1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Strange IE Add-On or Trojan?

Discussion in 'Internet Explorer & Microsoft Edge' started by AlexH, 2016/11/10.

  1. 2016/11/12
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    So far, so good. At this point I'm only sorry I wasn't keeping track of which web sites displayed that banner. But now that I grok Autoruns, which is like a MSExec (not sure if that's the old name) or Win 10's Task Manager, on steroids, I get it.

    Thanks, Evan, for that neat tool!

    Now, I can start adding things back a,d as I add each one back and reboot, watch for that banner to reappear. Then I will know which one is the culprit.

    And yes, it is marginally faster. While I know my system isn't a gamer's rocket, it is fast, so the difference was not startling.

    I understand why they call you Terminator:)!

    -a.
     
  2. 2016/11/12
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    I've come up on PCs since '85 when you had to cobble together your own protection, even after making the upgrade to Win 3.0/3.1 and on up. I had to teach my clients to back up religiously, and I still do, cloud not included. I use a ridiculous number of high capacity Flash Drives and external HDs.

    So when you talk "tank," if it means being very proactive on protection, I'm guilty. Today I got an email from Log Me In central advising that someone in Vilnius Lithuania tried to hack their way into my account on the web, but were denied.

    I'll take all the protections I can get, so long as they play nice together.

    -a.
     

  3. to hide this advert.

  4. 2016/11/14
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    Monday morning (ugh) report: It's still here!

    Latest appearance was when I got passed from the Reebok site to PayPal and there it was, at the top of the window. It doesn't seem to intrude in any other way but still ...

    Somebody pleas refresh my aging memory, about using RESET on IE? I know it sets everything back to square one, and I cannot help wonder if, since last time I did it - under XP - MSFT has made any updates under 10 Pro that allow us to save settings. Of course, that would probably bring back this intrusive banner ...

    So I will most likely do the reset later today, when I get home from a few appointments and have time to make a mess of things:)!

    If anybody has any suggestions, please let me know. I've attached the latest save from Autoruns64.exe, for your review.

    Thanks again,
    -a.
     

    Attached Files:

  5. 2016/11/14
    MrBill

    MrBill SuperGeek WindowsBBS Team Member

    Joined:
    2006/01/14
    Messages:
    3,794
    Likes Received:
    218
    Trophy Points:
    843
    Location:
    Baker, Florida (Panhandle)
    Computer Experience:
    Inter and still lear
    Go to the Malware section and read what to post.
     
    AlexH likes this.
  6. 2016/11/14
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    Okay, I'm going to take the easy way out; I'll use IE reset now, rather than later. At the Malware section they say if I'm posting here, I should not post there too.

    I'll let you know if that kills the beast.

    Thanks,
    -a.
     
  7. 2016/11/14
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    I also enabled Enhanced Protected Mode and 64-bit processes for Enhanced Protected mode, for fits and giggles before doing the reset.
    We'll see if that banner returns now. Ha!
    -a.
     
  8. 2016/11/14
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    And on the first visit to Spamcop.net, there it was!
    Reset, here I come!
    -a.
     
  9. 2016/11/14
    MrBill

    MrBill SuperGeek WindowsBBS Team Member

    Joined:
    2006/01/14
    Messages:
    3,794
    Likes Received:
    218
    Trophy Points:
    843
    Location:
    Baker, Florida (Panhandle)
    Computer Experience:
    Inter and still lear
    People usually post here before the malware section. I don't get what you are saying. Also, there is nothing hard to do in the Malware section.
     
  10. 2016/11/14
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    I guess I misunderstood that it was either post here or there but not both. Rather than go through the explanation again on the Malware Forum, I'm going to reset IE and will do so in about half an hour. If I miss that window, it will be around 5 PM Eastern.

    I just cannot take any more time trying to figure out what is going on with this silly banner. It keeps asking for a PW and if I had a clue, I'd try one, But my fear is that anything I do try will bite me in the arse.

    Sorry, Bill, if I'm not being logical here. I've started to get a bit paranoid about this thing appearing suddenly and the implications of that intrusion, when it appears to be an unknown problem.

    Thanks for all your help, everybody.
    -a.
     
  11. 2016/11/14
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,591
    Likes Received:
    471
    Trophy Points:
    1,093
    Location:
    Walnut Creek, California, United States
    Computer Experience:
    Intermediate+
    In Autoruns on the Internet Explorer tab, uncheck all the entries and see if that password toolbar comes back.
     
    AlexH likes this.
  12. 2016/11/15
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    Thank. I'll do it tomorrow.

    Today, for the first time in about 8 months, I actually went to the gym for a short while. I have some physical issues and haven't been able to for a long time, so I had to get started again. That pushed back my resetting IE. I will try your suggestion.

    Thank you, very much,
    -a.
     
  13. 2016/11/18
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    Most bizarre!
    So I unchecked everything on the IE Tab of Autoruns64.exe and did the requisite restarts.
    I then ran Windows Defender and Malicious Software scan, as well as Norton scan - all deep, long running scans - and got clean system reports from all.
    Today I finally had time to click on the IE Reset button and, again, allowed the system to restart.
    I can now say that absolutely nothing has helped. I went to some of the web sites on which I've seen that banner appear, and it came back. The sites it seems to like are online banking sites, like PayPal, Wells Fargo, Citibank, but not Starbucks and many other commercial sites.
    I'm going to download Malware Bytes and see if that helps at all.
    I'll report back when that is done.
    Am I having fun yet?
    Not really sure, but it's an adventure.
    Cheers!
    -a.
     
  14. 2016/11/18
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    I still think you should totally uninstall Norton and all other Symantec and 3rd party security programs, do a "cold" reboot, then see what happens. You can always reinstall them later.

    Note a "cold" reboot is when you shutdown and unplug the computer from the wall for about 15 seconds, then connect and boot again.
     
    AlexH likes this.
  15. 2016/11/18
    MrBill

    MrBill SuperGeek WindowsBBS Team Member

    Joined:
    2006/01/14
    Messages:
    3,794
    Likes Received:
    218
    Trophy Points:
    843
    Location:
    Baker, Florida (Panhandle)
    Computer Experience:
    Inter and still lear
    Well this thread is over a week old. I don't know how long you have been having this problem, but like I said once before. Malware section time.
     
    AlexH likes this.
  16. 2016/11/19
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,591
    Likes Received:
    471
    Trophy Points:
    1,093
    Location:
    Walnut Creek, California, United States
    Computer Experience:
    Intermediate+
    Follow Bill's advice and fully remove Norton from the machine and see if that helps. If doing that still does not help, then I would create a new thread in the malware and virus removal forum and see if broni can find out where that password toolbar is coming from.
     
  17. 2016/11/19
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    Guys,
    I just ran the free Malware Bytes and it picked up 5 issues, while Norton then picked up one more, different from the five.
    Naturally, I will see if anything is different now and if not, will remove Norton and, I guess, Malware Bytes, do a cold reboot, and see what happens then.
    If all is the same, then I will go to the Malware and Virus Removal forum.
    What amazes me is that nobody has seen that banner anywhere else. I cannot believe that I'm the only one getting it. I have no really esoteric applications on my system; it's pretty much plain vanilla, right out of the box from HP a year or so ago.
    I'll post any results I get and take it from there.
    Thank you all, very much, especially for your patience.
    -a.
     
  18. 2016/11/19
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    That does not tell us much. An "issue" for MBAM is often just what it calls a "PUP" or potentially unwanted program. "Potentially unwanted" does NOT imply it is malicious, or even unwanted.
     
    AlexH likes this.
  19. 2016/11/19
    AlexH

    AlexH Well-Known Member Thread Starter

    Joined:
    2008/09/05
    Messages:
    212
    Likes Received:
    11
    Trophy Points:
    233
    Location:
    Outside Daytona Beach, FL
    Computer Experience:
    Experienced
    Sorry, there were 5 PUPs found, and I tried to relate their locations, or what showed, to what I know about the system, but that didn't help me to believe that it solved my problem. I still have all the boxes unchecked on Autoruns64.exe as well, an I guess I'll reinstate those which maybe necessary to my configuration.

    BTW, is there any way to "re-post" my first posting here, on the Malware etc. forum?

    Thanks,
    -a.
     
  20. 2016/11/19
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,664
    Likes Received:
    363
    Trophy Points:
    1,093
    Location:
    Staffordshire, UK
    Computer Experience:
    Usually not enough
    Copy the text in post #1 and paste into your first post in the Malware forum - you may need to reinsert the toolbar jpeg.

    Include a link back to this thread as well.
     
    AlexH likes this.
  21. 2016/11/19
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    You can always quote it then paste it, or just post a link to this thread. Then Broni or whoever response can check it out.

    Did you uninstall Norton and see what happens?

    And once again - PUPs are not automatically considered malicious. But I note many toolbars are tagged as PUPs.
     
    AlexH likes this.

Share This Page