Forum Thread

Serious malware problems

topaz 1,032 494 November 25, 2013 at 08:55 AM
I am running a 64 bit Windows 8 system. My browser of choice is Google Chrome and I am using the free version of AVG's virus protection.

I don't know how this happened, but a couple of weeks ago without changing anything, my computer started redirecting me on the first click of any link outside my email. It will put up an ad and when I close it, only then can I go where I want to go.

I went through my programs and anything that was added in November, I removed, even software updates but that didn't help.

Another thing it INSISTS that I need to upgrade my *system* player.

The site is jsn.donecore.net/sd/cpops.........

That one tells me:

The media content is not shown properly. It is recommended to update your system player now and gives me the choice of M.Player 9.2 or M.Player 8.3.

I am very leery of downloading anything I am not sure about so maybe I need to do this, but this is not the usual way I am notified that I need to update anything.

Can anyone tell me what is going on with this computer?

(I just clicked on this email to correct something I wrote and this came up:

http://www.sweepstakesaday.com/Flow.aspx and this happens CONSTANTLY.)

The other day I was reading a craft blog and it started in with very narrow vertical flashing ads for JoAnn's fabrics. Next thing I knew it had turned into porn...and I do mean very graphic video porn. I could not turn it off so had to close the page down. What if my grandkids were to see that stuff.

Any help would be appreciated very much.

11 Comments

1

Sign up for a Slickdeals account to remove this ad.

Joined Aug 2008
L99: Slicker than Ice
6,393 Posts
1,756 Reputation
#2
check your hosts file, and try scanning with malwarebytes in safe mode (get malwarebytes from a different computer, and put it on a flash drive)
Reply Helpful Comment? 0 0
#3
For starters, you would need to scan with free malwarebytes [malwarebytes.org].
Choose the full scan and when it's finished, it will most likely ask you to reboot.
If the problem still persists, you can do the same with superantispyware. [superantispyware.com]

PS: Googling it shows it to be a trojan virus [com.do], but be careful you don't get conned into a supposed removal process that just wants to sell you an alleged remover.
Reply Helpful Comment? 0 0
Last edited by RockySosua November 25, 2013 at 09:06 AM
Joined Aug 2004
L6: Expert
1,032 Posts
494 Reputation
Original Poster
#4
Thanks to you both...going out to get a new flash drive NOW. I hope this fixes it...very, very, very annoying.
Reply Helpful Comment? 0 0
Please visit every day for a free donation to animal rescue efforts and while you are there, click on all the other tabs across the top for free donations to hunger, breast cancer, rain forest, literacy and child health.

http://www.theanimalrescuesite.co...DSites.woa
#5
Quote from topaz View Post :
Thanks to you both...going out to get a new flash drive NOW. I hope this fixes it...very, very, very annoying.
I wish I'd seen your post earlier.
It is not necessary to use a flash drive.
There can be situations where it would be handy, but there are tricks to get around it.
For instance, if you have a powerful virus that will not allow you to open malwarebytes, just right click on the icon and open it as administrator, and it will work.
Reply Helpful Comment? 0 0
Joined Feb 2007
L10: Grand Master
7,354 Posts
2,746 Reputation
#6
http://virusremovalstation.blogsp....html#more

Basic steps to delete http://jsn.donecore.net/ manually

Step 1: Boot up the infected computer, press F8 at the very beginning, choose “Safe Mode with Networking” and press Enter to get in safe mode with networking.

Step 2: Press Ctrl+Alt+Del keys together and stop http://jsn.donecore.net/ processes in the Windows Task Manager.

Step 3: Open Control Panel from Start menu and search for Folder Options. When Folder Options window opens, click on its View tab, tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then press OK.

Step 4: Search for all infected files and registry entries and remove them from your computer as follows:
%System%\regsvr.exe

%System%\svchost .exe

%System%\setting.ini

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
Reply Helpful Comment? 0 0
Joined May 2006
I hate mail in rebates
4,668 Posts
891 Reputation
#7
Click on Chrome > Settings

Look at the "on startup" setting - it may show "Open a specific set of pages" that may have been messed up by the malware. Delete any unwanted entries ther.

Then look at the "search engine" settings - make sure it hasn't added a malware search engine site in there.

It may be as simple that the site you visited tweaked these two settings to show you ads every time.

Check those first and fix them if anything looks suspicious. And download / run Malwarebytes.

Also download and run CryptoPrevent (from foolishit.com), it will protect you from more insidious malware.
Reply Helpful Comment? 0 0
cheap, fast, good - pick any two.

PSA: Yahoo email is extremely insecure...switch to Gmail if you can!! Hotmail is better but not as good as Gmail.
Joined Aug 2004
L6: Expert
1,032 Posts
494 Reputation
Original Poster
#8
IT IS FIXED! And I am so grateful to all of you. This has been miserable the past few weeks.

I ended up downloading the malware directly without the flash drive. Did the deep scan and it found 48 threats and I told it to remove them all.

That is it.

You all are fabulous. Reps to you!
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

Joined Aug 2005
L10: Grand Master
12,661 Posts
4,824 Reputation
Pro
#9
Quote from topaz View Post :
IT IS FIXED! And I am so grateful to all of you. This has been miserable the past few weeks.

I ended up downloading the malware directly without the flash drive. Did the deep scan and it found 48 threats and I told it to remove them all.

That is it.

You all are fabulous. Reps to you!
Little confused on how you fixed it, I assume you used malwarebytes? A scan with Secunia PSI would be a good idea to make sure all your programs and plugins are up to date (Most likely source of infection) http://secunia.com/vulnerability_.../personal/

If this is an ongoing problem I would suggest installing your browser inside of Sandboxie http://www.sandboxie.com/
Reply Helpful Comment? 0 0
Vague questions receive vague answers . . . . . .
Joined Aug 2008
L99: Slicker than Ice
6,393 Posts
1,756 Reputation
#10
Quote from RockySosua View Post :
It is not necessary to use a flash drive.
I thought it would be since it seemed like his internet was re-directing him everywhere..
Reply Helpful Comment? 0 0
#11
Quote from cheap_bastid View Post :
Click on Chrome > Settings

Look at the "on startup" setting - it may show "Open a specific set of pages" that may have been messed up by the malware. Delete any unwanted entries ther.

Then look at the "search engine" settings - make sure it hasn't added a malware search engine site in there.

It may be as simple that the site you visited tweaked these two settings to show you ads every time.
You should do this ^^^ too.
Reply Helpful Comment? 0 0
#12
Quote from topaz View Post :
IT IS FIXED! And I am so grateful to all of you. This has been miserable the past few weeks.

I ended up downloading the malware directly without the flash drive. Did the deep scan and it found 48 threats and I told it to remove them all.

That is it.

You all are fabulous. Reps to you!
If you are referring to Malwarebytes I would recommend putting a deal alert for the full paid version on this site. You can get the full paid version for $10-15 which gives you access to Malwarebytes for life and offers continuous monitoring (not avail with free version) to avoid having to go through this again. Worth it IMO.
Reply Helpful Comment? 0 0
Page 1 of 1
1
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard