[Buckshee Rounds]

Just recently I've noticed my computer behaving strangely:- web pages load incorrectly, certain programs won't run, programs that have been installed for months are marked as new etc. In addition to all this an icon randomly appeared next to the start button which I have absolutely no recollection of installing. Here's a pic for clarity:-



I've done a full scan with McAfee and Iobit Malware (not that I particularly trust either of them to find anything) and I also did a quick scan with Kapersky's TDSS Killer which has helped me a lot in the past. None of them found anything, but I'm certain there's something swimming about as too many glitches and weird occurences have happened on this machine in the past week (including all my restore points magically dissappearing).

I'd rather not have to reformat the drive, but I'm prepared to do so if necessary. Any advice on other stuff I can try to flush this thing out?

EDIT: Identified the icon as "Pokki toolbar". Don't know what that is and I don't remember installing it. I'm usually very careful to deselect all the extra crap that installers ask for these days, but I don't remember seeing this one.

[Fury]

1. Reformat
2. Use adblock plus and subscribe to malware domains
3. Set up linux virtual machine to surf suspicious sites
4. Use common sense

Edit: As for what Pokki is, google will tell you.

[Scourge of Ages]

It definitely sounds like a virus. I'd also recommend reformatting, especially since it looks like your system could benefit from some cleaning.

But since you'd rather not, you should go to add/remove programs, and take out anything that you don't want/need, leaving important looking things. Also try malwarebytes anti-malware and spybot search & destroy. And MS Security Essentials; I don't trust McAfee because they suck.

[An4ximandros]

 HOLD YOUR HORSES! http://support.pokki.com/customer/portal/questions/637733-pokki-installed-itself-on-my-pc-without-my-permission-

 Have you installed ANYTHING in the past few days?

 Also download and install http://www.avast.com/en-ca/index (the free one is enough) and run it in pre-windows start mode. It will scan your full hard drive for viruses before windows starts and thus prevent sneak root-kits or others malicious software from hiding when Windows loads. EDIT: give this a shot, if it does not work; backup your stuff (scan it for malware first!) and nuke the hard drive.

EDIT2: Does you HDD have partitions? if so you might only need to nuke the Windows one.

[Klaustrophobia]

in the past, the malware removal forum at majorgeeks.com has been extremely helpful in cleansing viruses without reformatting.  their "do this first" guide very well may kill it without having to actually be helped by a person. the one thing in there you can probably run without going step-by-step through the guide is SuperAntiSpyware.  this thing looks sketchy as all hell, but it actually is legitimate.  (and really slow, don't ragequit it, it's working).


check in your browser's settings for the source of the redirects.  i've had a virus that set a proxy that was causing redirects.

[watsisname]

Combofix it.

[Rodo]

when something gets in, you should blow up the entire house just to be sure. I know I wouldn't live safe knowing there's a slight possibility of something still lurking about, even if that turned up to be just remanent files.

[BloodEagle]

I'd also recommend Malware Bytes.  Also, Hijack This! tends to find stuff that other programs miss.

After you get this taken care of, I'd recommend installing NoScript if you haven't already done so.

[Mongoose]

when something gets in, you should blow up the entire house just to be sure. I know I wouldn't live safe knowing there's a slight possibility of something still lurking about, even if that turned up to be just remanent files.

That seems a bit...excessive.  I mean, provided you know you've nerfed whatever it is that got in, why go through the extreme hassle of wiping everything?

[Hobbie]

Oh boy, I'm having flashbacks to the time I had to purge my office network of XPAJ...

Here's a list of programs you should run, in order.
1) MalwareBytes Anti-Malware - http://www.malwarebytes.org/ - This will pick up most problems, but there are a few that slip under its radar.
2) Hitman Pro - http://www.surfright.nl/en/hitmanpro/ - Second opinion scanner. Does exactly what it says on the tin. Cloud-based, so you have to be connected to the internet, but EXTREMELY EFFECTIVE.
3) Kaspersky Rescue Disk - https://support.kaspersky.com/viruses/rescuedisk - Boot into it and clean everything. Works like a charm.
4) ComboFix - http://www.bleepingcomputer.com/combofix/ - Make sure you know what you're doing before you run this because you can stuff your PC up baaaaaaad. I haven't with any of mine, but I've heard horror stories from coworkers irreparably damaging PCs.

Contrary to popular opinion, you don't need to reformat every single time. Only do it if you're absolutely positive there's something hostile on your PC and none of these tools detect/remove it.

Also, I've found McAfee to be inefficient at the whole virus removal thing. I'd recommend spacing it and getting Microsoft Security Essentials.

[Rodo]

That seems a bit...excessive.  I mean, provided you know you've nerfed whatever it is that got in, why go through the extreme hassle of wiping everything?

Well considering the rate in which my personal computers get infected, not at all. I'm very careful with what I do and what I download/execute.

If something gets past my overwatch then it probably means trouble, so considering the rarity of that event plus the fact that I keep personal data and important stuff replicated on a secondary disc, or external media I think a total erase is not an extreme measure at all.

Edit: And on the subject of detection of the problem, I'd suggest using MalwareBytes as Hobbie mentioned, rendered good results the last time I used it, plus some checking with hijackthis. (warning!, been a while since I've dedicated myself to this kind of menial job. Not sure if the advise provided now will be up to date).

[Scourge of Ages]

when something gets in, you should blow up the entire house just to be sure. I know I wouldn't live safe knowing there's a slight possibility of something still lurking about, even if that turned up to be just remanent files.

That seems a bit...excessive.  I mean, provided you know you've nerfed whatever it is that got in, why go through the extreme hassle of wiping everything?

Nuke the entire site from orbit. It's the only way to be sure. Plus there's frequently performance benefits you get from starting fresh, despite a day's inconvenience.

[Davros]

or
http://support.pokki.com/customer/portal/articles/716971-uninstalling-pokki

[KyadCK]

when something gets in, you should blow up the entire house just to be sure. I know I wouldn't live safe knowing there's a slight possibility of something still lurking about, even if that turned up to be just remanent files.

That seems a bit...excessive.  I mean, provided you know you've nerfed whatever it is that got in, why go through the extreme hassle of wiping everything?

It's impossible to tell if you really got it, that's why. Windows is too big to search through if it can avoid your AV of choice. Besides, there's no hassle at all in reinstalling windows provided you make even basic preparations.

when something gets in, you should blow up the entire house just to be sure. I know I wouldn't live safe knowing there's a slight possibility of something still lurking about, even if that turned up to be just remanent files.

That seems a bit...excessive.  I mean, provided you know you've nerfed whatever it is that got in, why go through the extreme hassle of wiping everything?

Nuke the entire site from orbit. It's the only way to be sure. Plus there's frequently performance benefits you get from starting fresh, despite a day's inconvenience.

Agreed. If the Install is over a year old, it'll make your computer feel fresh too. Downtime for me is just 3 hours, for install, drivers, and all programs needed for basic operation. Another 2 hours for the games.

Keep a secondary drive for all your data and portable programs (FSO), keep all the EXEs for the programs you want and your drivers in there. Reinstalling windows takes no time at all if you're prepared for it.

[Fury]

Contrary to popular opinion, you don't need to reformat every single time. Only do it if you're absolutely positive there's something hostile on your PC and none of these tools detect/remove it.

Bad advice. Once you've been compromised, you can't really be 100% sure your computer has not been compromised in a way that is currently detected by most virus/malware scanners. Not to mention that a virus/malware may have done damage that removal process cannot fully fix. Sure, under Windows you can run sfc /scannow to fix critical Windows files but who's to say that the source database for these files have not been damaged too.

Of course, there aren't many that do serious damage like this and can safely be removed without any after-effects. But the problem is, once a computer has been compromised, you can't be sure.  If you value your privacy, security and your personal files at all, you will do what is necessary to make sure your computer will not remain compromised even if chance of that is small.

The world has enough computers infected with ****, slaved to botnets, we don't need more.

If you think otherwise, it's your computer and your problem. Potential consequences will be your problem too. Unfortunately some **** can make your problem others problem too via botnets and other ****.

[Buckshee Rounds]

I think I'll be taking the safe route then and nuke it from orbit, thank you all for the wonderful advice.

[Hobbie]

Bad advice. Once you've been compromised, you can't really be 100% sure your computer has not been compromised in a way that is currently detected by most virus/malware scanners. Not to mention that a virus/malware may have done damage that removal process cannot fully fix. Sure, under Windows you can run sfc /scannow to fix critical Windows files but who's to say that the source database for these files have not been damaged too.

You're right, but it varies depending on the system. I do this sort of thing for a living in business which, to be perfectly honest, thinks a backup is what you do when you fall over. So naturally the servers are full of stuff that has no copy anywhere else and cannot be formatted ever. Yes, it's dumb and stupid but I'm not allowed to fix it. Anyway, that required me to find alternate ways of getting these mission-critical servers clean. Mostly, things like toolbars and spyware will just take a blast from MSE or MalwareBytes and you're good to go. But for more threatening issues, that's where you go a little deeper.

That's why I pointed out Hitman Pro, which no one else in the thread mentioned. It is a completely underrated program. I had to fight off the XPAJ virus, which is a sneaky little bug that doesn't just put a shell around an EXE/DLL like everything else, it pulls it apart and inserts itself into it. Strangely, our AV programs were doing more damage to our system trying (and failing) to remove it than it was. It was totally invisible to MalwareBytes and Combofix but Hitman picked it up and got rid of it. Sure, there were some systems that had the thing embedded too deeply, and they needed to be purged, but using Hitman I could watch the virus replicate. The most secretive virus I've ever fought and I was watching it breed. I felt like a voyeur.

Either way I managed to get it fixed. I installed better monitoring software and in four months since the outbreak I haven't seen a single red flag.

Yes, I'm fully aware of how stupid this no-backup setup at my job is, but as a minimum wage peon I'm not exactly authorized to make improvements. If I had a choice I would quite literally nuke it. I think my workplace has a monopoly on cutting corners and they'd rather pay me to work 28 hours over a weekend to fix their problems.

[Gray113]

I tried hitman and was impressed although it flagged programs that I had written in C as Trojan-Spy.Win32.Small!IK. I'm guessing you have to be carefull how you use it 

[Mongoose]

That seems a bit...excessive.  I mean, provided you know you've nerfed whatever it is that got in, why go through the extreme hassle of wiping everything?

It's impossible to tell if you really got it, that's why. Windows is too big to search through if it can avoid your AV of choice. Besides, there's no hassle at all in reinstalling windows provided you make even basic preparations.

Well, the way I see it, I don't exactly have any personal financial information or confidential business documents lying around this machine, so there's not much of anything that would send me into an utter panic if it was compromised.  (Hell, even if someone somehow got access to my financial accounts, there's not enough in there to make it worth their while. ) On the other hand, I have several dozen gigs' worth of media files that I don't have backed up at the moment, and while there's nothing truly irreplaceable, it'd be a royal pain to have to download them all again.  Because I've been too much of a lazy ass to finally RMA my derpy external, the only option I'd have is to shove everything to DVD, and half of the stuff is such that I probably wouldn't want to have it lying around forever.  Besides all that, the excruciating process of going through hours' worth of Windows Updates on a new install is one I never particularly welcome.

Anyways, the only nasty stuff I've been nailed with over the past few years were one or two of those irritating Java drive-by exploits, and I managed to rid myself of those with a simple System Restore and scan; it's been more than a year since I've even had to handle one of those, too.  *knock on head*

[FUBAR-BDHR]

Can't believe no one has said this yet.

It doesn't matter what you do nothing will work until you get rid of the Cylon on your Battlestar.