it. Dear friend! That didn't moved/removed your problem anywhere, it's still there. Now you just don't see notifications about it. And if you do have this malware installed on your computer, it will continue to run smoothly in the background and collect your passwords, usernames, and most importantly, payment information. The latter is what this piece of software was at all designed for a long time ago. It is not known at this time whether it actually works, but at the same time it is updated regularly. However, I personally would advise you to get rid of the changes made by this program to your computer and not just hide the messages. Of course, if you care about your security online, especially when making online payments. It's not a virus, so that's why these obselete antivirus programs can't find it. This is a malware program / script. It's worth thinking about where you got it and when or why you installed it on your computer. If you do not remove the problem, nothing will change on your computer. Good luck. TrojanK and Reefa 2 Quote Link to comment Share on other sites More sharing options...
wozzzzza Posted March 6, 2022 Author Share Posted March 6, 2022 1 hour ago, Kalju said: Dear friend! That didn't moved/removed your problem anywhere, it's still there. Now you just don't see notifications about it. And if you do have this malware installed on your computer, it will continue to run smoothly in the background and collect your passwords, usernames, and most importantly, payment information. The latter is what this piece of software was at all designed for a long time ago. It is not known at this time whether it actually works, but at the same time it is updated regularly. However, I personally would advise you to get rid of the changes made by this program to your computer and not just hide the messages. Of course, if you care about your security online, especially when making online payments. It's not a virus, so that's why these obselete antivirus programs can't find it. This is a malware program / script. It's worth thinking about where you got it and when or why you installed it on your computer. If you do not remove the problem, nothing will change on your computer. Good luck. i did run several malware and antivirus programs, they pulled out around 4 in total and deleted them, hopefully one of them. Quote Link to comment Share on other sites More sharing options...
Kalju Posted March 6, 2022 Share Posted March 6, 2022 2 hours ago, wozzzzza said: i did run several malware and antivirus programs, they pulled out around 4 in total and deleted them, hopefully one of them. You know yourself, what or who you believe or what you do, but the fact that you block messages or notes, it doesn't help you in any way. Everything that was on your computer is still there today. And there is only one way to get rid of it, there are no other options. You can freely forgot everything what the scanners said, everything is still there. Any such a scanner not able to remove anything, no matter how "good" it is. (if don't want, don't belive, it's your choice). But with that, you could consider that there is a very high probability that your data will now also be in someone else's use. Don't forget, you have been warned. Reefa and Ha91 2 Quote Link to comment Share on other sites More sharing options...
vitorio Posted March 6, 2022 Share Posted March 6, 2022 41 minutes ago, Kalju said: But with that, you could consider that there is a very high probability that your data will now also be in someone else's use. Excellent recommendation, but is there a way to be sure it is removed. Quote Link to comment Share on other sites More sharing options...
Kalju Posted March 6, 2022 Share Posted March 6, 2022 10 minutes ago, vitorio said: Excellent recommendation, but is there a way to be sure it is removed. If you think that is this malware has been removed from your computer, then yes. If you think someone may have had access to your passwords and bank or payment information, you'll be able to find out after someone starts using your bank account. It is usually simply emptied at some point. Reefa and vitorio 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.