Need Help Immediately!

[Kanuut]

Recently my computer has been getting infected by a lot of adware, Background knowledge in case it helps, I'm the main user but there's two other users who commonly use it and one who occasionaly does, one mostly uses it for banking and the other uses facebook and youtube mostly and downloads songs and other media as well. I believe she's the most likely one to be the cause. She doesn't understand anything about computers, I'll save my rant on her for another post but suffice to say she makes me want to buy a completely new computer every time she goes on it. The occasional user mostly does banking but a small amount of facebook.

I've done what I can to remove the adware but this last one (called ads by adsalert) is being really stubborn, I've tried uninstalling any programs that could be the cause, I've tried using the regedit but I'm not really sure what I'm doing.

 

I've ensured that there are no unwanted extensions on any browsers (I use torch, the other two use chrome, mozilla was also installed but not anymore).

 

I'm running out of ideas of how to remove it and how to stop them coming back, I can't teach the other two about securing themselves against any of this, I'd try but it won't work.

 

Please help me, I'm really getting annoyed about it but my main concern is that it could be surveying passwords and website access, especially since several users access sensitive data (netbanking passwords, private documents, etc)

 

 

 

**EDIT**

 

So followed your advise, atm a clean install isn't a valid option due to various reasons, but I've installed Adwcleaner and Avast and I'm using the Malwarebytes (I already had adblock) but what I'm asking about now is that adwcleaner is listing torch (and only torch) in it's scan results as items to remove.

 

Heres the logfile:

 

 

 

***** [ Services ] *****

 

Service Found : torchcrashhandler

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk

File Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

Folder Found : C:\ProgramData\torchcrashhandler

Folder Found : C:\Users\Kanuut\AppData\Local\torch

Folder Found : C:\Users\Kanuut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch

Key Found : HKCU\Software\torch

Key Found : [x64] HKCU\Software\torch

Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe

Key Found : HKLM\SOFTWARE\torch

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17840

 

 

-\\ Mozilla Firefox v

 

 

-\\ Google Chrome v43.0.2357.132

 

 

*************************

 

AdwCleaner[R0].txt - [23429 bytes] - [07/07/2015 15:24:49]

AdwCleaner[R1].txt - [1558 bytes] - [07/07/2015 19:07:03]

AdwCleaner[R2].txt - [1721 bytes] - [09/07/2015 12:21:27]

AdwCleaner[R3].txt - [1578 bytes] - [09/07/2015 15:35:58]

AdwCleaner[s0].txt - [21892 bytes] - [07/07/2015 15:35:32]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1697 bytes] ##########

 

 

 

I'm still getting adware (not as much thank god) but nothing else is returning any malicious software.

So my main two theories are that:

A) there's adware masquerading as Torch and hiding inside torch files, (I've uninstalled torch, reinstalled from the official site [where I got it the first time too]) or

B) there's adware that the others aren't detecting and Adwcleaner is bugging out

[samcool55]

Umm it looks hopeless to the best thing you can do is backup everything everyone wants to keep.

Install a clean OS, put the backups back and install adblock, and tell them if they want to install something, that you need to do it so you can avoid the bloatware that might come with it.

Should solve everything, i mean they can't click malicious buttons anymore because adblock removes them, and you can avoid all the bloatware that could come with whatever program they want to use.

[EliminatingAngels]

check your extensions again, my chrome kept reinstalling a extension even after I removed it. 

 

Use malwarebytes, adwcleaner, and hitman pro.

 

If all else fails, fresh install of windows.

[zkt72]

Recently my computer has been getting infected by a lot of adware, Background knowledge in case it helps, I'm the main user but there's two other users who commonly use it and one who occasionaly does, one mostly uses it for banking and the other uses facebook and youtube mostly and downloads songs and other media as well. I believe she's the most likely one to be the cause. She doesn't understand anything about computers, I'll save my rant on her for another post but suffice to say she makes me want to buy a completely new computer every time she goes on it. The occasional user mostly does banking but a small amount of facebook.

I've done what I can to remove the adware but this last one (called ads by adsalert) is being really stubborn, I've tried uninstalling any programs that could be the cause, I've tried using the regedit but I'm not really sure what I'm doing.

 

I've ensured that there are no unwanted extensions on any browsers (I use torch, the other two use chrome, mozilla was also installed but not anymore).

 

I'm running out of ideas of how to remove it and how to stop them coming back, I can't teach the other two about securing themselves against any of this, I'd try but it won't work.

 

Please help me, I'm really getting annoyed about it but my main concern is that it could be surveying passwords and website access, especially since several users access sensitive data (netbanking passwords, private documents, etc)

Malwarbytes legit sounds needed have you tried it? You should try it and if you haven't ran a antivirues yet like Avast or AVG they tend to add a couple features against adware too and malwarebytes has a free trial and they have an option to get a  disc at a store if you want. But it works miracles and hopefully that gets rid of the program

[zkt72]

check your extensions again, my chrome kept reinstalling a extension even after I removed it. 

 

Use malwarebytes, adwcleaner, and hitman pro.

 

If all else fails, fresh install of windows.

The reason a person themselves cannot just remove something like this is because they make clones of themselves in different places and when you remove one a listener will pick up on it and one of it's sibling programs will wait for you to get back into an unalert state then reinstall another copy in this location.

[EliminatingAngels]

The reason a person themselves cannot just remove something like this is because they make clones of themselves in different places and when you remove one a listener will pick up on it and one of it's sibling programs will wait for you to get back into an unalert state then reinstall another copy in this location.

 

Thats why you use multiple different programs. You try to remove all the clones at once, and hopefully before they make more clones. Hitman pro also seems to do a very good job of finding potentially unwanted programs and provides a second opinion on your computer. I've had luck with dealing with two large adware attacks (both unrelated to each other) using these programs.