Help, Pc is infected. Redirects - call this 1-800 number for help!

[MissKDJ 0]

Redirect happened sometime last week - thought I just might've clicked a botched website - it happened again too on another website I frequent often. Takes me to a page that tells me in more or less words, my computer is massively infected and I need to call this number for help.

 

Attached are my logs, thanks so much!

 

scan_150921-122151.txt

FRST.txt

Addition.txt

[Elise 277]

Hello, my apologies for the delay. My name is Elise and I'll assist you with this issue.

 

It looks like you have some adware and PUPs on your computer, to make sure we target them all, please do the following.

Download AdwCleaner from here

Runt he tool by double clicking on it and accept the disclaimer. 

Pleae click the Scan button and wait for the scan to finish.

Once done, click the Report button and copy/paste the log in your next reply.

[MissKDJ 0]

Thanks for you help, I ran AdwCleaner, here is the report attached below.

AdwCleanerS2.txt

[Elise 277]

Please rerun AdwCleaner and this time click the Clean button to remove all found items.

 

Also, could you please tell me in which browser{s) you encounter the fake techsupport site and when you see it (for example when visiting certain sites)? The good news is that these usually are just URLs, it is possible this was cached by your browser which is why you return there, it usually does not mean anything malicious is actually active on your computer

[MissKDJ 0]

I use Chrome, the first encounter was when I went to theasurus.com - an error on my part as I misspelled it. It redirected me to that site, and I just closed it. I encountered it again when helping my son navigate on the virtual pet website Neopets.com. 

 

I reran AdwCleaner and attempted to clean twice, both times the program became unresponsive when "cleaning the browsers". I attempted Ctrl Alt Delete, and recieved a error saying: "The logon process was unable to display security and logon options when ctrl alt delete was pressed." I had to manually turn off the PC both times. 

[Elise 277]

In that case, can you please rerun FRST, do a scan and post me FRST.txt? I can then see what AdwCleaner could clean, and will create script to take care of the rest.

[MissKDJ 0]

Here is the logs from FRST can. Also - I noticed a bunch of plugins popped up for FireFox in that log, is there anyway to remove these? I do not use FireFox and had the hardest time removing it from my Pc in the past.

 

Thanks so much for all your help.

FRST.txt

[Elise 277]

Hello,

I see you have online armor running. Please note that this is no longer being developed. If you have a license you can switch to Emsisoft Internet Security for free if you wish so.

 

Please press Windows key + R, type notepad and press enter.

Copy/paste the following text into Notepad and save it as fixlog.txt in the same location as FRST.

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1147485542-1954956844-167236107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

Now run FRST and click the Fix button. Post the resulting log.

 

Please let me know how everything is running now.

 

As for firefox, it appears your entire userprofile is still present, did you opt to remove this when you uninstalled it? If not and Firefox is uninstalled otherwise, you can remove the entire profile folder (in your case that is C:\Users\eMachines\AppData\Roaming\Mozilla\Firefox\Profiles\b9m90ox6.default).

[MissKDJ 0]

I'm getting a pop up saying No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located.

 

I have both tool and fixlog in their own folder on the desktop. :\

[Elise 277]

My apologies, this was a typo on my part, you need to save the file as fixlist.txt, not fixlog.txt

 

The resulting log, after running the fix with FRST is named fixlog.txt.

[MissKDJ 0]

No worries! (:

 

 

Here is the log.

Fixlog.txt

[Elise 277]

What about this part?

Please let me know how everything is running now.

 

As for firefox, it appears your entire userprofile is still present, did you opt to remove this when you uninstalled it? If not and Firefox is uninstalled otherwise, you can remove the entire profile folder (in your case that is C:\Users\eMachines\AppData\Roaming\Mozilla\Firefox\Profiles\b9m90ox6.default).

 

 

[MissKDJ 0]

I did go ahead and delete the firefox profile, thank you for helping me out with that!  And I haven't gotten a redirect - but they tend to be sporadic. Overall, computer just kinda feels like its struggling with something - maybe its just old and needs to be replaced. xD 

[Elise 277]

Please monitor it for a while to see the redirect reoccurs.

 

As for how the computer runs in general, I really recommend you to consider uninstalling Online Armor. No bug fixes and updates are being released for it, so if there is an issue that would cause it to influence how well your computer is running, this will not be fixed.

[MissKDJ 0]

Will do, I appreciate all your help, Elise!

[Elise 277]

Because this issue appears to be resolved, this topic is now closed. If you need it reopened, please send me a personal message.