Computer searches xxx sites behind the scenes

April 4, 2013 at 10:45:17
Specs: Windows XP, AMD Turion 2.4GHz/4GB RAM
I had/have a virus that I thought I cleaned out but am sitll getting minor issues. The original virus (i dont know the name of it) basically was one of those that looked as if it was a virus scanner itself and marked all my files as "hidden" as if they were deleted to the user. I ran various scanners like MBAM and Security essentials which seemed to remove the main problem, and I had to manually mark each file in my c drive as not "hidden".

Now I am having no warnings on screen , but I notice in my start menu (by the clock) that my computer is constantly transfering data (the little computer icon that blinks when data is being transfered when browsing the net). I will clear my temp internet files folder then check back 15 minutes later while not using the computer at all to find hundreds of files in the folder I jsut cleared. These files include a lot of images which are from pornographic web sites.

Whatever is still on my computer is "downloading"/browsing these files automatically. I have updated to the most recent version of MBAM and scanned, but it found nothing (even in safe mode). What else can I do/use that will find what is causing this activity?


See More: Computer searches xxx sites behind the scenes

Report •

#1
April 4, 2013 at 11:23:27
Do you still have the mbam log? it might list which program was uninstalled this might assist with this. My guess is that the reason for the surfing is a pay to click, so the malware designer is using your computer to make money. Things I would suggest to thwart them.


download this from another computer
Kaspersky TDSSKiller http://download.cnet.com/Kaspersky-...
Malwarebytes http://downloads.malwarebytes.org/f...

Run both within safemode, and unplug the cable/disable internet.

:: mike


Report •

#2
April 4, 2013 at 14:13:48
Please copy & paste instructions into a text file, print/write down steps & info. You will need them, as they are hard to remember, for when you are offline.

Note: Is your important stuff backed up, including your emails & address book. Anything can happen, during the clean up.

The badies are always ahead of the goodies, be aware, this can be a very long process, involving many different tools to clean up an infected comp.

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair later.

If any program won't run ( due to the infection ) let me know.

Copy & Paste the contents of the log/logs after running each program, including the TDSSKiller log from the previous post.


Report •

#3
April 4, 2013 at 14:14:39
1: Run ESET Online Scanner, Copy & Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a thumb drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...

Report •

Related Solutions

#4
April 4, 2013 at 15:10:33
Hi buratti,
Follow response #1 and use
rkill http://www.bleepingcomputer.com/dow...
before the other 2. Rkill will stop whatever process is running and allow the other 2 progs to pick up and remove the unwanted rootkit.

The entire process will take less than 10 minutes to complete.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#5
April 7, 2013 at 04:50:39
Thanks for all the posts. This is actually one of my work computers so I will not be able to try any of them until monday morning. I will keep you all posted as to how it is working out.
Thanks

Report •

Ask Question