Author Topic: [Resolved] About blank and Shopping Deals Viruses  (Read 4045 times)

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #15 on: August 12, 2015, 08:08:58 PM »
OK.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #16 on: August 13, 2015, 11:11:47 AM »
Hi,

I just did a Google search and clicked on one of the links it returned. I was diverted to fb-promotions.com with a "Congratulations - you have been selected to be an iPhone7 tester" notice. I closed that screen and was able to close the window to get back to the link I had selected in Google. Looks like something is still infecting my machine.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #17 on: August 13, 2015, 03:29:07 PM »
Could be in your hosts file. There are instructions on this page.

Then reboot your computer and see how it goes from there.


Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #18 on: August 14, 2015, 09:47:20 AM »
Hi, Hoov,

I installed the new HOSTS file as instructed. After a Google search I was on Target.com and got the following (this was the message I had gotten before which I couldn't recall): A female voice advising me to call 1-844-858-2908 to remove a virus or malware. The URL was healmywindows.com/gizmo/error 14.jsl. I had to Alt-Tab-Delete to close with Task Manager as all other options were disabled.

Vic

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #19 on: August 14, 2015, 10:33:27 AM »
This may not be an infection on your system. Please read this, PSA: Tech Support Scams Pop-Ups on the Rise . I know this is a few months old, but it still applies.

There are a few things you can do to guard against this.  First is to get a Premium copy of Malwarebytes' Anti-Malware, and also use Ghostery in your browser.  Ghostery is free, Malwarebytes' Anti-Malware is not that expensive.

Another thing you can do is to send me a PM with the link of the page you were on when you got this popup. Please do not post it on the open forum because someone else might click on it. I need the link so I can investigate it and try to get it shutdown.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #20 on: August 14, 2015, 12:11:36 PM »
Hi,

I installed Ghostery and will let you know how things go. I'm not sure what link you want. I provided the link of the pop-up in my previous reply. The site I was on when I got it was Target.com.

Thanks.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #21 on: August 14, 2015, 01:27:20 PM »
That was the link I needed. You were on target.com when you got the popup, correct?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #22 on: August 14, 2015, 01:30:49 PM »
Forgot to tell you, that popup you got, the site has been taken down already. All you get is a 404 error (Not Found).

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #23 on: August 15, 2015, 10:33:03 AM »
Hi,

Just got the message with the female voice again. Attached is a screen shot of the message. I may have incorrectly given the original URL as ".com" instead of ".info". I was on a Cooks.com web page attempting to print a recipe.


Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #24 on: August 15, 2015, 03:12:35 PM »
Hi,

Just got more info on the Shopping Deals Virus. I deleted the program CCleaner and the virus returned. I have since reinstalled CCleaner and run a scan, deleting errors it found in files and registry, but Shopping Deals was still there. If I disable the Chrome extension AdBlock Super, I don't get the Shopping Deals pop-up. Whenever I Enable the extension, the pop-up returns. I have tried this three times and always get the same results.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #25 on: August 15, 2015, 08:17:18 PM »
uninstall Adblock Super, I just found out it is a clone of AdBlock.

Here are the links to the three legitimate Adblock programs.
https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom
https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb
https://chrome.google.com/webstore/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg

For some reason Adblock Super did not show up in the scans. I am going to have to look at that.

Let me know how that goes.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Vic7PC99

  • Bronze Member
  • Posts: 75
Re: [In Progress] About blank and Shopping Deals Viruses
« Reply #26 on: August 19, 2015, 03:45:25 PM »
Hi, Hoov,

Since I trashed Adblock Super I have had no problems. The machine seems to be running smooth and fast. As far as I'm concerned you can close this incident.

Thanks so much for your help (again) and good luck hammering those ugly spyware bas***ds.

Vic

 

Click Here