Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I'm having the same problem as another poster. IE popups keep happening in the background (i can only see them in task manager). I can hear them popping up when my sound is on and every now and again one is an audible ad, so I have to search for it and close it down, when I try to close all of the others in task manager they keep popping up, usually about 12 or so at a time. Please help, I've done the computing net scan but I will be around to post whatever else needs to be posted, thanks for your help
0 
It happens while I'm running Firefox, I hardly ever use IE and I'm never using it when these sites are popping up, I also get random error popups (this site has encountered an error and IE has to close) I just hit the button to report it to microsoft and close it out, but I'm never running IE when these popups happen
0
Tried scanning with antivirus? Post scan log if you did if you haven't scan with kaspersky/eset/bitdefender online scanners and post scan results.
-------------------------------------------------
0
ok I just spent hours getting this scan and it found nothing, here is the report, I've also taken a print screen to show you what I'm talking about. I'm not sure if image codes can be used here so I will post the link, thanks
---------------------------------------------
Saturday, June 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, June 06, 2009 03:27:25
Records in database: 2316933
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
Scan statistics
Files scanned 46467
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 03:21:26No malware has been detected. The scan area is clean.
The selected area was scanned.
Link to print screen: http://i44.tinypic.com/2s1q3ao.jpg[IMG]http://i44.tinypic.com/2s1q3ao.jpg[/IMG]
I am going out of town for the weekend, I will bump this when I get back for help...thanks to all that viewed and if you want to go ahead and post my next step I will do it promptly upon return. Again, I really appreciate the help :)
0
I am also having this issue. Onecare live scan from Microsoft detected and removed System32\iehlpr.dll and Windows\sysguard.exe . Now both Onecare and Defender show the computer as clean, but but the issue persists. I was getting redirects from my search results both in Google and Live.com (If I open the link in a new window it opens correctly). No DNS IPs in my TcpIp reg key. I am really baffled. Anyone figure this out yet? Thanks.
0 0
Jrobi31: Can you make a new HijackThis log and upload it to rapidshare.com. HijackThis: Here
-------------------------------------------------
0
1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.i) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.
ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.
iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.
begin ExecuteStdScr(3); RebootWindows(true); end.
Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.-------------------------------------------------
0
Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step:
1) Run this script in AVZ like before, your computer will reboot:
begin SetAVZGuardStatus(True); SearchRootkit(true, true); DelBHO('{F5BDF86B-A5FF-39A6-A4EB-585761E05B33}'); QuarantineFile('C:\WINDOWS\system32\xwr66768.dll',''); DeleteFile('C:\WINDOWS\system32\xwr66768.dll'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.2) After Reboot. Attach a Combofix log, please review and follow these instructions carefully.
Download it here -> http://download.bleepingcomputer.co...
Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.
-------------------------------------------------
0
Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step:
1) Run this script in AVZ like before, your computer will reboot:
begin SetAVZGuardStatus(True); SearchRootkit(true, true); QuarantineFile('c:\windows\system32\xa23104765.exe',''); DeleteFile('c:\windows\system32\xa23104765.exe'); QuarantineFile('c:\windows\system32\xa23104312.exe',''); DeleteFile('c:\windows\system32\xa23104312.exe'); QuarantineFile('c:\windows\system32\xa23021625.exe',''); DeleteFile('c:\windows\system32\xa23021625.exe'); QuarantineFile('c:\windows\system32\xa23021109.exe',''); DeleteFile('c:\windows\system32\xa23021109.exe'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.2) Run this script in AVZ:
begin CreateQurantineArchive('c:\quarantine.zip'); end.3) A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the Download link to the uploaded file.
4) Lastly, uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok.
-------------------------------------------------
0
Is your original problem fixed? Also in your AVZ folder there should be directory called "Quarantine". Can you please zip up that folder upload it rapidshare.com and private message me download link.
-------------------------------------------------
0
Yes Neoark, the initial problem is solved. Thank you so much for your help :) I am pm'ing you the last link. Again, I appreciate it!
0
Thanks for the files. Please follow these steps in order numbered and post summary log after each step.
1) If you use Windows System restore, turn it off > reboot. How to turn it off/on: http://support.kaspersky.com/faq/?q...
Run a full scan with http://www.eset.eu/online-scanner
# Check the box next to YES, I accept the Terms of Use. # Click Start # When asked, allow the activex control to be installed. # Click Start # Check below options: * Remove found threats * Scan archives * Scan for potentially unwanted applications (Advance Settings). * Enable Anti-Stealth technology (Advance Settings). # Click Scan # Wait for the scan to finish # When it finishes it will create a log file here: C:\Program Files\EsetOnlineScanner\log.txt # Attach this logfile to your next message.
Illustrated tutorial: http://img155.imageshack.us/img155/...Note: Turn system restore back on, if you wish; this to remove malware from system volume information files.
2) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.
3) House cleaning. Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
ESET:
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=e5684cf05140cd49884cdbed82c62c12
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-11 04:29:31
# local_time=2009-06-10 11:29:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 21 83 100 3922108593750
# scanned=37202
# found=0
# cleaned=0
# scan_time=3225
0
Anti-Malware:
Malwarebytes' Anti-Malware 1.37
Database version: 2261
Windows 5.1.2600 Service Pack 36/11/2009 12:07:36 AM
mbam-log-2009-06-11 (00-07-36).txtScan type: Full Scan (C:\|)
Objects scanned: 119912
Time elapsed: 30 minute(s), 43 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
(No malicious items detected)Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
(No malicious items detected)Folders Infected:
(No malicious items detected)Files Infected:
c:\documents and settings\JMari\Desktop\avz4\quarantine\2009-06-08\avz00001.dta (Trojan.BHO) -> Quarantined and deleted successfully.
0
SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 06/11/2009 at 01:12 AM
Application Version : 4.26.1004
Core Rules Database Version : 3934
Trace Rules Database Version: 1877Scan type : Complete Scan
Total Scan Time : 00:30:43Memory items scanned : 466
Memory threats detected : 0
Registry items scanned : 5728
Registry threats detected : 0
File items scanned : 11796
File threats detected : 27Adware.Tracking Cookie
C:\Documents and Settings\JMari\Cookies\jmari@tribalfusion[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@specificmedia[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@serving-sys[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@interclick[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@media.mtvnservices[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@questionmarket[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@2o7[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@collective-media[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@atdmt[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@adserver.adtechus[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@serving.adsrevenue.clicksor[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@advertising[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@cdn4.specificclick[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@imrworldwide[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@specificclick[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@tacoda[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@myroitracking[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@pbid.pro-market[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@kaspersky.122.2o7[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@revsci[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@ads.pointroll[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@bs.serving-sys[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@pro-market[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@a1.interclick[1].txt
C:\Documents and Settings\JMari\Cookies\jmari@specificmedia[2].txt
C:\Documents and Settings\JMari\Cookies\jmari@oasn04.247realmedia[2].txt
0
Your malware free. If your original problem still persist let me know. Run these last to links no need to report back.
1) http://onecare.live.com/site/en-Us/...
2) http://onecare.live.com/site/en-Us/...
PS: i am not monitoring this post any more if still need help feel free to PM.
If I'm helping you and I don't reply within 24 hours send me a PM.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
