Pop-Ups, slow browsing, web videos not playing

Discussion in 'Malware Help (A Specialist Will Reply)' started by monalisa, Nov 9, 2012.

  1. monalisa

    monalisa Private E-2

    Hi Malware-problems Adviser,
    My laptop is having the following issues, I couldnt identify a particular turn-on date, however things went bad gradually and for last 3 weeks its impact has been the most.
    - When I click on a link, often it opens the valid page but additionally opens a pop-up which seems to be advertisements
    - Internet Browsing speed is slow
    - Most of the times (noticed it for last 3 weeks), web-videos (eg. the weather channel/ news channel videos) are not playing.

    Please find attached the logs from the scans specified in "Read me first" post. Most of them seem to have detected items. Can you please recommend fix for the above issues and ways to clean the infections detected in the scans?
    Thanks. Monalisa
     

    Attached Files:

    monalisa, Nov 9, 2012
    #1
  2. monalisa

    monalisa Private E-2

    Update: Symantec Antivirus Auto-protect just detected several Trojan inections in the last few minutes. Screen shot is attached. Thx. Monalisa
     
    monalisa, Nov 9, 2012
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I see the below DNS IP Address in your logs
    Code:
       DNS Servers . . . . . . . . . . . : 216.146.35.240
                                       216.146.36.240
                                       75.75.75.75
                                       75.75.76.76
    The last two with 75.x.x.x are from your ISP ( Comcast ). Why do you have the other two 216.x.x.x addresses which are for Dynamic Network Services in New Hamshire? They seem to be related to the below. Why did you install this ( on Oct 13 2012 )? It may be the cause of your problems.
    "Sendori Tray"="\"C:\\Program Files\\Sendori\\SendoriTray.exe\""

    Also what do you use Akamai NetSession Interface for?

    Also did you knowingly install DealCabby ?

    I would uninstall DealCabby and Sendori and then reboot and see how things are working.
     
    Last edited: Nov 10, 2012
    chaslang, Nov 10, 2012
    #3
  4. monalisa

    monalisa Private E-2

    I have no clue about how dealcabby/sendori got nstalled or do I know about the dynamic IP addresses. I have deleted Sendori, dealcabby and akamai in safe mode (wasnt allowing in normal mode).
    However, Symantec is constantly detecting "Trojan.Zeroaccess.C" and "Trojan.Gen.2".

    Can you pls recommend ways to clean this infection?
    Thanks. Monalisa
     
    monalisa, Nov 11, 2012
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I assume/hope you meant you uninstalled it. Deleting does not equal Uninstalling. ;)

    Can you tell me exactly where it is reporing this. The name is not as important as the where. If it is in System Volume Information it is not a problem as it is just system restore which will get fixed when we finish up.
     
    chaslang, Nov 13, 2012
    #5
  6. monalisa

    monalisa Private E-2

    I thought it would be easier if I attached the new log so you can see the location. Pls find attached the new logs post the rescan. I am attaching the Symantec scan log in a separate post. Pls review and let me know what I need to do next. Thanks. Monalisa
     

    Attached Files:

    monalisa, Nov 13, 2012
    #6
  7. monalisa

    monalisa Private E-2

    Symantec log is attached. Please review the location of the infections and pls let me know what needs to be done to clean this up. Thx. Monalisa
     

    Attached Files:

    monalisa, Nov 13, 2012
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is a new infection. You can see that these were not present in the first set of logs that you attached. Did Symantec clean them up or are the still being detected?

    See if you can delete the below on the File tab of RogueKiller:

    [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$a43971867706b95d40fa6558832ba3f8\n --> FOUND
    [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-3604562318-1939437867-2990861949-1003\$a43971867706b95d40fa6558832ba3f8\n --> FOUND
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$a43971867706b95d40fa6558832ba3f8\@ --> FOUND
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3604562318-1939437867-2990861949-1003\$a43971867706b95d40fa6558832ba3f8\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$a43971867706b95d40fa6558832ba3f8\U --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3604562318-1939437867-2990861949-1003\$a43971867706b95d40fa6558832ba3f8\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$a43971867706b95d40fa6558832ba3f8\L --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3604562318-1939437867-2990861949-1003\$a43971867706b95d40fa6558832ba3f8\L --> FOUND
     
    chaslang, Nov 16, 2012
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds