Wave slider down/random IE popups/random clicking sounds and game-add sounds

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by De Zeug, Jul 20, 2010.

Thread Status:
Not open for further replies.
  1. De Zeug

    De Zeug Private E-2

    Good day,

    I know that there are several threads like this one, but, I've read somewhere that majorgeeks solves each problem by looking at personal info(I've ran the whole Read&Run this section, logs are in attachment).

    So here's the deal: At the 7th of July around midnight, my laptop(Lenovo 3000 N200) began to fail. The first problem that occured was the automatically resetting of the wave slider in the adjust volume control panel. Later on I started receiving several pop-ups from Internet Explorer(including 3D Poker, online dating services, etc). At this time there also appeared random clicking sounds and I also heard sounds that were like those game-adds(you know, the play free online mmorpg banners where you can turn the sound off), but without seeing those game adds. I've downloaded Security Task Manager, because I read that if iexplore.exe appears more than once in your list of processes, you're having malware. I tried isolating the iexplore.exe(which appeared several times under the title DDE Server Window, Sysfader, MCI Command Handling Window, but also nameless and something like www yadaying com or something like that). I was able to quarantaine it but it keeps re-appearing.

    It's really driving me nuts because I'm unable to game(popups minimalize the game), watch movies or listen to music.
    I've browsed through the net without finding any useful information regarding my issue, I'm glad that I bursted yesterday upon this forum. Like said before, I read a few threads of people with the same issue, but I found it wisely to start a new one, in order for you to decide what I should do best.

    Thank you very much,
    Ferre
     

    Attached Files:

    De Zeug, Jul 20, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I need to ask some questions:
    1. Do you have any drives that has a non-windows installation on them
    2. Are all drives NTFS formatted
    3. Do you have any non-standard or special MBRs which can occur from companies like Dell or HP who frequently install additional partitions used for recovery partitions in lieu of giving CD/DVDs.
    4. Is any program like Grub ( see:http://www.gnu.org/software/grub/ ) being used
    5. Is drive-encryption being used?
    6. Are any drives external USB pen drives or external hard drives being used?
    7. VERY IMPORTANT: Do you have all important data backed up? You really should do this before continuing since we will need to rewrite your MBR to fix this and while most times this can be done without any problem, these infections can react badly and that could result in a PC not being bootable. You really don't have much choice though since these infections are too dangerous to your security to leave on a PC.
     
    Kestrel13!, Jul 20, 2010
    #2
  3. De Zeug

    De Zeug Private E-2

    I don't really have a lot of computer knowledge so basically everything you say is unclear to me. Can you be a little more clear. The only thing I know is that there is no program like Grub used and I am using an external hard drive for my music, movies and games. All important data is backed up. So if you just want to explain task 1. 2. 3. and 5. to me?(what do you mean by non-windows installation, what is NTFS, what is drive-encryption). I know that lenovo uses a Rescue&Recovery program that can be opened while booting, but I don't think it's still active since my laptop originally had vista home on it, and now it has windows xp installed(due to a system crash june 2009). I didn't install the OS myself, so I do not know anything about additional partitions used for recovery partitions..therefore I apoligize, I am a noob on the field of computers, so be patient with me please:)

    Kind Regards
    Thanks a lot!
     
    De Zeug, Jul 20, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please also download MBRCheck to your desktop

    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...

    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message.
     
    TimW, Jul 21, 2010
    #4
  5. De Zeug

    De Zeug Private E-2

    Heya,

    I can't download MBRcheck, the link you've sent me doesn't work,
    I get an: "403 Forbidden Access to this resource on the server is denied!" error..
    I tried looking up MBRcheck on google; but I cannot find a link..
     
    De Zeug, Jul 22, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The link is now working so go ahead and do what I posted in message 4.
     
    TimW, Jul 22, 2010
    #6
  7. De Zeug

    De Zeug Private E-2

    Just did the scan
     

    Attached Files:

    De Zeug, Jul 23, 2010
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Do you have all important data backed up? You really should do this before continuing since we will need to rewrite your MBR to fix this and while most times this can be done without any problem, these infections can react badly and that could result in a PC not being bootable. You really don't have much choice though since these infections are too dangerous to your security to leave on a PC.

    Also note if you have a Dell PC which uses a non-standard MBR ( or another manufacturer's who does similar to Dell) , fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not continue but you risk serious problems leaving this infection in place and thus your only other option would be to try using the Dell Restore Utility to return a factory ship state which will remove everything you additional you have put onto the PC.



    Now if you wish to continue and fix the malware - please do the following:
    • Run MBRCheck.exe
    • Wait until you see the following lines:
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
      • Options:
        [1] Dump the MBR of a physical disk to file.
        [2] Restore the MBR of a physical disk with a standard boot code.
        [3] Exit.
        Enter your choice:

    • Please push the 'Y' key and then press Enter
    • When the program asks you to Enter your choice: enter 2 to Restore the MBR and press the Enter key
    • Now the program will ask you to "Enter the physical disk number to fix (0-99, -1 to cancel):"
      • Enter 0 and press the Enter key.
    • The program will show Available MBR codes as below
    • You need to select your version of Windows frrom the list. For example, enter 5 for Windows 7 that you are running and then press Enter.
    • The program will prompt for confirmation. Type 'YES' and hit Enter.
    • Left click on the title bar (where program name and path is written). From menu chose Edit -> Select All
    • You will see all the text in the window get highlighted.
    • Hit the Enter key on your keyboard to copy all of the text into the clipboard.
    • Paste that text into Notepad, save it to your desktop as MBRfix.txt
    • Restart your PC.
    • Attach the MBRfix.txt file to your next message..

    Note the instructions for the copy the screen info are incorrect. Like any DOS window, you must click on the top bar of the Window and then select Edit. Then you will see the Select All option and you cannot use CTRL-C. Basically you need to use what I say in the boiler plate for Bootkit Remover
     
    Last edited by a moderator: Jul 23, 2010
    Kestrel13!, Jul 23, 2010
    #8
  9. De Zeug

    De Zeug Private E-2

    Hi,

    I re-installed my operating system, the problem is fixed now. Thanks a lot for your patience
    but I couldn't wait any longer. The problems were driving me nuts:p

    Bye,
    Thanks again,
    F.
     
    De Zeug, Jul 23, 2010
    #9
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds