Blaster virus-large number of Internet sessions

May 8, 2015 at 09:54:32
Specs: 32 bit windows vista
When I try to open a tab in the firefox browser, I have repeatedly received the following message:

Your 2700HG-E Gateway has intercepted your web page request to provide you with this important message. The following devices on your network are using a large number of simultaneous Internet sessions:

WINDOWS-my computer name here

The most likely cause of this issue is a ~blaster~ type virus which has infected the device. It is strongly recommended that the devices above be scanned for potential viruses.

Note that a large number of sessions may occasionally be the result of application software or gaming software installed on the device. If you believe this is the case, click the ~Do not show me excessive session warnings in the future~ to disable this feature.

To access the requested Web page that was intercepted, please close all browser windows and then restart your Web browser software.

If you continue to see this page after closing all open Web browser windows, restart your computer.


I have scanned the computer with avast, malwarebytes anti-malware, and microsoft security essentials. They have revealed no viruses or other problems. I do not have gaming software loaded on this computer.

Suggestions?


See More: Blaster virus-large number of Internet sessions

Report •


#1
Report •

#2
May 8, 2015 at 13:18:51
First run these two small freebies (safe and widely used on Security forums):

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

Next, run MalwareBytes once more.

Please copy/paste the logs on here. Even if the symptoms go away, further checks will be necessary to ensure your computer is properly cleaned.

Always pop back and let us know the outcome - thanks


Report •

#3
May 8, 2015 at 16:56:09
I ran the AdwCleaner. Unfortunately, I did not copy the logs before I hit the "Cleaner" button and so am unable to post a copy of the logs. I do know that there were several items that it found.

I then ran the Junkware tool. The log is shown below:

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\couponprinter.ocx

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\254nntlf.default-1429572149065\minidumps [2 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/08/2015 at 17:00:20.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I ran the MalwareBytes program. No items were found.

I am not sure if my problem has been solved, but I will let you know once I have had a few days of operation.

message edited by Arn1


Report •

Related Solutions

#4
May 8, 2015 at 17:03:45
"I did not copy the logs before I hit the "Cleaner" button and so am unable to post a copy of the logs"
You can find the logfile at C:\AdwCleaner[S1]

Report •

#5
May 9, 2015 at 03:02:39
Here is the log:

# AdwCleaner v4.203 - Logfile created 08/05/2015 at 15:32:12
# Updated 30/04/2015 by Xplode
# Database : 2015-05-08.1 [Server]
# Operating system : Windows Vista (TM) Business Service Pack 2 (x86)
# Username : Administrator - WINDOWS-H62EZ25
# Running from : C:\Users\Arnie\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Program Files\Optimizer Pro

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16636


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.135

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Users\Arnie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Arnie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Arnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

*************************

AdwCleaner[R0].txt - [3231 bytes] - [08/05/2015 14:29:00]
AdwCleaner[R1].txt - [3347 bytes] - [08/05/2015 14:54:30]
AdwCleaner[R2].txt - [3471 bytes] - [08/05/2015 15:04:52]
AdwCleaner[R3].txt - [3523 bytes] - [08/05/2015 15:27:59]
AdwCleaner[S0].txt - [62 bytes] - [08/05/2015 14:43:52]
AdwCleaner[S1].txt - [398 bytes] - [08/05/2015 15:10:22]
AdwCleaner[S2].txt - [3378 bytes] - [08/05/2015 15:32:12]

########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [3437 bytes] ##########


It does not appear to have cleared up the problem.


Report •

#6
May 9, 2015 at 03:13:10
"It does not appear to have cleared up the problem"
We will get there, it is a process of elimination, layer by layer.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#7
Report •

#8
May 9, 2015 at 04:05:27
"I hope this is the information you need"
Yep, only needed the logs, the extra one was the exe, better to have too much, rather than not enough.

I am now going through the logs, will need about 15 mins.


Report •

#9
May 9, 2015 at 04:17:05
Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •


Ask Question