deal4me malware - what an unpleasent experience

[Swamppifi]

Hi all

I been quiet for a few weeks, been busy with work projects.

I have just spent the last few days trying to get rid of the deal4me adware from my mothers laptop.

Now she is in her 60's , and never touched a computer before last year when she brought a windows 8 machine.

I have been trying to explain the risks associated with clicking on suspect site, but she not understanding."but I got antivirus...." ( norton & Mcfee)

still not understanding the need for good paswords, "why can't I have something simple, thats to hard to remember ...etc"

This sums up why hacking will still be viable, to many people either don't understand the risks, or just want an easy way and not a secure way of doing things.

anyway, to remove this, I had to find and delete all the running programs, , but that wasn't enough, this malware works by seeding the browsers on the machine, so if you remove the program, it still stays, I ended up having to reset all the browsers back to default settings.

it is supose to also try to rootkit itself into the system, well we will see, so far its gone, lets hope it stays gone.

Now the way it works is to browse the loaded web page, and turn certain key words into hyperlinks, even overwites exsisting hyper links to redirect to their ad sites, no wonder my mother was saying the internet is nothing but ads.

I am keen to get a copy of this and pull it apart on a VM machine, maybe turn it into a usefull hacking tool, instead of a pain in the backside adware spawner.

just thought I share the pain...

[digininja]

I'd suggest that in that kind of situation, back up the data (but you already have that set up for her automatically right?) and then just wipe the machine and start again. Much quicker than messing trying to remove something that wants to be persistent.

If you want to make it easier if you think it would happene again use something like clonezilla or ghost to take an image once you have a clean install.

[cooper]

Harden the machine

Seriously, given your mothers' current level of expertise, what is it she wants to do that requires her to have privileged access to the point that she's able to allow such intrusive malware to be installed?

I understand it would be totally unacceptable to you if someone did this to your machine, locking it down to the point where only a few things really work, but she probably only wants to do a very, very limited set of things. Restrict her account to doing just those things.

If she's kinda remote, set up some sort of remote networking thing so that if she decides to pick up a new hobby that involves the computer and the current restrictions get in her way of doing that, you can log in remotely with a privilleged account, update her user settings and thus let her be on her merry way.

Some people just do not care about computers per se. They just want to get the few things they're interested in done. Enable those and they'll be happy. Disable the rest and you won't be bothered every weekend because the machine went up the fritz.

Oh, and in the mean time, install an ad blocker. It'll prevent quite a bit of junk already.

I had my nephew over last month. He's 16 and loves to browse the web. He's got an account on more fora than I can count, most of them about online games, girls, warez, the usual for a kid his age I guess. And of course a *LOT* of those sites provide download links to all sorts of malware, crapware, virusses and what not. And he'll happily install anything to get some blinky on his screen for 3 seconds at which point he tires of it and goes off to find the next thrill. Last time I was at his place and gave his machine a looking over (it was running 'slow') I ended up removing a metric shit-ton of crap. I could've reinstalled, but didn't have the time and I feel this is his responsibility. If he can't keep his machine clean, he needs to suffer the consequences.

So, he's coming over and obviously wants to fiddle with my computer, and equally obviously I came prepared. I'd created a special virtual just for this occasion with a locked down Windows 7 that would basically allow the browser and flash to run but not a heck of a lot else. To his credit, he never complained. He went about his business, tried some crapware which didn't work, probably figured it's because my machine is crap (he didn't know it was a virtual) and moved on to the next thing. I wiped the thing after he left just to be safe.

If I'm to install Windows for anybody ever again of whom I know they're incompetent when it comes to computers, they get a locked down account and they probably don't even get the privilleged account's password (my parents have a kick-ass safe for that).

[Swamppifi]

yes both answers are great ideas.

I will give it a week to see if it is all clear, then lock down the privileges , and then back up the system.

I also installed Windows 8.1 on the weekend, much better the windows 8.

I know I will need to do more to secure her laptop.

just to sum up, the new passwords I created with uppercase and numbers, caused an issue, I said you must use the cap lock for uppercase.. the reply "what is cap lock".

Now she had enrolled in a 12 week community beginner course for computers. she should have known this.

this just highlights why computer security is lacking, the two ends of the spectrum, with myself knowing just how unsafe things can be, and the uneducated stumbling in the dark, not understanding why i is important to have strong passwords and good security.

I will need to do more work

[cooper]

I feel the problem is that people claim that "you should be on the internet" for no actual reason or benefit, or certain services are replaced by ones only being offered via the internet.

Example: Online banking.

My ex's mother used to use the bank's phone service to manage her account. You'd phone up, press in your bank account #, provide some access code then get to a menu. Press X for money transfer, Y for your current balance, you know the drill. At some point the bank decided this cost too much and dropped the service. This elderly woman was then given 2 options: 1. Find your way to the nearest branch and pay a steep service fee for every transaction or 2. Do all this over the internet. Additional drawbacks for option 1 were that this woman could barely walk 500 meters before being exhausted and the bank was over 5 miles away and since she only got a base pension she didn't have money for the taxi fare.

So, we helped her get on the internet... Sort of.

It's like forcing a donkey into a pen when the animal doesn't want to. Every step was excruciating hell. "Why does it have to be like that? Why can't I just phone them up and do this like I always did it? What the hell is a Firefox? Why do I have to click this, but not this?" *EVERY* *SINGLE* *DAY*. Beginner course for computer literacy? Fuggeddaboudit! Too expensive, unreachable and "WHY would I want to learn how to use this newfangled thing? I never wanted it in the first place. The only reason I'm using it is because I'm force to!"

That's why I feel I'm blessed with my parents. They're confident doing the regular stuff with their computer, don't click on crap, only use the machine for specific stuff (including video editing no less!), try to figure out what should be done and manage that quite well on their own and when they feel they're out of their depth they abort and ask me to take a look next time I'm over.

[AbrahamKent]

Hey, if you can't still remove deal4me malware, try some security tools like adwcleaner or Malwarebytes. I saw many people also discussed this adware. The instructions in following links may help solve your problem. Good luck.

http://superuser.com/questions/763277/i-cannot-uninstall-deal4me-program

http://malwaretips.com/blogs/deal4me-virus-removal/

http://www.fixmalwareissues.com/how-to-remove-deal4me-deal4me-removal-guide/

[barry99705]

If I can't get rid of the problem in a couple hours with the regular tools, it's a wipe and reinstall.

Usually go with this order,

1. tdsskiller

2. malwarebytes <-- Might run this one a couple times.

3. combofix

4. reinstall windows