Your question
Solved

Malware and junk programs keep coming back after removing them with malwarebytes

Tags:
  • Malware
  • Junk
  • Windows 7
Last response: in Antivirus / Security / Privacy
June 9, 2015 10:21:19 AM

I've got some malware and junk programs that keep coming back. Every day I'll uninstall them with malwarebytes only to have them come back the next day. It's always the same programs too, "BoBrowser", "EyePerform", "I Cinema". What should I do? Thanks in advance.

More about : malware junk programs coming back removing malwarebytes

a b $ Windows 7
June 9, 2015 1:28:56 PM

Free version or licensed version of Malwarebytes?
m
0
l
a c 345 $ Windows 7
June 9, 2015 1:46:01 PM

do you go to some site or run some programs everyday?
m
0
l
Related resources
June 9, 2015 5:54:05 PM

clutchc said:
Free version or licensed version of Malwarebytes?


Free version
m
0
l
June 9, 2015 5:55:42 PM

rgd1101 said:
do you go to some site or run some programs everyday?


Not really, the programs install themselves even when I don't have any internet browsers open

m
0
l
a b $ Windows 7
June 9, 2015 7:28:25 PM

bwalsh17 said:
clutchc said:
Free version or licensed version of Malwarebytes?


Free version


If you pay the 25 bucks and get Malwarebytes licensed, you can have it run in the background real-time like your virus pgm. I have mine running full time along with Microsoft Securities Essentials and have never had a virus or Malware since. (years and years). But man! It has caught a ton of crap on some of the ... let's say, less safe... sites.

And that license allows it to be on any and all machines you have at the same time.
m
0
l
a b $ Windows 7
June 9, 2015 8:16:29 PM

It's called use Ccleaner after you remove an infection. Malwarebytes does a terrible job of removing leftover parts of viruses and malware in the registry which are enough to become infected again.
m
0
l
June 9, 2015 8:36:12 PM

eatmypie said:
It's called use Ccleaner after you remove an infection. Malwarebytes does a terrible job of removing leftover parts of viruses and malware in the registry which are enough to become infected again.


I use glary utilities after removing them with malwarebytes which is more or less the same thing from what I've heard, but I'll try Ccleaner.

m
0
l
June 10, 2015 11:01:41 AM

I've used all of the programs you guys suggested but the malware and programs still came back.
m
0
l
a c 345 $ Windows 7
June 10, 2015 11:20:27 AM

next step is to reinstall windows.
m
0
l
a b $ Windows 7
June 10, 2015 2:11:12 PM

bwalsh17 said:
I've used all of the programs you guys suggested but the malware and programs still came back.


If you're not running Malwarebytes "real time protection" you can expect it to come back the next time you visit the site that you got it from. That's why I said you need to license it so it can run real-time. Like your virus pgm does.
m
0
l
a b $ Windows 7
June 10, 2015 5:00:57 PM

You should make sure the PPID and child processes are terminated. you want to use something like Process Monitor to get better details about what is spawning what. It most likely is some type of software or program that you installed that is doing this. If you leave a child processor or parent process not terminated properly they can rebuild whatever process it wants back from its own. Just do some of your own forensics work and figure out what processes look unusual and figure out which ones are spawning off of it. Just note that Malicious code executable s can spawn off of legit process IDS, but do some research and use your best judgement. Also navigate to your %APPDATA% folder and look under your browsers and look at for example your chrome extensions folder. If you have those PUP's saying they are installed in your browser match the ID of that extension in chrome developer mode and remove the folders in chrome if they match. Once you do that run Ccleaner again or you will just have the same folders spawn again from registry once you reboot.
m
0
l
June 11, 2015 6:45:29 AM

kindly use ccCleaner or/and reinstall the operating system.
m
0
l
June 11, 2015 8:51:33 AM

clutchc said:
bwalsh17 said:
I've used all of the programs you guys suggested but the malware and programs still came back.


If you're not running Malwarebytes "real time protection" you can expect it to come back the next time you visit the site that you got it from. That's why I said you need to license it so it can run real-time. Like your virus pgm does.


I don't go on the same website though. It installs even when my internet browser isn't open.
m
0
l
June 12, 2015 12:56:19 AM

Firstly Unpin all unwanted program from your taskbar.
Open your Systems Control Panel and delete all suspicious programs that cause annoying pop-up ads.
Open your Windows Task Manager and stop all the unwanted related processes
Delete all add ons from your browser and reset you browsers setting.
Remove all unsuspicious files from your system
Open your systems run box by pressing windows+R
Type regedit command in run box and press OK
Remove all related programs from Registry Editor.
Open your window file search and type %localappdata% into the location bar. Then a file related to BOBrowser occur delete It
Run any other strong antivirus program like Immunet, Avira or avast to remove the rest.
m
-1
l

Best solution

June 13, 2015 11:25:05 AM

You need to get aggressive utilizing every scanner that exist on the internet to get rid of most of bad stuff as you can. This will take awhile and can break some of your legit programs so you will probably need to reinstall them again. Do this at their exact order from top to bottom:

First need to get rid of the rootkits that hide Malwares:
http://www.bleepingcomputer.com/download/tdsskiller (check all and restart computer to take advantage of setting)

2nd opinion anti-rootkit:
http://www.bleepingcomputer.com/download/malwarebytes-a...

Now for the deep Malware scanner, powerful stuff, will find false positive. Might break your antivirus and browser extensions. Just reinstall them later to repair them:
http://www.bleepingcomputer.com/download/combofix

http://www.bleepingcomputer.com/download/junkware-remov...

http://www.bleepingcomputer.com/download/roguekiller

http://www.bleepingcomputer.com/download/adwcleaner

At this point the hidden program that keep resurrecting the malware is hopefully gone. Now to run the more familiar consumer friendly scanners:

68 anti-virus scanner in one scan (beware of false positive, if not sure then just quarantine it):
http://www.herdprotect.com

2nd opinion antivirus scanner:
http://www.bleepingcomputer.com/download/hitmanpro

And Malwarebytes Anti-Malware:
http://www.bleepingcomputer.com/download/malwarebytes-a...

You may now uninstall all of this programs except for Malwarebytes Anti-Malware (on demand scanner) and HerdProtect Anti-Malware (free auto schedule scan). Can also download Malwarebytes Anti-Exploit Free for extra proactive protection. http://downloads.malwarebytes.org/file/mbae

Now to clean up any damage left by the malware
I recommend you reset all of your browsers to revert any setting that malware could had change to your browsers: http://www.howtogeek.com/171924/how-to-reset-your-web-b...

You can optionally run Ccleaner after running and uninstalling all the scanners to fix the holes in your registry and delete some trace left behind from malwares.

If you then get a popup error every time you shutdown your computer, you need to repair your Microsoft .Net Framework by going to your uninstall program list and select repair.

If the malware is still persistent after all this, that mean all the scanners are finding the program legit and you will need to kill it yourself. This is risky so have your OS backup disk ready just incase. If you know the company name of the malware try to find it on your computer registry. Click start, search for regedit and click that program. Click Edit and click find and type the company name, and delete the registry it find and keep searching until it can't find anymore.

This long list probably defeat the purpose of just do a full reinstall your OS but oh well at least you get to keep your stuff.
Share
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS