• Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Thanu

  • Rank
  1. I see - That's the Pro/paid version, I take it - you use it? Recommend it? Well, after surfing more and checking with my wife on her tablet, it appears that we are no longer a victim to the TOT's nasty browser hijacker, if that's what you call it - malware at any rate. This is a real discgrace and black mark on the Telephone Organization of Thailand it seems - not that they particularly care. Great to have you hear helping Loke and I hope you don't have to put up with them much longer - but should we do anything to get the word out? Post on ThaiVisa or something? I'm sure most people won't make it here to LavaSoft, unfortunately. And I do want to thank CeciliaB and LS Artem kindly for their donated technical skills - it's very upsetting and frustrating when problems like this distract us from work and the enjoyment of life. Now, knock on bamboo and be careful ... Cheers, Thanu PS: Are you doing any computer work, Loke? I am a writer, website promoter, and anthropologist in Udon-Nong Khai. Just curious. Sounds like you've got things made, other than this TOT fiasco.
  2. Good answers, though I don't get this: the Adblock plus plug-in can get rid of many pop-ups, also (if point'n'clicking on those manually). What does it mean? You must click on them with AdBlock enabled to make them go away? Anyway, it's only been 15 minutes, but I'm hoping ... nothing yet. Will update you all in a bit. Hopefully, searchers can now find this topic if they use the terms I put in to the thread title - but I don't want to rush things and be disappointed. Thanu
  3. FWIW, here's my full Adaware report. Again ZERO infections - no more threats or infections found by any of the major anti-malware programs, supporting Loke's theory above. (Changed extension so I could upload it.) Ad-Aware_Report_Full_Manual_2014-12-17T13-15-06.532670.txt
  4. Hi Loke - Great to see others joining in, though of course sorry to see you're likewise afflicted by this annoying pestilence. Now, is my ISP TOT? Yes - and No. It was when the problem started a few days ago, but it is not now. For unrelated reasons (speed), I just switched to 3BB up here in northeast Thailand. And so it seems the situation gets curiouser and curiouser – and we may come to a definitive verification of your hypotheses before too long, seeing as I don’t plan on plugging my TOT router back in anytime soon. But I haven’t been surfing much since I switched this morning, and so cannot give you any feedback yet. But I plan to start doing so shortly, and then we can continue this, and see what pops out. But wouldn’t many more folks here in Thailand be afflicted with this? Why aren’t we hearing more about this nasty hijacker? I must say I was very surprised when the Mod here mentioned Germany showing up as my DNS, but if what you say is true, then we’re – you’re – definitely on to something. I’ll post more soon – and hope my problem begins to fade away! And why haven’t you changed ISPs yet? - Thanu
  5. Here are a few reports for now. I've been using IE the last hour and NO instance of problem / hijacker. Reckon it must be Chrome-related. I removed more extensions, leaving only one, LastPass, for the time being. No threats found by programs below. Closed Chrome this time for Gmer report. More later when Adaware finally finishes. Thanks again - Thanu gmer2-17Dec.log MBAM17Dec-1.txt AdwCleanerR13.txt
  6. Hello - It's now morning in Thailand. The problem occurs on all browsers on random sites. I've used my current installation of Windows several years now with no issues. I guess I allow Javascript - I didn't turn anything off. I launch browsers from taskbar shortcuts. I may have been infected with a Filezilla update - I saw others complaining about malware in this regard. For now, here's the Gmer report - I will carry on with ESET a bit later in hopes we can resolve this today. Thanks again for your kind assistance - Thanu gmer.log
  7. The problem is persisting despite doing almost all the above. I tried using the tool from, opened it, found the registry items, but didn't know how to delete them. No delete button, right click doesn't provide delete option, etc. Flushed the DNS and it still loads pages OK; still has the ads and redirect issues also. I hope you will have more suggestions after looking at my logfile report or something else. Seems like a tricky bug to get rid of. Thanks for your help again very much - Thanu
  8. I tried to uninstall via command line; said not recognized. I normally don't use IE - I just tried surfing & coincidentally or not (?) when I allowed Adobe Flash to run the Traffstock Ad Wizard popped up and the redirect page opened - Don't know if that's a possible culprit or not. More soon.
  9. Hello and thanks so much. I deleted most of my Chrome extensions - I only had a couple enabled, but the rest were still there I guess - I trashed them. I can't uninstall ComboFix, and didn't know it was dangerous, no. There is only the .exe file which I click to run it, and no programs or control panel list it so that it can be uninstalled - so I can't do that - or don't know how to get rid of those reg. entries, either. What do you mean by this? 3. Do you want to use a DNS server located in Germany while you are using an IP address in Thailand? I'm asking since there are fake DNS servers, that intercepts the communication and injects ads. I am in Thailand and know nothing about the fake DNS servers - are you saying I'm using one? If so, how to stop doing that? I'll do the other items now as best I can. Thanks for advising on this as well, esp. the DNS issue, which I have no idea about. I suppose I should test what's been done already as well, right? Though I'm afraid that being served these ads and redirections makes things worse - I guess it doesn't, though. Best regards, Thanu ComboFix.txt
  10. OK thank you. I also don't know how to: Uninstall "PxMergeModule"I ran Kapersky's TDSSKiller - no threats detected. Could not find: C:\Users\windows7\AppData\Local\Temp\catchme.sys (if file could not be deleted - reboot the system and try again) Perhaps an anti-malware program got rid of it, but it's not there. I uninstalled Firefox and deleted all the Mozilla files in Roaming folder. Thanks & regards, Thanu
  11. Thanks so much - I'm working on it ... What do I do when Reg Keys won't delete? I'm just using regedit - don't know anything else. I'll carry on and let you know the results, etc. Cheers - Thanu
  12. Hi - Here are some more reports that I hope will assist you. Many thanks - Thanu Forum wouldn't allow upload of Ad-Aware Reports in XML. hijackthis.log startuplist.txt
  13. Tried everything within my lay powers but cannot remove this root-hugging browser hijacker. Used Adaware quick and full scans, Malwarebytes many times after using TFC and resetting browsers. Also HitmanPro, ComboFix, HijackThis and fixed per their recommendations, CCleaner, Adwcleaner, Glary Utilities, NPE, JRT, forget what else ... FRST Reports attached as requested. Would truly appreciate your advice, help, solution! Pretty nasty annoyance for us non-malware experts. Sincerely, Thanu Addition.txt FRST.txt Addition.txt FRST.txt