Dear moderators
This question is not a duplicate, as it is about a special case, not a general question. please open this up and let the problem be solved, as this relates to so many people. you may find the view count intresting
Problem
As for this or this or even this, my computer has been infected to this sh-t and my browsers open an annoying pop-up ( http://wonderlandads.com/afu.php?zoneid=437742 ) on every single click to whatever web page I am visiting and this is repeated really unlimited times, getting me more and more nervous.
It was just Google Chrome ( 47.0.2526.106 m ), but now I have it on Opera ( 34.0.2036.25 ) too, and I think it will go through the Firefox, IE, ... soon.
Environment
- Windows 10 x64 Enterprise (1151) Build 10586.29
My efforts
- I found this link which would be useful.
- Used Chrome's
Help > Report and issuemenu to report it to the Google. - Used the Chrome Cleanup Tool to remove any problems at the very first moment (just before my opera get infected too).
Using the tool, I noticed that the
exefile ( Chrome Cleanup Tool ) gets deleted automatically right after usage and so I added an audit on the file for deletion to suspect what process deletes thechrome_cleanup_tool.exefile usingSecuritysection underWindows LogsinWindows Even Viewr. The answer was:Object: Object Server: Security Object Type: File Object Name: C:\Users\{my-user-name}\Downloads\chrome_cleanup_tool.exe Handle ID: 0x2c Resource Attributes: S:AI Process Information: Process ID: 0x179c Process Name: C:\Windows\SysWOW64\rundll32.exe Access Request Information: Accesses: DELETE Access Mask: 0x10000So I am almost sure that my windows has been infected with virus and there is nothing to do with Chrome, Opera, ...
My question
- How can I remove the infection from my computer?
- Any suggestions or similar efforts would be appreciated.
