Small Business malware removal

Why I concluded that malware may be connected to

Last week I found that I was affected (but not necessarily “infected”) with a browser hijacking malware. Occasionally I’ve found that published documentation of a computer bug is inadequate and so, for that reason alone, I am publishing details of my experience here. This post might be useful to others but I make no implications that I have any skills or am offering any service in this field.

The Problem

When I type a domain it redirects me to another junk advertising site within a few seconds. It renders the browser useless.

My observations:

– The malware affected multiple browsers (Chrome, Edge, Internet Explorer).

  • The malware affected both of my PCs. It did not affect my iPad running Chrome browser.
  • The malware affects all of my 20+/- web sites but does not affect other web sites. (I was unsure of the reason but realized that either it was something on my server side sites or the cact that they are 100% html and other sited I checked for comparison were not).

Initial Steps with Eset

I re-ran Eset SmartSuite (supposedly one of the best of its class) and it detected no problem

I put in a service request to Eset and was prepared to pay them for removal assistance. But Eset did not respond within one business day as promised, perhaps due to a staff shortage before the Christmas holiday.

As I write this on December 27, I have still not heard back from Eset. Holiday or not, three days is a long time to wrestle with an essential PC problem. I now know that I can’t count on this service 100% of the time.

Mirosoft help

I got advice from Microsoft site from

Bruce Hagen

MVP: 2004 ~ 2010

2014 ~ Present

Imperial Beach, CA

From <>

STEP 1: Remove adware with AdwCleaner

Downloaded and ran this program. It found no problems.

It said:

Machine generated alternative text: o  If you have been brought to use AdwCleaner, it's probably because your  PC contained potentially unwanted programs or  Potentially unwanted programs are Often proposed during the  installation Of software. They may be present in form Of toolbars that  sometimes change the home page Of the browser and slow internet  browsing  TO avoid the installation Of these programs polluting the computer, it is  essential to follow these tips:  - Always download a program from the official link or a trusted site  - When installing a program do not click too fast (Next) without paying  attention to Terms Of Use and third-party programs available  - If third-party programs are available (toolbar% etc. uncheck all  checkboxes about him.  - Enable detection Of PUPS in your antivirus.

Screen clipping taken: 12/25/2015 4:31 AM

The program saved a log file C:AdwCleanerAdwCleaner[C1].txt

The log file did not detect that any malware problems were found.

STEP 2: Remove browser hijacker Junkware Removal Tool

This is a program run at the command prompt level program that did not discover any problem. It saved a text file of the log on my PC.

STEP 3: Remove virus with Malwarebytes Anti-Malware

I downloaded, installed and ran the free version. The scan took about 2 hours but found no malware.

STEP 4: Double-check for malware with HitmanPro

Downloaded and installed the free version of 64 bit Hitmanpro and ran a cone-time scan. The scan took about 90 minutes.

(OPTIONAL) STEP 5: Remove redirect from Internet Explorer, Firefox and Google Chrome

I followed the steps to seset the settings to remove any trace of the malware from Chrome, Internet Explorer and Edge.

“Your computer should now be free of the adware infection.”

Unforunately, I still had the problem.

“If you are still experiencing problems while trying to remove pop-up ads from your machine, please do one of the following:

From <>

My suspicions

I did not do these last two steps above. Instead, I followed my own hunch.

I concluded that since the programs found no installed malware but removal of all cookies corrected the problem, that the problem is launched either on the server side or solely by cookies or possibly by some trigger combining an otherwise innocent cookie or user trigger with something hidden in hosted software.

Sitemeter removal

I removed Sitemeter code on all my web sites. It used to be valuable a decade ago but has none down hill dramatically and I no longer use it anyway.

Since the removal of Sitementer code on the server side, I no longer notice any problem.

Leave a Reply

Your email address will not be published. Required fields are marked *