Member Avatar for Lee Hassig

Folks,

Today, the Google home page was taken over by a fake Flash update. Although the cursor was in the search field and a search string could be typed and searched for, this malware seemed to have converted the entire page into a button for itself. Clicking anywhere on the page, including the search field, opened a new tab with a larger version of the fake Flash message.

Odd bits of advertising began appearing on the search results page and elsewhere, all seemingly related to this fake Flash update alert.

At one point, I was saddled with a Keybar (or some such) toolbar for IE, which I removed without any improvement in the problem.

I also downloaded July's Malicious Software Removal Tool from Microsoft updates, but that, too, had no effect.

Can anyone tell me how to identify this nuisance among the programs visible in the controll panel and remove it that way? Any other way?

The only solutions I've found involve the installation of malware removal software, which itself seems a little sketchy to me.

Thanks,
Lee Hassig

  • 2 Contributors
  • 1 Reply
  • 106 Views
  • 2 Hours Discussion Span
  • Latest Post Latest Post by gerbil
Member Avatar for gerbil

Hello, Lee.
This will involve more than hoping to find fake programs to delete in your control panel applet. To clear this infection you will have to download a couple of removal tools, but I will only give you safe, verified ones to use. Just so we can see what is going on, would you please....
==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

  • Double click on the icon to start the application.
  • Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes; if your s is a 64-bit system then check that box; leave other sections as they are.
  • Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

  • Press Run Scan.
    The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.
Edited by gerbil
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.