Whilst searching for aircon parts for our vehicle, I happened to visit a website which displayed a warning regarding proceeding to it but I pressed on anyway.
Our PC was infected with MyWebSearch but Windows Defender found and disabled it.
However, numerous pop-ups keep displaying in the lower right hand side of the screen including Bitcoin scams, fake ABS News updates and anti virus messages.
Both my McAfee and Norton anti virus expired simultaneously on Thursday, Friday and today, even though I don’t have either.
Windows Defender rated the threat level of MyWebSearch as low but could not stop the pop ups, and it would not run in the offline safe scan mode.
After re-imaging the drive from the backup, it now all works fine including the ofline scan.
Sorry scumbag scammers, the name is Billy, not Silly.
The use of the run on demand free Malwarebytes and or Superantispyware or Spybot (all available for free from https://ninite.com in the security section of their selections) particularly if they are run in Safe Mode easily clean up these PUPs (potentially unwanted programs). Nor do the free tools interfere with Windows Defender. The tool AdwCleaner also does a grand job of removal.
I tried Malwarebytes, but as I mentioned above, the PC would not boot into safe mode.
The mirror image backup would, and the re-imaged drive now alos does.
It appears that My WebSearch had disabled booting into safe mode.
It also prevented Word documents displaying “Pick up where you left off” when opened.
Next time if you find you can’t boot into Safe Mode try using powershell or command prompt box (both in admin mode) to run dism /online /cleanup-image /restorehealth then after it finishes sfc /scannow (you may need to run this sfc command up to three times). Then try to boot into Safe Mode. If a user is using Win 10 or 8/8.1 running chkdsk /scan then if errors can’t be fixed while Windows is running/online with that command then running chkdsk /f or chkdsk /spotfix if chkdsk /scan had been run before can also fix many issues that stop Safe Mode starting. If the drive is not an SSD then using chkdsk /r will also check for bad sectors…do not use this command option (ie /r) on an SSD type drive.
You have had possibly corrupt system files that prevented Win 10 booting into Safe Mode, your reimage possibly put good versions back, the damage may have occurred due to other reasons beyond MyWebSearch including a failed/incomplete update.