Firefox or system infected

April 2, 2014 at 03:23:58
Specs: winvists32bit, 2.2dualcore /2.5gb
http://i273.photobucket.com/albums/...

Plus cant type properly,...wowge ttingwor seas ic ant typ epro perly...geti can tdo up datesprop erply..w ell uca n s eehow baditi s .....itsta kenmefor ever tore instal lorr estore theos ( winv istaultim ate)id idntkn owvi staw asthis bad :0(
todayisthe wor st...beengett ingpop upsford ays .didnt vist badsi tes etc

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


See More: Firefox or system infected

Report •


#1
April 2, 2014 at 04:08:00
Try another keyboard, if you can borrow one & it is USB, plug it into a rear USB port, if laptop, try the different ports.

Uninstall Firefox using this, then try IE.

Use IObit Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/IObit-...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerfull Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif



Report •

#2
April 2, 2014 at 04:11:15
After above, lets see if you are infected.

Download OTL, save & run from your Desktop.
http://oldtimer.geekstogo.com/OTL.exe
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
1: When the window appears, underneath Output at the top, make sure Standard output is selected.
2: Select Scan all users
3: Change Drivers to All
4: Under the Extra Registry section, check Use SafeList
5: In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
6: Click Run Scan and let the program run uninterrupted.
Screenshots ( SS ) of 1 - 6
http://i.imgur.com/rvTDUlL.gif
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Upload the logs using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the links please.

Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

Free file sharing sites come & go, if Imgur.com & load.to are too busy ( or not working ) here are others to try.
free file upload no account needed
http://is.gd/ije9W6
http://www.zippyshare.com/
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.sendspace.com/
http://www.megafileupload.com/


Report •

#3
April 2, 2014 at 04:15:04
Hi on my linux machine now. I did uninstall firefox and reinstalled. At first it was working well and then everything got worse after that today....i did the reinstall today. I do run avast and that came up with nothing. Did a full scan yesterday. Will just see if ie is allowing me to get on computing.net and type...as it wasnt playing up when i was on other sites previous to that

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

Related Solutions

#4
April 2, 2014 at 04:30:37
ok where is the output thing u r talking about? at the top? cant see anything like that

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#5
April 2, 2014 at 04:41:17
"ok where is the output thing u r talking about?"
You have to be very thorough when we are helping, we should not have to explain things again.

Refer my screenshots.


Report •

#6
April 2, 2014 at 04:49:03
ok OTL looks nothing like that at all sorry

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#7
April 2, 2014 at 04:53:14
Are you looking at this SS.
http://i.imgur.com/rvTDUlL.gif

Report •

#8
April 2, 2014 at 05:07:55
yes must be a different version...says v 3.2 but no further numbers

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#9
April 2, 2014 at 05:12:08
"v 3.2 but no further numbers"
I just downloaded it again, same numbers.

Hover your mouse over the file & tell me what numbers it shows on the pop up.


Report •

#10
April 2, 2014 at 05:18:22
do u mean over the shortcut on the desktop? nothing happens when i hover over it

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#11
April 2, 2014 at 05:18:25
SS of my downloaded OTL.
http://i.imgur.com/M24vHTp.gif

Report •

#12
April 2, 2014 at 05:20:35
"do u mean over the shortcut on the desktop? nothing happens when i hover over it"
As per my post #2

Download OTL, save & run from your Desktop.


Report •

#13
April 2, 2014 at 05:22:15
yes i did that

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#14
April 2, 2014 at 05:25:22
i dont see that gif in post 11

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#15
April 2, 2014 at 05:32:06
"yes i did that"
But you said shortcut. It should not be a shortcut.

"i dont see that gif in post 11"
I do, must be something to do with Linux. Not that that makes any sense, you still should be able to see it.


Report •

#16
April 2, 2014 at 05:36:37
Oh well it downloads automatically into the download folder and i dont know how to change that in windows sorry. I just ran it from the icon in the browser...sorry i dont understand the difference...then i opened it from the desktop icon.
http://i273.photobucket.com/albums/...
yes no i am sitting using the linux machine at the same time...whatever i am doing in windows is what i am doing in windows...i didnt download via windows or anything like that

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#17
April 2, 2014 at 05:39:49
"downloads automatically into the download folder"
Drag it out of that folder onto your desktop.

Report •

#18
April 2, 2014 at 05:45:13
gosh its so hard to find...ok will try...winvista is a b---tard of an os

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#19
April 2, 2014 at 05:49:53
"gosh its so hard to find"
Something like this.

Start > All Programs > Documents > Downloads.


Report •

#20
April 2, 2014 at 05:50:19
ok ran from the desktop and looks the same...ummmm dont understand why this makes a difference...

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#21
April 2, 2014 at 05:51:29
ok yes figured out where downlaods was...so different from xp

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#22
April 2, 2014 at 05:54:42
"ummmm dont understand why this makes a difference..."
I don't even try to work that out, when an author says do it that way, that's it.

Are you now able to run the program?


Report •

#23
April 2, 2014 at 05:58:34
author?
yes i ran it...it is the same as before

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#24
April 2, 2014 at 06:10:35
"author?"
People who write programs are called author's.

"yes i ran it...it is the same as before"
Ok, not much more I can do.

Will get back tomorrow, with perhaps some other way to tackle the problem.

I'm here.

http://www.timeanddate.com/worldclo...


Report •

#25
April 2, 2014 at 06:16:10
oh i didnt know it was your program ok...sorry just not used to windows anymore and never used vista until a few weeks ago////ok thanks so much :0)

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#26
April 2, 2014 at 06:23:30
"oh i didnt know it was your program"
It's not, I don't author/write programs.

Report •

#27
April 2, 2014 at 06:29:05
ok even more confused now...anyway another day then :0)

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#28
April 2, 2014 at 18:44:37
9: Download & run DDS. Copy and Paste the contents of the 2 logs please.
DDS which will create a Pseudo HJT Report as part of its log.
http://forums.majorgeeks.com/showth...
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer. When DDS has finished scanning, all of this information will be compiled and be displayed in two Notepad windows named dds.txt and attach.txt.

Report •

#29
April 2, 2014 at 18:46:56
If the logs are too large, upload them.

I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.

Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

Free file sharing sites come & go, if Imgur.com & load.to are too busy ( or not working ) here are others to try.
free file upload no account needed
http://is.gd/ije9W6
http://www.zippyshare.com/
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.sendspace.com/
http://www.megafileupload.com/

message edited by Johnw


Report •

#30
April 3, 2014 at 07:24:41
Hope i got this right. Never used these types of programs before. Btw ie is now giving popups
[url=http://www.load.to/qfBjngc5FA/attach.txt]attach.txt[/url] [url=http://www.load.to/jYVOF9gRYX/dds.txt]dds.txt[/url]

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#31
April 3, 2014 at 16:43:24
"Hope i got this right"
Good try, considering I put one wrong SS in my info.
Step 4 in this link is the best way if you use again.
http://i.imgur.com/txFkgpT.gif

DDS logs shows me the problem. We will need about 6 steps to fix.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.




Report •

#32
April 4, 2014 at 07:03:22
I side tracked a bit and ran avg boot disk and it id'ed a trojan. Anyway will try and get some of this done.

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama

message edited by rapattack


Report •

#33
April 4, 2014 at 07:15:31
Oops i didnt read the part about posting the log file. I know there was something about optimiser pro and websteriods

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#34
April 4, 2014 at 12:00:37
"Oops i didnt read the part about posting the log file"
Run both again, Copy & Paste the contents of the logs.

Report •

#35
April 7, 2014 at 06:38:47
# AdwCleaner v3.023 - Report created 08/04/2014 at 00:33:17
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Username : carla - CARLA-PC
# Running from : C:\Users\carla\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\carla\AppData\Roaming\Mozilla\Firefox\Profiles\cgbp68qe.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1404 octets] - [05/04/2014 01:09:20]
AdwCleaner[R1].txt - [895 octets] - [05/04/2014 01:13:35]
AdwCleaner[R2].txt - [1013 octets] - [05/04/2014 01:17:42]
AdwCleaner[R3].txt - [1134 octets] - [05/04/2014 01:21:16]
AdwCleaner[R4].txt - [1254 octets] - [08/04/2014 00:27:07]
AdwCleaner[S0].txt - [1497 octets] - [05/04/2014 01:10:34]
AdwCleaner[S1].txt - [955 octets] - [05/04/2014 01:14:17]
AdwCleaner[S2].txt - [1074 octets] - [05/04/2014 01:18:52]
AdwCleaner[S3].txt - [1196 octets] - [05/04/2014 01:26:02]
AdwCleaner[S4].txt - [1176 octets] - [08/04/2014 00:33:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1236 octets] ##########

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#36
April 7, 2014 at 06:49:23
Now the antivirus program(avast) been killed off it seems.
Heres the other log file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Ultimate x86
Ran by carla on Tue 04/08/2014 at 0:42:51.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/08/2014 at 0:46:25.91
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#37
April 7, 2014 at 14:44:51
3: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it onto your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.

4: Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please. Note how to avoid the trial period.
If you can't find the log, do a search for malwarebytes or look in here.
C:\Users\Pete\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Replace Pete with the User's name.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
Make sure you Uncheck > Enable free trial at the End of the install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#38
April 9, 2014 at 22:27:00
ok will be a few days before i have time to do more but i did a system restore and was able to reinstall avast. avast says there is no infection now but giving it a test on the net right now using ie to see if thats true or not. will try firefox now to c if it responds well as well

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#39
April 15, 2014 at 01:18:19
OK have given it a few sessions and nothing is happening now. Sorry wish i had time to test out everything but i have to limit computer session for myself too because of a bad back and CFS. If it does start to act up again i will revisit here

"The meaning of life is to be happy and useful" Tenzin Gyatso the 14th Dalai Lama


Report •

#40
April 15, 2014 at 01:52:44
"If it does start to act up again i will revisit here"
Ok.

Report •


Ask Question