Jump to content

Win32/Adware.Zdengo.CG [endless threat]


Recommended Posts

Hello,

I just bought a licence for the NOD32 ESET Antivirus.

Before I had no antivirus on my computer but I have some knowledge in computers and windows and know how to manage the firewall and regularly check and manage my running processes. However recently I have this virus that really bugs me. Some hidden process that I can't identify create a folder and executables in "Program Files" and one of the .exe file gets executed and it messes with my webpages (e.g. adds advertisements in my google search results). I can kill the latter process because it is visible in windows "Task Manager" and if I am quick enough I can remove the folders tree structure so the process won't run again... for a few minutes...It is really annoying.

So I was hoping ESET to deal with this situation. After buying and installing NOD32 AV, as expected ESET found the adware ! great ! Only its removal algorithm is not so complex I guess because also as expected the external process creates the adware again, resulting in ESET to storm my screen bottom right corner with notifications. It keep deleting every 5seconds the same file over and over...

Here's the file description : hxxp://www.virusradar.com/en/Win32_Adware.Zdengo.CG/description

 

I'd hope to have an expert assistance to help me get rid of that adware behavior. Advices or walk-through on how to trace the origin for deletion, resources, any help would be very appreciated.

 

Best Regards

Link to comment
Share on other sites

  • Administrators

Please post a complete record / line from the Detected threats logs so that we have all information about the detection. What browser do you use? Is the adware detected even if you use a different one?

Link to comment
Share on other sites

Hi Marcos, Thanks for your answer

 

I am not sure what you mean by record/line from the logs so I just made a bunch of screenshots,

Also It's worth mentioning that the notifications did stop. I thought ESET finally removed the problem but the files still remain in Program Files, is it still a threat (Is it possible that ESET remove the files on next restart ?)

 

 

quarantine.png

program files.png

threats.PNG

Link to comment
Share on other sites

  • Administrators

Please compress the content of the above mentioned folder and submit it to samples[at]eset.com.

Then try to uninstall the adware via Control panel. If that's not possible, collect logs with ELC and provide me with the generated zip file.

Link to comment
Share on other sites

I just sent you the collected logs because I can't uninstall from the Control Panel, also as I said I can't identify the process responsible for creating the adware.

 

I couldn't send the zip to samples[at]eset.com, my email client refuses to send it. Then I tried to use a password on the zip but the client keeps telling the zip is a threat... I tried another client but it didn't work as well. I tried to submit directly from eset application but the submit interface only allow to send one file at a time, zip will be recognized as an archive and won't work. Any other way I can supply the zip file of the harmful directory ? 

Link to comment
Share on other sites

It appears you have either intentionally or unwittingly installed this "crapware." There is a removal guide here you can try: https://malwaretips.com/blogs/pup-optional-netfilter-removal/

Before you try the above, you can just try to uninstall the junk using the Windows Install/Uninstall Program feature and see if that resolves the issue.

Link to comment
Share on other sites

1 hour ago, itman said:

It appears you have either intentionally or unwittingly installed this "crapware." There is a removal guide here you can try: https://malwaretips.com/blogs/pup-optional-netfilter-removal/

Before you try the above, you can just try to uninstall the junk using the Windows Install/Uninstall Program feature and see if that resolves the issue.

Thanks Itman, I'll check tomorrow and try to get rid of this... "crapware"

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...