Malware Problem

I recently discovered that my laptop has become infected with some malware. I tried many things to get get rid of it but nothing worked so I went ahead and performed a clean install of Windows 8 while also formatting my HD. But once I got everything set back up, I realized that the clean install didn't remedy the issue. I'm out of ideas on how to fix this. So I'm turning to you guys to see if you have any solutions. Any ideas?

Here is the log file that Malwarebytes creates after finding the same malware:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 5/31/2014
Scan Time: 6:12:56 PM
Logfile: malwarelog.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.05.31.10
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 224074
Time Elapsed: 4 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Trovi.A, C:\Users\mwege_000\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M1CF079CB-5416-437E-99DE-BF7F82F417A8&SearchSource=55&CUI=&UM=5&UP=SP2985AFC3-0EF3-40D4-B9C7-46C43C025244&SSPV=", "http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={1F053C7E-D60E-11E2-BE99-CC52AF77A969}" ],), ,[17dfc88fb1ca05312a6e226aa85c9a66]

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks guys!

 

Try this:

Uninstall Google Chrome

Through Programs and Features uninstall anything that looks like Trovi.

Manually Delete the C:\Users\mwege_000 folder and all subdirectories (do not delete the entire Users folder, just the mwege…. ).

Run Regedit as administrator and delete all references to Google in the registry…(if you also use IE this will also delete the Google search option in IE but this can easily be re-installed later).

Clear your startup folder of everything that isn’t necessary.

Reboot

Run CCleaner… Main and Registry options. Delete all found.

Reboot

Run Malwarebytes again…

Hope that helps, Dave

 

It worked! No more malware. Thank you very much. I think I'm just going to do another clean install for good measure. After I do that would it be OK to reinstall chrome as that's my favorite browser?

Thanks again!

 

Good Deal.... happy that worked for you. If you're going to do another fresh install, just be sure to reformat the drive prior to OS install. This will insure a clean slate for the OS and .....Chrome.

Best, Dave

 

So I just reinstalled windows after formatting my hard drive again and eventually installed chrome. After installing chrome, I downloaded malwarebytes and ran a scan. The same malware is back that I described before. What do you think is the cause Dave?

Before you respond, I'm going to go ahead and redo the steps you outlined above to remove it, than reinstall windows after formatting once again and then finally install chrome without my extensions to see if they are the culprit.

Thanks in advance!

Update: I just downloaded chrome on my once again malware free pc and browsed the web without signing in to gmail. I then ran malwarebytes and it found nothing. Next I signed into chrome with no extensions, browsed the web and ran another scan. Malware was found .

Any ideas?

 

My guess would be that:

- You're downloading or have downloaded Chrome from an unsecure location.
- You're browsing to a Trovi loaded web page.
- You're loading a program loaded with Trovi.
- Trovi is somehow in an email.

"Trovi.com can show up on the system after downloading freeware and shareware. Typically, it enters computers in a bundle with games, tools and other utilities that are actively promoted on the Internet". Read more here. Reload Windows again to a clean partition. Update drivers as required and do all the Windows updates. Don't load any of your personal software... skip Chrome for now... and use IE11 and MS Security Essentials. Try that configuration for a couple of days. Install Malwarebytes directly from their site and do a check.

If all is well... which it should be... Go directly to Google (cringe) and install Chrome with no extensions. You're getting Trovi from somewhere on the web or it is in a program you have previously downloaded. Use only secure locations for downloads and be very careful about all the options for installing software.

Best, Dave

 

Chrome stores your browser extensions in the cloud and restores them when you sign in. So take a look at the Settings -> Exensions what you have there.
That is a good feature if you have several computers. All they share same settings and favorites.

If you look at what you first posted, there's "sweetpacks.com" which is probably a part of sweetIM messenger or what ever it was. Basically fun smileys for messenger programs to use. So look for that kind of extension.

 

Excellent addition on Cloud storage.... nice job.

 

I followed all suggestions and the malware was back after signing into Chrome and browsing. I had no extensions either. Any more ideas?

 

Sorry Michael….. but I’m out of ideas. If you loaded windows fresh to a clean partition, ran IE11 only for a couple of days, and had no issues until loading Chrome… it’s somehow Chrome. If you followed KLF’s suggestion for deleting all the Chrome extensions in the cloud…. then just perhaps this should have been done before cleaning the system… if you didn’t do it in that order.

Still...all I can say is…. move to Firefox or IE.

Best, Dave

 

No worries. Thanks for taking the time Dave to help me with my problem! I really appreciate it. Unfortunately, I don't think I'll be able to give up Chrome as I'm heavily invested in hte Google ecosystem and being able to sync bookmarks, tabs, and cast tabs is just too valuable.