Weird virus/malware help needed

[DeltaDragon222]

So, basically I somehow got this strange virus/malware. I haven’t downloaded anything at all in about a month. So, at first Bubble Dock, Selection Tools, and Windapp (all by Nosibay) install and ads appear everywhere. Avira red-flags a virus or two. I then uninstall the 3 programs by Nosibay and run AdwCleaner and a virus scan (I’ve tried more than one anti-virus for this). Then, a little while later it all happens again.

I’ve Googled it and have tried many free anti-viruses, Avira and Malwarebytes (free) seem to work the best. I’ve also tried running CCleaner JRT and some temp file clearer thing that I’ve forgotten the name of.

I have restarted, and followed guides on how to remove these bits of software. After they are uninstalled, something reinstalls them every time.

Now, here’s where things get weird. After running all the stuff and getting rid of everything I can get a clean scan from my anti-virus and AdwCleaner. But, if I open Chrome (ONLY Chrome, I’ve tried Firefox and Internet Explorer) and go to YouTube (this may also be true for other websites, but I haven’t tested it) then close Chrome (only after I close it), 4 things show up under the Chrome tab in AdwCleaner. Then awhile later I get the Nosibay stuff and more viruses.

I have been doing this process nearly all day (9 hours to be exact) so I was hoping someone here would know how to fix this. I’ve pretty much given up on trying myself.

(I don’t really use the LTT forums, so I have no idea if this is where I should put this topic, sorry if it should be somewhere else.)

[Aytex]

backup all your important files. delete everything and reinstall OS or format it and install os

[SImoHayha]

so basically i somehow got this virus/malware i have not downloaded anything at all in like a month 

so at first bubble dock and selection tools and windapp all by nosibay install i get ads all over the place Avira red flags a virus or two

i uninstall the 3 things by nosibay run a adwcleaner and a a virus scan (i have tried more than one antivirus for this)

then a little while later it happens all again 

i have googled it and tried many free antiviruses Avira and malwarebytes(free) seems to work best

i have tried running ccleaner JRT and some temp file clearer thing i forget the name of

i have restarted, followed guilds i could find on removing these software but something reinstalls them every time

now here is where things get weird after running all the stuff and getting ride of everything i can i get a clean scan from my anti-virus and adwcleaner but if i open chrome (only chrome i tried firefox and IE) and go to a youtube (this may be true for other websites as well i have not tested it ) then close chrome (only i after i close it) 4 things show up under the chrome tab then a while later i get the nosibay stuff and more viruses

i have been doing this process all day for about 9 hours so maybe someone knows how to fix it because i cant and have given up on trying myself

(i dont really use forums so i have no idea if this is where i should be posting this sorry if its not) 

Try Vipre Rescue disk. download it on an uninfected machine ( you can even use a PS3 if you really wanted to)  and place the program on a USB stick Boot up in safe mode. Plug in the USB  and run the program.

[DeltaDragon222]

I have 3 drives (an SSD, and two different HDDs) and I have no clue which drive(s) the problem is on. I also can’t wipe them all, and I don’t have an extra Windows disk. I’ll try the Vipre Rescue tomorrow. Thank you both for the quick and helpful responses!

[DeltaDragon222]

Try Vipre Rescue disk. download it on an uninfected machine ( you can even use a PS3 if you really wanted to)  and place the program on a USB stick Boot up in safe mode. Plug in the USB  and run the program.

vipre rescue disk found stuff but after opening chrome these entrys still showed up in Adwcleaner

# AdwCleaner v4.207 - Logfile created 04/07/2015 at 15:45:54

# Updated 21/06/2015 by Xplode

# Database : 2015-07-02.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Windows 7 - WINDOWS7-PC

# Running from : C:\Users\Windows 7\Desktop\adwcleaner_4.207 (1).exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17840

 

 

-\\ Mozilla Firefox v37.0.2 (x86 en-US)

 

 

-\\ Google Chrome v43.0.2357.130

 

[C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=1A8D27E3-DDCC-402C-A31D-6E80A2CC16DB&apn_ptnrs=TV&apn_sauid=2D548FA1-E99A-42AA-B62A-2B5D50BA773A&apn_dtid=OSJ000YYUS&q={searchTerms}

[C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

 

*************************

 

AdwCleaner[R10].txt - [2340 bytes] - [03/07/2015 16:19:26]

AdwCleaner[R11].txt - [2400 bytes] - [03/07/2015 17:02:14]

AdwCleaner[R12].txt - [3887 bytes] - [03/07/2015 17:18:12]

AdwCleaner[R13].txt - [3501 bytes] - [03/07/2015 17:24:41]

AdwCleaner[R14].txt - [2676 bytes] - [03/07/2015 17:37:30]

AdwCleaner[R15].txt - [2000 bytes] - [03/07/2015 17:45:12]

AdwCleaner[R16].txt - [2061 bytes] - [03/07/2015 17:46:16]

AdwCleaner[R17].txt - [2878 bytes] - [03/07/2015 17:47:08]

AdwCleaner[R18].txt - [2240 bytes] - [03/07/2015 17:49:59]

AdwCleaner[R19].txt - [2262 bytes] - [03/07/2015 17:54:32]

AdwCleaner[R20].txt - [3117 bytes] - [03/07/2015 17:57:51]

AdwCleaner[R21].txt - [2479 bytes] - [03/07/2015 18:10:38]

AdwCleaner[R22].txt - [2539 bytes] - [03/07/2015 18:12:07]

AdwCleaner[R23].txt - [3356 bytes] - [03/07/2015 18:12:52]

AdwCleaner[R24].txt - [2719 bytes] - [03/07/2015 18:15:42]

AdwCleaner[R25].txt - [3536 bytes] - [03/07/2015 18:17:04]

AdwCleaner[R26].txt - [3739 bytes] - [03/07/2015 19:34:29]

AdwCleaner[R27].txt - [3286 bytes] - [03/07/2015 19:45:21]

AdwCleaner[R28].txt - [3145 bytes] - [03/07/2015 19:47:30]

AdwCleaner[R29].txt - [3265 bytes] - [03/07/2015 19:49:14]

AdwCleaner[R2].txt - [2998 bytes] - [03/07/2015 13:39:16]

AdwCleaner[R30].txt - [3325 bytes] - [03/07/2015 20:02:12]

AdwCleaner[R31].txt - [3385 bytes] - [03/07/2015 20:03:03]

AdwCleaner[R32].txt - [3566 bytes] - [03/07/2015 20:06:50]

AdwCleaner[R33].txt - [3686 bytes] - [03/07/2015 20:14:28]

AdwCleaner[R34].txt - [3625 bytes] - [03/07/2015 20:18:28]

AdwCleaner[R35].txt - [4442 bytes] - [03/07/2015 20:39:01]

AdwCleaner[R36].txt - [3745 bytes] - [03/07/2015 20:43:15]

AdwCleaner[R37].txt - [4622 bytes] - [03/07/2015 20:45:18]

AdwCleaner[R38].txt - [4682 bytes] - [03/07/2015 20:54:19]

AdwCleaner[R39].txt - [4045 bytes] - [03/07/2015 20:56:35]

AdwCleaner[R3].txt - [2794 bytes] - [03/07/2015 13:44:47]

AdwCleaner[R40].txt - [6223 bytes] - [03/07/2015 21:59:25]

AdwCleaner[R41].txt - [4159 bytes] - [03/07/2015 22:13:44]

AdwCleaner[R42].txt - [4219 bytes] - [03/07/2015 22:20:02]

AdwCleaner[R43].txt - [4279 bytes] - [03/07/2015 22:31:49]

AdwCleaner[R44].txt - [5357 bytes] - [04/07/2015 01:33:16]

AdwCleaner[R45].txt - [5216 bytes] - [04/07/2015 13:01:12]

AdwCleaner[R46].txt - [5336 bytes] - [04/07/2015 13:08:25]

AdwCleaner[R47].txt - [5396 bytes] - [04/07/2015 15:39:17]

AdwCleaner[R48].txt - [3831 bytes] - [04/07/2015 15:45:54]

AdwCleaner[R4].txt - [2912 bytes] - [03/07/2015 14:52:46]

AdwCleaner[R5].txt - [1932 bytes] - [03/07/2015 15:17:18]

AdwCleaner[R6].txt - [2050 bytes] - [03/07/2015 15:44:03]

AdwCleaner[R7].txt - [1411 bytes] - [03/07/2015 15:53:24]

AdwCleaner[R8].txt - [2161 bytes] - [03/07/2015 16:07:51]

AdwCleaner[R9].txt - [1522 bytes] - [03/07/2015 16:14:23]

AdwCleaner[s10].txt - [3429 bytes] - [03/07/2015 18:13:37]

AdwCleaner[s11].txt - [3609 bytes] - [03/07/2015 18:17:58]

AdwCleaner[s12].txt - [3214 bytes] - [03/07/2015 19:45:52]

AdwCleaner[s13].txt - [3144 bytes] - [03/07/2015 19:48:05]

AdwCleaner[s14].txt - [3689 bytes] - [03/07/2015 20:15:03]

AdwCleaner[s15].txt - [3744 bytes] - [03/07/2015 20:44:05]

AdwCleaner[s16].txt - [4689 bytes] - [03/07/2015 20:54:46]

AdwCleaner[s17].txt - [5545 bytes] - [03/07/2015 22:05:34]

AdwCleaner[s18].txt - [5359 bytes] - [04/07/2015 01:33:50]

AdwCleaner[s19].txt - [5289 bytes] - [04/07/2015 13:01:44]

AdwCleaner[s1].txt - [2710 bytes] - [03/07/2015 13:45:25]

AdwCleaner[s20].txt - [5469 bytes] - [04/07/2015 15:39:50]

AdwCleaner[s2].txt - [2828 bytes] - [03/07/2015 14:53:42]

AdwCleaner[s3].txt - [1938 bytes] - [03/07/2015 15:18:01]

AdwCleaner[s4].txt - [2056 bytes] - [03/07/2015 15:51:37]

AdwCleaner[s5].txt - [2233 bytes] - [03/07/2015 16:08:27]

AdwCleaner[s6].txt - [3441 bytes] - [03/07/2015 17:25:19]

AdwCleaner[s7].txt - [2710 bytes] - [03/07/2015 17:41:14]

AdwCleaner[s8].txt - [2949 bytes] - [03/07/2015 17:47:48]

AdwCleaner[s9].txt - [3188 bytes] - [03/07/2015 17:58:26]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R48].txt - [5436 bytes] ##########

[olbaze]

Have you tried the Chrome Software Removal Tool?  https://www.google.com/chrome/srt/

[FizzyFantom]

I was recently tasked with fixing a PC infected with Nosibay (and probably lots of other stuff) and after hours of fighting with it I handed to a colleague. They then spent several hours fighting with it before handing it back saying "just reinstall the OS". We did this in a fraction of the time and it worked fine afterwards even with the old data from it.

 

You may be able to fix this with a host of AV tools (TDSSKiller, GMER, MBAM or even ComboFix spring to mind), but this could take a long time or might even be impossible. I wouldn't suggest ComboFix as it has huge capacity to destroy your OS if you don't know what you're doing, but if you're desperate and don't care about the OS then you could give it a try.

I suggest you move your data then reinstall your OS to save yourself some time and aggravation.

[DeltaDragon222]

Well it looks like the rescue disk fixed it, even though the 4 things from Nosibay showed up in AdCleaner and has not reinstalled. Everything else looks normal, but maybe those 4 entries were a fluke. There were also a few weird programs that I found and removed (note: they did not show up in Revo or Windows Uninstaller). There were only a few that were all known viruses and stuff (I found that out after Googling) but one I couldn't find anything on I don't even know what it was, but it was called Sympathetic Poverty. It was just a folder with an application and a few files, but I deleted it. Lastly, the rescue disk found a Trojan in a Star Wars Steam game. I don't know if it was a misflag or not, but it was detected. Anyways, thanks so much for the help guys!

[Stefan1024]

Ok good. But NEVER dare to use online banking or your credit catd on this machine (again).