I have no idea where this came from:

Whenever I hover over certain buttons this pops up. It isn't just PPrune, by the way. Happened on BBC Homepage, Photobucket. Something has crept in. Any ideas? :(


http://i1100.photobucket.com/albums/g412/RobJHP/Deal/By%20Great%20Deal%20June%202015_zpsbdhfap4l.jpg

It looks awfully similar to the deal-finder PUP, so perhaps the advice for getting rid of that will work for you.

Just search for "deal finder pop up" on google.

SD

Hmm - are you aware that clicking on your post takes me into your photobucket account?

Hmm - are you aware that clicking on your post takes me into your photobucket account?

That was down to the OP entering the image location as a URL as well as an IMG. I have taken the liberty of correcting it.

SD

Groucho, thanks. I believe you can only see my public albums (I think!).


SD just noticed your post, thanks. Not sure what I did wrong there.

Pelikal,

I would surmise that you took the image details from photobucket as an somephoto.jpg string, and put it into your post as a link:
[ URL]http://somephoto.jpgsomephoto.jpg[/URL ], as that is how it ended up. Note that I had to insert spaces at the start and end of that string to show what's going on.

The net effect of which is to embed the URL, but with the desired image as the placeholder text for the URL. Hence, clicking on the picture is actually clicking on the link to your public photobucket.

Just pasting somephoto.jpg simply embeds the image, not the link.

In the standard PPRune editor, the Insert Image icon is the yellow one with a mountain in, and the Link icon is the one with the globe and a... link. The former puts the IMG wrapper around selected text, the latter puts the URL wrapper around selected text.

SD

SD, thanks again for response. I'll now try and address the original query!!

Try adwcleaner (https://toolslib.net/downloads/viewdownload/1-adwcleaner/) to remove it, and any other undesirables (PUPs) that may be lurking.

Tarq, thanks. Downloaded ADWCleaner. It found stuff but didn't get rid of the Great Deal bother. I'll look into it later. Cheers:ok:.

I can recommend installing the free version of "Superantispyware" for annoying stuff like that.

Hitman Pro from Bleeping Computer will eradicate it. Sorted. Its free for a trial period. However its so good I purchased it. Only 20 euros per year.:ok:

Gawd, what a carry on. Before the two posted recommendations above appeared (thanks btw) I found some instructions to remove the Great Deal thingy.

1st instruction was to open programs and uninstall anything that one didn't recognise or was suspicious looking. I found something called YAC, Brazillian I think it was. So I thought, as I'm here, I'll uninstall that as I was pretty sure it shouldn't be there. Clicked uninstall and a window opened. The program looked like an anti-virus program which I didn't recognise and didn't install.

Started to uninstall, it reached 5% and went no further. Buggah, I'm thinking now this is a piece of malware in itself disguised as anti-malware and won't uninstall itself. I couldn't quit and close the window. I couldn't get anywhere so pulled the plug, so to speak. Upon restart, the machine was hopeless, couldn't do anything.

So forced it to start in Safe Mode which was ok. I had recently created a restore point so decided, rightly or wrongly, to revert to it (not something I had done before so I was a bit anxious). Well, it worked and the machine seemed to be behaving reasonably but YAC was still there. That wasn't the main concern as the whole point was getting rid of the Great Deal thing.

I downloaded "Superantispyware", ran it and it picked up YAC and other items, deleted that and I haven't had the GD popup appear yet either, so perhaps sorted. Stuff running quite smoothly.

I decided to create a new restore point and I got the following message:

"The Volume Shadow Copy service used by System Restore is not working."
Web search tells me to run System File Checker (sfc /scannow). I can't open the CMD window as administrator! error:
"The service cannot be started, either because it is disabled or because it has no enabled devices associated with it".

So I can't open Command Prompt to try and get The Volume Shadow Copy service used by System Restore working again...

Advice appreciated!!

Do you mean that you can't open a command prompt, or you can't open it as administrator?

If the former, can you open it directly from C:\Windows\System32 rather than from the shortcut?

If the latter, can you check the state of the Application Information Service (run services.msc)? It should be set to manual, not be disabled. Here's the description of the service:

Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.

What version of Windows are you running?

SD

SD. Ahh, yes I can open command prompt directly but I can't run as administrator. I don't know the difference..

Windows 7 Home Premium.

Then the problem is likely to be with the service required to elevate privileges, possibly the one I added to my post above.

SD

SD, this is very good of you, providing such responses. I don't understand:

If the latter, can you check the state of the Application Information Service (run services.msc)? It should be set to manual, not be disabled.

How would I do this?

Start > Search programs and files > services.msc

That's what I meant by Run services.msc

It's to be found in %windir%\system32\services.msc

You will need to log on as the administrator to change anything, because elevating user privileges doesn't seem to be working for you.

Under normal circumstances you can also get to it by right-clicking "Computer" and selecting Manage - but that requires elevated privileges (it has the shield icon on it).

You may have to start in Safe Mode with Networking to get to the services console.

SD

Latest:

I booted in Safe Mode with networking. Ran CMD prompt as Administrator and performed sfc /scannow.

Windows Resource Protection found corrupt files but was unable to fix some of them. Details in log (haven't found that yet).

Opened Service Console. Noticed 'Volume Shadow Copy' is set to automatic.

Still confused by Application Information Service. Sorry, I'm probably being a bit dumb here.Still can't create a restore point, I'm giving this a break for the night!:ugh:

Finally able to create a restore point. Firstly was able to run services. Not sure what changed here but something nudged into action.

Original error message when trying to create a restore point:

The Volume Shadow Copy service used by System Restore is not working.

In Services, Volume Shadow Copy was set to Automatic but would not start.

What I found on the net was this:

I tried many solutions and the problem persisted. Then I stumbled across another important Service in Services.msc:
"Microsoft Software Shadow Copy Provider".
Properties: Automatic startup, apply and the Start. This finally fixed Volume Shadow Copy Service.


On my machine this service had clearly reverted to manual, probably with all the faffing about. Just thought I'd mention this fix.


Now if I had just used "Superantispyware" in the first instance. Or, of course, been more careful.:sad:

Pelikal, the owners of YAC were caught in March stealing MalwareBytes MBAM malware database. MBAM trapped them by putting a fake virus definition called "Spywera.ThievingBastards". YAC probably doesn't detect/clean a great deal, right now :O

Bushfiva, I did read of that. When I tried to uninstall it it and their uninstall window popped up it sent the alarm bells ringing. I could smell something wasn't right. Bastards. Hope they :mad: rot.

:(

Spoke too soon. YAC is still lurking. Checked services and there is a service YAC running, set to automatic.

Service name: SafeService
Display name: YAC service

Also gave a path to executable.

I booted in safe mode, disabled the service and rebooted. It still started.

I have a folder in programs, Elex-tech which contains YAC, 52Mb for heavens sake. superantispyware failed to uninstall it.

I don't know the direction I should take with this now.

I don't know the direction I should take with this now.

Reformat and start fresh. Don't waste your time. :E

Delete the folder, or if you're worried about data loss, move it to somewhere other than the current path. If something bad happens you can still restore it. Possibly you'll have to do it in safe mode.

Reboot the computer and check the process list, it shouldn't appear any more. Run CCleaner and remove from registry all references to non-existing software. If all is OK delete the folder permanently.

Then reformat the whole kit and kaboodle and install FreeBSD.

^- just kidding :E.

Then reformat the whole kit and kaboodle and install FreeBSD.

Pah, FreeBSD is for wusses. OpenBSD is what the grownups do. :E

Malwarebytes Anti-Malware should pick off stuff like that - use the Threat Scan level initially, and/or Microsoft Security Essentials or Defender as it is also known.
That would be somewhat less extreme than going for the reformat and reinstallation.
Do you have any anti-spyware, anti-malware programs running in the background?

Before I try anything drastic, I'm wondering how much of a threat, if any, YAC really is.

I did a full scan with Defender on the C: drive and it found nothing. I have real time protection turned on. Super Anti Spy keeps flagging YAC but it doesn't uninstall. I have no system restore disk. I have a system repair disk which I made at the start of the month but not sure how much that can do.

Reformat and reinstall I frankly don't see as an option.

As fate would have it, the partition on an external drive which contained a system image fcuked off. That image probably contains YAC anyway but it may overcome the services issues. I split the drive into 2 partitions and I now see only one.

I used CCleaner to check the register.

Belfrybat
Delete the folder, or if you're worried about data loss, move it to somewhere other than the current path.In C: program, I have a folder called Elex-tech and in that resides the YAC folder. Do you mean try moving the YAC folder to another location? I'm not sure where to (a restore point has been made).

The machine is actually running quite smoothly now so I'm sort of thinking leave it as it is. Putting annoyances aside, is the security of my machine compromised, such as for online banking?

Yo Peliwhotsit in da house,

Sorry... right, back to business !

The machine is actually running quite smoothly now so I'm sort of thinking leave it as it is. Putting annoyances aside, is the security of my machine compromised, such as for online banking?

The safest thing is to assume YES.

The fact that this thing is affecting your web browser means its doubly safe to assume YES.

But also, how do you know there isn't something else lurking ? :hmm:

Mixture, thanks for response. Actually the browser appears to be working fine. As you say, just wondering what could be lurking. I would love to start on a clean machine, preferably Apple.😉.


No idea why the partition with the System Image decided to buggah off into the ether. I may try moving/deleting the YAC folder.


Although, having a restore point where stuff is 'reasonable' I may just try the uninstall again.🚓🚓🚓


I fancy some Liquorice Allsorts.

In C: program, I have a folder called Elex-tech and in that resides the YAC folder.What's in the Elex-tech folder besides the YAC folder? Safest is to move the whole folder to C:\temp or something similar, create it if you don't already have it. The fact that this folder is inside another folder is by itself suspicious.

If it's something you know about and is safe, move only the YAC folder. Then whatever tries to load it won't find it in the registered path so can't load. If something strange happens you can put it back and try something else.

Reboot the computer and if it runs fine delete the folder. It will still be in the uninstall list and the registry so run CCleaner to remove all references.

Since you're at it, CCleaner also lists the stuff that's loaded at Windows bootup and gives you a choice to disable or remove the undesired entries.

Some programs (like a wellknown PDF reader) think they're so important that they'll load themselves or a "quickloader" in background for "faster startup". They're still slow as molasses in Alaska to start up and just waste resources.

Edited to add what I found DuckDuckGoing Elex-tech:
http://manual-removal.com/remove-yet-another-cleaner-yac-and-search-yac-mx-redirect/

Daft thing about all this is that if I had just run "Superantispyware" in the first instance, the By Great Deal thing would have been vanquished and I would have been unaware of YAC.

It was in trying to get rid of By Great Deal manually that I noticed the YAC folder in programs and it caught my attention. It has led to this. I'm still not convinced that YAC is malware but it is certainly a PUP and is able to protect itself.

There is nothing else in the Elex-tech folder, only the YAC folder. There is an application called isafe within the folder and SuperAntispyware does not see it as a threat. Belfrey, thanks for link and suggestions. I'll take a closer look later.

Just removing the obvious file/folder or program.exe file is usually not enough. Most of those types of nasties embed themselves where you can't get to so you need a program that knows how to extract them with minimal disruption. That's why I also suggested MalwareBytes Anti-Malware. I know it detects and deletes on command PUP "infections". I've had them. One thing to be careful of though is that there can be a PUP show up in the analysis but it is part of a program or something that is legitimate.

With hindsight I'd say never go in and delete a folder or file as such in the hope of eliminating these things, always do a scan first. Otherwise it is akin to the proverbial using a sledgehammer to crack a walnut. It may do the job, but the collateral damage is vast.