where is all the malware coming from

[capri]

Hi,

I've been running Malwarebytes for a few years now and it very rarely picked up any malware. In the past 2 weeks it has picked up at least 50 pieces of malware. I'm trying to figure out where it is all coming from. For most of my use, I visit 2 or 3 genealogy based websites. I can be on the computer for a few hours then run the malwarebytes and it comes up clean. I can use it another 2 or 3 hours and it comes up infected with a few pieces of malware (same few sites). I had my favourite sites on the favourites bar of Explorer and one time I'm not sure how I clicked on it, but a window came up about wanting to download something onto my PC which I refused. I thought perhaps the problem was connected to the favourites bar so deleted it but that hasn't solved the problem.

My husband mainly uses Firefox, and the scans seem to come up clean after he's been using Firefox. I am going to switch over to see if that stops it, but was wondering if anyone has had similar problems and can suggest what is causing all the malware and how to avoid it. I've been running the Malwarebytes at least twice a day lately and can't predict which will come clean and which will be infected.

Thanks for any suggestions.
capri

[Claude]

What other security software do you have installed and what operating system ?

[capri]

Hi Claude,

It Windows XP and I have Avira virus protector. The virus protector has picked up a few viruses recently (normally none) but nowhere near as many as the malware.

capri

[John Gray]

When you say "viruses" do you mean viruses? Or tracking cookies, or something similar?
Could you quote a couple of examples of what Malwarebytes is objecting to?

[Claude]

Yes, some examples would be useful.

[Argus]

While waiting further info.

I had my favourite sites on the favourites bar of Explorer and one time I'm not sure how I clicked on it, but a window came up about wanting to download something onto my PC which I refused.

It's a good practice to not click on anything in such windows, just close the browser; safest way in this case is via the Task Manager's Applications tab.

(From a general perspective, just about any site can carry malware, but as we know some sites are less likely; the problem is that when doing research similar to what you mentioned it's possible to wander away, tempted by some promising search result.)

(Does Malwarebytes' Anti-Malware track down cookies ...? Never heard of it, seems like it doesn't.
https://malwarebytes.zendesk.com/entrie ... g-cookies-" onclick="window.open(this.href);return false;
http://blog.malwarebytes.org/intelligen ... t-cookies/" onclick="window.open(this.href);return false;)

[capri]

I never click on windows like that. Rather be safe then sorry.

here are some samples from a recent log (have deleted the actuals)

Registry Keys Detected: 5
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.


capri

[Claude]

MySearch is quite a pain. Have you searched for removal instructions and gone through the process ?

Whenever you follow removal instructions, make sure you reboot in safe mode beforehand.

[John Gray]

In this context, PUP means Potentially Unwanted Program. But you probably knew that already!

[capri]

Thanks for the advice.
We used a removal problem and are hoping the problem is solved. We have been running the malware at least twice a day and all except one have come up clean. The one could just be normal. We'll keep running it twice a day for a while longer, then hopefully can drop back the number of times we run it.

capri

[viking33]

Thanks for the advice.
We used a removal problem and are hoping the problem is solved. We have been running the malware at least twice a day and all except one have come up clean. The one could just be normal. We'll keep running it twice a day for a while longer, then hopefully can drop back the number of times we run it.

capri

It might be a good idea to run some other Anti-Malware programs besides Malwarebytes. Some pick up strains that other may miss.
A review of some other freebies can be found here.

http://www.techsupportalert.com/best-fr ... emover.htm" onclick="window.open(this.href);return false;