Problem with my PC

Discussion in 'Malware Help (A Specialist Will Reply)' started by AskewMew, Aug 6, 2013.

  1. AskewMew

    AskewMew Private E-2

    I hope I'm posting this alright, I apologize if not. I wasn't sure if I was to create my own thread or not. Basically I've been having problems with my PC after being an idiot and not listening to that gut feeling of downloading something that looked suspicious. I went to Pirate Bay to download the latest season of Game of Thrones, I wasn't thinking right and just was just excited to finally see my favorite book in the series depicted on the screen. I knew what I did right when I clicked and downloaded an .exe file. I thought it was real cute how it thanked me after downloading -.- My AV program went crazy saying it found a threat, but not to worry, it removed it. I also uninstalled the things it added to my computer, promptly freaked out and ran my AV (microsoft security essentials) then malwarebytes anti-malware. I believe that at the time it did find something (the malware) and removed it. I ignorantly thought all was well afterward and continued on my merry way and downloaded a legit file from the site that WASN'T an .exe.

    Just to give you some background on me. I had a boyfriend who perhaps coddled me a little too much and usually took care of all my needs when it came to downloading some show. Yeah, I know downloading things illegally is bad and all that jazz, but I just couldn't wait for the season to come out on dvd. So, although I am somewhat proficient in computers, I'm no whiz by any means and apparently make dumb mistakes.

    I started noticing the problem with my pc when I this stupid little pop up kept coming up on my browser. It would list things (like product info, discounts, coupons..) that were relative to what ever I was looking at at the time, and I first thought it was maybe part of the site I was looking at. I got annoyed by it and clicked it close. It didn't close, but instead minimized itself. Then I noticed every site I went to had this little popup and I thought it seemed a little fishy. I ended up googling something like, "why does a coupon popup keep coming up" and it recommended on some link that the last person who asked that should run microsoft defender. I then went into my computer to run that, thinking it was the answer to my problem. From there, it got wonky. It kept changing to the microsoft defender being on then off. It did it so fast, back and forth. Puzzled, I then googled, "why does my microsoft defender keep turning off" and was then directed to this helpful forum.

    Since then, I've broken my phone with this virus after transferring files on to my phone (the sought after series of game of thrones). After that happened, I knew I was in deep with the remnants of this gross virus or malware. I've downloaded and run everything, but am still having some trouble. Currently I have to have my AV (webroot) disabled to even look into a site. The AV starts freaking out saying that it found a website and has threats and that I should close it. This happens every 4 or so seconds and it made reading the instructions a pain. I will turn it back on after posting this, but I'm just mentioning it now as it is one of the problems I'm having. Thank you in advance for the help. I'll now list the logs
     

    Attached Files:

    AskewMew, Aug 6, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Based on your logs, you may not be having malware problems. Malwarebytes removed your main issues. All I see left is a little junkware which we will remove and see what happens.

    First you need to disable UAC as requested in the READ & RUN ME FIRST and leave it disabled until we finish.



    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Users\Jillian\AppData\Roaming\GetValue.vbs
C:\Users\Jillian\AppData\Roaming\SetValue.bat
C:\ProgramData\InstallMate
C:\ProgramData\MagyniiPiC
C:\Users\Jillian\AppData\Local\Temp\*.*
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.



    Now please run the below anti-rootkit tool from Malwarebytes.

    http://blog.malwarebytes.org/news/2013/05/malwarebytes-anti-rootkit-beta-1-06/

    Attach a log from the above.


    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the Malwarebytes Anti-Rootkit log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Aug 7, 2013
    #2
  3. AskewMew

    AskewMew Private E-2

    I'm sorry it took a bit to write back, it's been a hectic week for me. I really appreciate you getting back to me and helping me with this problem. I'm not sure that much has changed. I'll restart my computer after I put the requested logs and and write another reply if I'm noticing the problems I've highlighted in some screenshots I've taken have gone away. If not, then things are the same.
     

    Attached Files:

    AskewMew, Aug 16, 2013
    #3
  4. AskewMew

    AskewMew Private E-2

    Please excuse this double post. I thought it best to show the picture of what's going on here. Various words will be underlined with double lines, and if you put your mouse over it, it highlights an ad. Also, on the bottom right hand it'll show some ads about what it relevant to whatever you happen to be viewing
     

    Attached Files:

    AskewMew, Aug 16, 2013
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Many times these are legit. They are called context sensitive advertisements provided by AdSense or Vibrant Media. Many websites use them as a sourc of revenue to help pay for supporting the website. Do they happen on every website or only some?

    Since you appear to be using Firefox, please do the below:

    Reset Firefox to Defaults

    Did that help?
     
    chaslang, Aug 17, 2013
    #5
  6. AskewMew

    AskewMew Private E-2

    I think that fixed it! :D :D :D! (the firefox reset) Thank you so much!!
    Hopefully that fixed it all up and my computer will be stable and not hardlock anymore, but so far so good. No more Ad things (that appeared on every site), I can actually view my email in outlook and no more weird redirect things (I guess that's what they're called) when I click on something and it opening multiple browser windows! :D

    I had one more question though. The items I have downloaded on my PC, (namely the Game of Thrones file I still have) am I to assume that they're all virus/malware free and it'd be okay to trans them to my new phone to view on my tv? I don't want to kill another phone and essentially flush another $400 down the drain
     
    AskewMew, Aug 17, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    I have no idea what this is or where you got it from.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Aug 17, 2013
    #7
  8. AskewMew

    AskewMew Private E-2

    Will do, thanks again! I'll definitely refer you guys and use you again if this happens a second time, but hopefully not :-D
     
    AskewMew, Aug 18, 2013
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Aug 18, 2013
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds