browser keeps opening random web pages

help with panda active scan

hi there! thx for the help guys. nice forum.

i'm following the instructions of the "READ & RUN ME FIRST Before Asking for Support" page. So far so good.
but when i try to do the Panda ActiveScan (in Windows safe mode), IE shows me an error in the page where you select the drive or folder to scan. The error is in Line:101, Car:2, Error:The object does not accept the method or property, or something like that (my message is in spanish), Code:0.

what should i do?

my problem is a spyware i think. every second, the McAffee Security Center shows me alarms about PUPs. a lots of them. some of them i can delete, other not. and my firefox keeps poping up with random web pages from comercial sites to smiley centrals.

thx a lot.

 

Re: help with panda active scan

Skip it for now, run the Bit Defender online scan and procede with the rest.

 

Re: help with panda active scan

Thanks for the quick answer man.

 

Re: help with panda active scan

well then, i made the whole process and still have the spyware problem.

should i post my problem here (in this thread) or post a new one?

 

Hi folks.
I've done all the things listed in the "READ & RUN ME FIRST Before Asking for Support" page, but the problem persists. The only program that i could not run was Panda Active Scan.

My browser keeps opening web pages randomly.

I have McAffee Viruscan active and it has shown me endless alerts since the day before yesterday.

One of the first alerts told me that i had a virus called: "downloader-asr". After that, and after many tries to eliminate the virus, the alerts kept coming with names of trojans like "downloader.q" or "qurl-3". Also showed me many PUP alerts with dll file to remove (i have a list of them).

Please if you could help me, i would appreciated.
If you need logs from the other programs, i have them.

Sorry if my english is bad, but isn't my native language.

Thx.

 

Please see the below thread on running the L2MeFix Tool.

• Look2Me VX2 Removal

 

Hi bjgarrick! I followed the Look2Me Fix Tool thread. So I'm posting the 2 logs that showed me.

Also I'm posting 2 errors that i got after rebooting.

Thx. Regards.

Kaleru.

 

Now I need a fresh HJT log from normal mode.

 

Here it is.

Thx a lot.

Kaleru

PS: i'm also attaching an alert that VirusScan gave me. i couldn't clean, delete or quarantine the detected trojan (see image).

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\g040lahm1d4a.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

After you complete the above, REBOOT and proceed with the rest of this fix...

After you have completed everything listed above, run the below thread once more. When you run the Look2Me Tool, run the FIX only and attach this log with a fresh HJT log after you have rebooted.

 

hi bjgarrick!

i couldn't do the fix with HJT because it showed a different O20 line. i'm attaching the log file.

should i check that box anyway? should i do this fix in windows safe mode or it's ok in normal mode?

 

other thing thats happening since i got the malware, is that everytime i reboot my computer, the taskbar looses it's configuration.

is this related to the trojan problem?

 

Your not following my directions or it would be gone, run the thread below and attach both logs with a fresh HJT log after a reboot.

• Look2Me VX2 Removal

 

I'm sorry, really sorry bjgarrick....... this time i really fuc*ed it up.

i'm sorry.

I was running the Look2Me tool, the number #2 option, when i freaked out and stopped it... don't know why (i thought i was doing it wrong again or something)... then i had to reboot the computer, and after the "welcome" page showed, in the user menu was "l2Mefix" but password protected, so i enter as another user with administrator capabilities and changed that user to "administrator".

after all that i run l2mfix, first choose option #1, then option #5, then option #2. is this correct? or i should only use options #1 and #2? (anyway i have attach the two l2me reports + the HJT report after the last reboot.

sorry again, and sorry to take so much of your time.

saludos, kaleru.

 

Download L2MeFix Tool and save it where you will be able to find it.

Please print out these instructions now or save locally so that you can operate with All Browser Windows CLOSED.

Exit Browsers now before continuing

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop.

DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.

Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Attach this log to your next message.

Now open your browser and come back here and post the log as an attachment to your message. Also attach a fresh HJT log.


NOTE: Please do not run any other options or files in the l2mfix Folder!

 

bjgarrick, i've done it.

i'm attaching the report.

thx. see ya.

 

Now attach a fresh HJT log.

 

There it goes.
Thx a lot man.
Kaleru.

 

Very weird that this isnt being removed by this tool, unless there is a newer variant.

Please see the below thread on how to install and run Spy Sweeper.

• Running Spy Sweeper...

 

damn. hope is curable.

i'm gonna pass the spysweeper right now.

 

It's curable, just run Spy Sweeper as requested and attach the log after a reboot. Also attach a fresh HJT log.

 

Hi bjgarrick!

I'm attaching the logs of: HJT, SpySweeper and the CCleaner.

I think maybe it's fixed (!!), because after the reboot the quick start bar (in spanish is "inicio rápido") appeared for the first time since i had the spyware.

Hope this is it.

Kaleru

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Spy Sweeper

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.


After you complete the above, reboot and let me know how things are running.

 

Man thanks a lot. So far so good.
Thanks all the guys in these forum that help people like me.
Un abrazo para todos.
Gracias.
Kaleru

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!

 

Thanks again.
If you need anything i can help you, just let me know.
Congratulations for these forum and the team you people have formed.
See ya.
Kaleru.

 

Happy to help!