[Lex Computer & Tech Group/LCTG] an issue

Robert Primak bobprimak at yahoo.com
Sat Nov 11 04:52:30 PST 2023 

 Absolutely Steve.
Some of us were presenting more general approaches, not knowing specifically what this infection was.
John, 
Follow Steve's links and do exactly as instructed. Any further messing around at this point might cause the infection to become more  deeply entrenched in the computer. 
Thanks for the link, Steve and at least one other person who identified the specific infection.
-- Bob Primak 

    On Saturday, November 11, 2023 at 07:43:16 AM EST, Steve Isenberg <smisenberg at gmail.com> wrote:  
 
 With all due respect to all recipients and the good approaches for removing threats, 
This situation is specific and there are instructions for removing this specific situation.
Mr. Rudy's computer is infected with the "glsfreeads-com-scam" and there are at least two sites that tell how to remove this particular infection:https://malwaretips.com/blogs/glsfreeads-com-scam/ and 
https://securedstatus.com/how-to-remove-glsfreeads-com/
There are other sites as well, do a search for part of the text in the pop-up: "3 viruses found glsfreeads.com" 
I would try following the steps in one of these sites if it was on my machine.
Your thoughts?-steve

On Sat, Nov 11, 2023 at 1:47 AM Drew King (dking65--- via LCTG <lctg at lists.toku.us> wrote:

This reminds me about System restore points.

Your computer should if it is enabled periodically create restore points that will allow you to revert your computer back to that state pre-virus or malware or adware or whatever it is.

It's worth checking your system restore settings and look for a recent system restore point that you can go back to. That will clear up the problem absolutely.

I haven't checked for myself but somebody told me that Windows 11 has system restore disabled by default if that is the case then you would want it enabled and make sure you make a periodic restore point.

I make one before installing anything on my computer and it has gotten me out of a jam more than once by allowing me to revert my system Back to Before the time when the software was installed. 



-- 
Drew King



On November 11, 2023 12:34:48 AM EST, Robert Primak via LCTG <lctg at lists.toku.us> wrote:
 I think this is adware, not a true virus infection. Which makes it easier to remove and keep it from coming back. But you will need to run anything you choose to try in Windows Safe Mode. This is necessary to stop any services which prevent the entire unwanted package from being totally removed. Registry cleanup is a must as well, because it's through Registry corruption that adware often reinstalls itself.
If you can handle a little Command-Line action, restoring any corrupted system files would be a good idea after the adware is actually gone and does not come back. 
The Command Line tools would be sfc/scannow and dism/restorehealth. 
But let's try to remove the adware first. 
Two options:
ADWCleaner from Malwarebytes: You can run this one from Windows Safe Mode, and that would be better than running it in Windows Normal Mode. This program specifically targets adware and browser corruptions.
If anyone knows of a portable antivirus app, which can run independently of a booted Windows OS, this would be the next step.
Windows Defender lets you run Windows Defender offline (WDO). It's an advanced option under the Defender Scan Options. It should be the bottom option. But this scan won't work on every computer, and I never see it make a proper log which Defender can display. 
Portable antivirus scanners can be put onto a USB flash drive, if you have a way to make the flash drive bootable. RUFUS is one way, and I think they allow you to create a boot drive with an AV scanner and other tools included. 
It's a little tricky getting into USB Boot under Windows 11 due to new security keys required for USB boot devices. I have used Ventoy to create flash drives with multiple CDs (ISOs) which will boot and run their programs from USB. If one of these disk images contains a good antivirus scanner, you can do the tool's database update, ID the adware, remove it and clean up from outside of Windows. Make any USB flash drive on a different computer from the infected one. 
If this does not clean up the infection, it's time to bite the bullet and reinstall Windows. That may not work in extreme cases, but a clean erase of the drive followed by reinstalling Windows will in most cases produce a virus-free result. If you download Windows 11 from Microsoft for a reinstall, be aware that you are upgrading to the newest Fall Feature Update (23H2). RUFUS may allow you to stick with 22H2 or whichever version you are on now. Windows 10 does not have this issue. 
I think ADWCleaner will root out this infection. It looks like adware, and the browser is the most likely source of the trouble. That makes this more of an adware infection than a true virus situation. But you should try to get into Windows Safe Mode and then run one of the group's recommendations, or some other portable adware-targeting anti-malware tool. 
-- Bob Primak 

    On Friday, November 10, 2023 at 05:03:43 PM EST, John Rudy via LCTG <lctg at lists.toku.us> wrote:  
 
 
I have rebooted twice

  

From: LCTG <lctg-bounces+jjrudy1=comcast.net at lists.toku.us> On Behalf Of Smita Desai via LCTG
Sent: Friday, November 10, 2023 4:58 PM
To: Adam Broun <abroun at gmail.com>
Cc: Lex Computer Group <lctg at lists.toku.us>
Subject: Re: [Lex Computer & Tech Group/LCTG] an issue

  

I would also reboot and keep disconnected from the internet. 

  

Smita Desai 

  

Sent from my iPhone






On Nov 10, 2023, at 4:08 PM, Adam Broun via LCTG <lctg at lists.toku.us> wrote:



When do these messages appear?  Upon boot up?  After opening a browser window? Other? That might narrow down where to look (e.g in startup folder or registry,  browser settings, etc.

  

  






On Nov 10, 2023, at 15:59, palbin24 at yahoo.com wrote:

  

I’m reluctant to suggest major surgery and I hope someone has a good idea 

  

A middle ground might be reinstalling the OS. There are tools from Microsoft and perhaps your computer vendor to help. Wait to see if there are any other options before going down this road.

  

Peter






On Nov 10, 2023, at 3:47 PM, John Rudy via LCTG <lctg at lists.toku.us> wrote:





They are back, so Malware Bytes didn’t do it.

 

From: Adam Broun <abroun at gmail.com> 
Sent: Friday, November 10, 2023 3:39 PM
To: jjrudy1 at comcast.net
Cc: Lex Computer Group <lctg at lists.toku.us>
Subject: Re: [Lex Computer & Tech Group/LCTG] an issue

 

Check the home page settings in your browser.  My guess is a script got triggered that put something funky in there.  And try running the inbuilt Windows virus scan.

 







On Nov 10, 2023, at 15:27, John Rudy via LCTG <lctg at lists.toku.us> wrote:

 

Starting this morning I began to receive these messages.  I assumed that they were a scam and I do not believe I have McAfee on my system.  I have not clicked on either t

the Yes or No Thanks.  But they are covering things up and I seem unable to get rid of them.

 

I did close down mail and rebooted, but they are back.  Any thoughts?

<image002.png>

John Rudy

 

781-861-0402

781-718-8334  cell

13 Hawthorne Lane

Bedford MA

jjrudy1 at comcast.net

<image001.png>

 

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to abroun at gmail.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/abroun@gmail.com


 

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to palbin24 at yahoo.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/palbin24@yahoo.com



  

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to smitausa at gmail.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/smitausa@gmail.com

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to bobprimak at yahoo.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com
  
===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to s+lctglist at smistuff.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/s+lctglist@smistuff.com

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20231111/c4e721ea/attachment.htm>

More information about the LCTG mailing list