What virus is this? popups all the time. how to delete?

[wozzzzza]

mate of mine has come ot me with his laptop playing up with pop ups all the time in the bottom left corner.

what virus is this and how to get rid of it?? run malware bytes and found nothing.

 

[bigbrother]

Sadly this a Trojan from 2017.

If you can download & run Malwarebytes, you should be able to remove it.

 

[wozzzzza]

malware bytes doesnt though.

[Matrix]

 

[bigbrother]

36 minutes ago, wozzzzza said:

malware bytes doesnt though.

Did you boot into safe mode before scanning?

Otherwise, If you're open to downloading an old scanner called "HiJackThis" or "Farbar" and sharing a log file

I will try to assist you with manual removal.

 

Spoiler

HiJackThis

https://github.com/dragokas/hijackthis

Download:

https://dragokas.com/tools/HiJackThis.zip

 

Farbar:

https://support.malwarebytes.com/hc/en-us/articles/360039025013-Run-Farbar-Recovery-Scan-Tool-to-gather-logs

Download:

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

 

Edited March 5, 2022 by bigbrother

[rockyanexpert]

Download any antivirus live cd and run  it after  booting from it.

 

[tipo]

https://www.kaspersky.com/downloads/free-virus-removal-tool
 

use kaspersky. It should clean all the cr*p from your friend’s pc.

Edited March 5, 2022 by tipo

[kasper]

download program HijackThis https://sourceforge.net/projects/hjt/ 1. Create a Hijackthis folder on the system disk, put the downloaded file in this folder 2. Start HijackThis and in the program window click on the bar- Do a system scan and save a logfile and wait ... 3.After a while, the Notepad window will pop up with a statement of HJT. We will copy this statement and send it to me via a private message or copy it to the post 

[ARMOUR]

@wozzzzza

I think its Google Chrome notifications advt

 

just disable it from site settings

Menu > Settings > Privacy and security > Site Settings > Notifications

 

and also block ads >>

Menu > Settings > Privacy and security > Site Settings > Additional content settings  Ads.

 

for more:

https://support.google.com/chrome/answer/2765944?hl=en&co=GENIE.Platform%3DDesktop&oco=0

 

Edited March 5, 2022 by ARMOUR

[UpGrade]

1 hour ago, ARMOUR said:

@wozzzzza

I think its Google Chrome notifications advt

 

just disable it from site settings

Menu > Settings > Privacy and security > Site Settings > Notifications

 

and also block ads >>

Menu > Settings > Privacy and security > Site Settings > Additional content settings  Ads.

 

for more:

https://support.google.com/chrome/answer/2765944?hl=en&co=GENIE.Platform%3DDesktop&oco=0

 

Correct. As @ARMOUR stated, this is a chrome notification ad. Easily removed by following the above post by ARMOUR. It would also be in you best interest to still perform a system scan once it has been removed incase the initial way of compromise was an app / service running on your machine.

Edited March 5, 2022 by UpGrade

[Whi5t1eR]

Yep, Chrome notifications advt... Sometimes ya don't need the big guns. 

Edited March 6, 2022 by Matt
Removed text formatting.

[wozzzzza]

yep followed the post above and that seems to have fixed it.  was doing my head in with no viruses found using different AV's, but all fixed now

thanks.

[Matt]

@wozzzzza It's best to use "Mark as Solution" option instead changing the topic title because it will be easier to the members who is looking for a solution for the same issue. 

[Kalju]

2 hours ago, wozzzzza said:

...and that seems to have fixed it. 

Dear friend! That didn't moved/removed your problem anywhere, it's still there. Now you just don't see notifications about it.
And if you do have this malware installed on your computer, it will continue to run smoothly in the background and collect your passwords, usernames, and most importantly, payment information.
The latter is what this piece of software was at all designed for a long time ago. It is not known at this time whether it actually works, but at the same time it is updated regularly.
However, I personally would advise you to get rid of the changes made by this program to your computer and not just hide the messages. Of course, if you care about your security online, especially when making online payments.

It's not a virus, so that's why these obselete antivirus programs can't find it. This is a malware program / script. 
It's worth thinking about where you got it and when or why you installed it on your computer.
If you do not remove the problem, nothing will change on your computer.
Good luck.

[wozzzzza]

1 hour ago, Kalju said:

Dear friend! That didn't moved/removed your problem anywhere, it's still there. Now you just don't see notifications about it.
And if you do have this malware installed on your computer, it will continue to run smoothly in the background and collect your passwords, usernames, and most importantly, payment information.
The latter is what this piece of software was at all designed for a long time ago. It is not known at this time whether it actually works, but at the same time it is updated regularly.
However, I personally would advise you to get rid of the changes made by this program to your computer and not just hide the messages. Of course, if you care about your security online, especially when making online payments.

It's not a virus, so that's why these obselete antivirus programs can't find it. This is a malware program / script. 
It's worth thinking about where you got it and when or why you installed it on your computer.
If you do not remove the problem, nothing will change on your computer.
Good luck.

i did run several malware and antivirus programs, they pulled out around 4 in total and deleted them, hopefully one of them.

[Kalju]

2 hours ago, wozzzzza said:

i did run several malware and antivirus programs, they pulled out around 4 in total and deleted them, hopefully one of them.

You know yourself, what or who you believe or what you do, but the fact that you block messages or notes, it doesn't help you in any way. Everything that was on your computer is still there today. And there is only one way to get rid of it, there are no other options. You can freely forgot everything what the scanners said, everything is still there. Any such a scanner not able to remove anything, no matter how "good" it is. (if don't want, don't belive, it's your choice).
But with that, you could consider that there is a very high probability that your data will now also be in someone else's use.
Don't forget, you have been warned.

[vitorio]

41 minutes ago, Kalju said:

But with that, you could consider that there is a very high probability that your data will now also be in someone else's use.

Excellent recommendation, but is there a way to be sure it is removed.

[Kalju]

10 minutes ago, vitorio said:

Excellent recommendation, but is there a way to be sure it is removed.

If you think that is this malware has been removed from your computer, then yes.
If you think someone may have had access to your passwords and bank or payment information, you'll be able to find out after someone starts using your bank account. It is usually simply emptied at some point.