Results 1 to 14 of 14
  1. #1
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Alwaysnew.feelfree4update.com

    I have had pop ups for the last few days from this malware. Ran about a dozen scans from various malware companies. Uninstalled and re installed Firefox and changed the profile. Reset IE. Downloaded Pale Moon and still the problem exists. Checked thru the registry for entries and even ran two fire walls at once. Tried auto runs and process monitor as well as reg scanner. Uninstalled addons and extensions. Ran programs for rootkits to no avail and manually searched the Windows folder on my Windows 7 computer. I think it must be a rootkit. It pops up about every 30 minutes whilst browsing and stops the browsing. Checked for programs I installed and uninstalled them. Searched the internet for three days and read dozens of articles. What have I missed?

    https://malwaretips.com/blogs/always...e-com-removal/

    Tried all of the advice listed here and similar sites.
    Last edited by bobrobert; 2015-12-23 at 12:03.

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,487
    Thanks
    284
    Thanked 575 Times in 478 Posts
    Can you post the logs, please?

  3. #3
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,618
    Thanks
    147
    Thanked 875 Times in 837 Posts
    See what AdwCleaner comes with and then run Junkware Removal Tool - the link for JRT is lower down the page.

    http://www.bleepingcomputer.com/download/adwcleaner/

    When you've ran those, for good measure run the Avast Browser Cleanup tool.

    https://www.avast.com/en-gb/browser-cleanup

    They should sort it but you can check for any hidden residue with FreeFixer - it's surprising what else that can find and can have (Missing files) next to an entry which can be safely checked for removal.

    http://www.freefixer.com/

  4. #4
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Sudo15 View Post
    See what AdwCleaner comes with and then run Junkware Removal Tool - the link for JRT is lower down the page.

    http://www.bleepingcomputer.com/download/adwcleaner/

    When you've ran those, for good measure run the Avast Browser Cleanup tool.

    https://www.avast.com/en-gb/browser-cleanup

    They should sort it but you can check for any hidden residue with FreeFixer - it's surprising what else that can find and can have (Missing files) next to an entry which can be safely checked for removal.

    http://www.freefixer.com/
    I have used these three programs....more than once along with spy hunter - which I didn't trust and another one called Yac which I trusted even less. Malwarebytes, hack me, sophos, Mcafee, emsisoft, superantispyware and a few others. As an experiment I started Windows firewall and engaged the highest filtering which seems to have stopped it, so it might not be on the computer. Thanks for the feedback.

  5. #5
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by satrow View Post
    Can you post the logs, please?
    I will look for them tomorrow.

  6. #6
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have been running Emsisoft antimalware program and it seems like it has been "leaking" If I enable Windows Firewall and set it to high the problem goes away. Should I disable the file guard and file protection on Emsisoft and use the Widows Firewall with a list of custom blocks or use both at the same time which could cause problems?

  7. #7
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,487
    Thanks
    284
    Thanked 575 Times in 478 Posts
    Emsisoft Antimalware doesn't have a firewall so the Windows firewall should be enabled anyway.

    If the leakage stops when the firewall is at it's highest setting, you can use the built-in Resource Monitor to find out what's accessing the network and use Process Explorer to pinpoint the suspect process, Suspend it while you track it down in Explorer and delete it. Use Autoruns in a similar way to find the boot time trigger(s) for any suspect software and disable them from starting.

    Then carefully re-read and follow the Malwaretips instructions to ensure that nothing remains.

    HTG's pages on the main Sysinternals Tools linked from here

    Video: Malware Hunting with the Sysinternals Tools

  8. #8
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by satrow View Post
    Emsisoft Antimalware doesn't have a firewall so the Windows firewall should be enabled anyway.

    If the leakage stops when the firewall is at it's highest setting, you can use the built-in Resource Monitor to find out what's accessing the network and use Process Explorer to pinpoint the suspect process, Suspend it while you track it down in Explorer and delete it. Use Autoruns in a similar way to find the boot time trigger(s) for any suspect software and disable them from starting.

    Then carefully re-read and follow the Malwaretips instructions to ensure that nothing remains.

    HTG's pages on the main Sysinternals Tools linked from here

    Video: Malware Hunting with the Sysinternals Tools
    Thanks for the Feedback. The latest version of Emsisoft has file guard and behaviour blocking. They combined the malware with their Armour firewall. I have used the above mentioned programs along with Ultra search to monitor files created on the day. The pop ups have returned so it now looks like a macruim backup will have to be mounted to solve the problem.

  9. #9
    jwoods
    Guest
    You might also try running HitmanPro and see what it finds before doing a restore...

    http://www.surfright.nl/en/hitmanpro

    VirusTotal thinks it is "potentially unwanted software", so it's unlikely it is a rootkit. Click on the Additional information tab.

    https://www.virustotal.com/en/url/8d...is/1450979041/

    BTW, Malwarebytes has an option to scan for rootkits.

    Malwarebytes Custom Scan Config.jpg

    Check the box highlighted in red in the Custom Scan Configuration screen.

    It takes a while to complete.
    Last edited by jwoods; 2015-12-24 at 12:53. Reason: Added VirusTotal scan results and Malwarebytes screenshot

  10. #10
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,487
    Thanks
    284
    Thanked 575 Times in 478 Posts
    Emsisoft's site suggests that it's Emsisoft Internet Security that has the firewall component.

    EDIT: the VT results are for the website, not for any software that it might distribute or be linked with.
    Last edited by satrow; 2015-12-24 at 13:12.

  11. #11
    jwoods
    Guest
    Quote Originally Posted by bobrobert View Post
    The latest version of Emsisoft has file guard and behaviour blocking. They combined the malware with their Armour firewall.
    In evaluating your current security setup, you might check how Emsisoft products rank against other solutions...

    AV-Comparatives -

    http://www.av-comparatives.org/

    AV-TEST -

    https://www.av-test.org/en/compare-m...esults/?avtest[type]=3

    Virus Bulletin VB100 -

    https://www.virusbtn.com/vb100/index

    For me personally, the built-in Windows Firewall, Panda free AV/AM, Firefox with uBlock Origin, and weekly scans with Malwarebytes Anti-Malware have worked well on my Windows 7 systems.

  12. #12
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by jwoods View Post
    You might also try running HitmanPro and see what it finds before doing a restore...

    http://www.surfright.nl/en/hitmanpro

    VirusTotal thinks it is "potentially unwanted software", so it's unlikely it is a rootkit. Click on the Additional information tab.

    https://www.virustotal.com/en/url/8d...is/1450979041/

    BTW, Malwarebytes has an option to scan for rootkits.

    Malwarebytes Custom Scan Config.jpg

    Check the box highlighted in red in the Custom Scan Configuration screen.

    It takes a while to complete.
    Thanks. I have used the two programs and they have given me the all clear.

  13. #13
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by jwoods View Post
    In evaluating your current security setup, you might check how Emsisoft products rank against other solutions...

    AV-Comparatives -

    http://www.av-comparatives.org/



    AV-TEST -

    https://www.av-test.org/en/compare-m...esults/?avtest[type]=3

    Virus Bulletin VB100 -

    https://www.virusbtn.com/vb100/index

    For me personally, the built-in Windows Firewall, Panda free AV/AM, Firefox with uBlock Origin, and weekly scans with Malwarebytes Anti-Malware have worked well on my Windows 7 systems.
    Thanks for the feedback and the tip about uBlock. Up until three weeks ago I was using Emsisoft in tandem with the Windows firewall and I stopped using the firewall because I thought that Emsisoft would be OK on it's own. It seems that I was wrong therefore the firewall is back in use.

  14. #14
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by satrow View Post
    Emsisoft's site suggests that it's Emsisoft Internet Security that has the firewall component.

    EDIT: the VT results are for the website, not for any software that it might distribute or be linked with.
    I wrongly thought that anti malware had the firewall component because it had file guard and behavior blocker. Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •