Redorbit popups

[tkumala]

Hi,

I'm using a work laptop to surf internet at home and am now getting a pop-ups every few seconds. The pop-up is usually from redorbit, but sometimes it gives different ads as well. I may not have full admin access to the laptop, but I have enough to be able to install hijackthis. Hijackthis log is attached.

Thanks in advance for your help.

tk

 

[Cybelex]

What anti-malware apps do you use?

I'd suggest starting with Spybot S&D. It will remove most malware. It is also "safe" in the sense that it rarely removes anything it shouldn't, and that is why I recommend it so often. Everything it labels as "bad" can be removed.

 

[gillianbrown]

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

GetModule

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

GetModule32.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [GetModule32] C:\Program Files\GetModule\GetModule32.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\GetModule<Delete the entire folder.

Reboot your system.

Please download Malwarebytes' Anti-Malware to your desktop use any of these links.
Malwarebytes
MajorGeeks

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please attach that log into your next reply, along with a fresh HJT log and let us know if you're still having problems.

 

[tkumala]

Hello,

thanks very much for the quick reply.

I'm using McAfee Enterprise, that is supposed to have AV, spyware, adware protection all-in-one. Needless to say, it's not very good.

While waiting for a reply, I have ran online F-Secure scanner and it claimed to have removed 17 spywares. It may have done the trick since when I followed your instructions, I was unable to find any references to GetModule anywhere in the system (control panel - install/remove program, task manager). I did find GetModule folder but with nothing in it and have deleted it and rebooted the system.

Finally, I downloaded MBAM, but was unable to run it due to insufficient rights. Here's the latest hijackthis log. Please help review it to see if there is still a problem.

thanks
tk

 

[gillianbrown]

Your HJT log looks clean now.

Are you still having problems? If not, you're probably good to go.

 

[tkumala]

It does seem to be OK now. I've let the web browser open since I posted the last reply and haven't had a single pop-up.

Thanks again for your help.

tk