Beat mass popups. Many thanks to the great minds of this forum and the read me topic

I recently got a nasty virus off of popups, since now all it takes to have your machine spammed by 50 executables of trojans and some godawful replicating and brand new trojans not identified by most scanners is just visiting certain pages through google (even popular ones) that have popups which lead to other popups and BAM 20 popups and a machine full of virus/trojan/adware you name it. You don't accept anything, click on anything, run any executable, install anything. Nothing. Just VISITING these pages which are now starting to liter google is all it takes. Latest windows updates don't help.

I read your readme and must have done 50 scans from about 10 different programs, made 10 mistakes along the way but eventually I managed to defeat the beast that hid on my computer (I highly recommend spysweeper and be SURE not to forget counterspy like I did the first time). I fought this thing for 2 days, and I can gaurantee any normal type of high end tech support would have no idea how to help, but the help at majorgeeks did it.

So much thanks to you guys here for your readme topic and other help (which I was almost about to request if the last scan didn't work).

*Other blab read if you only want to:
The sad thing is without scan programs recognizing all these different types of malware and trojans there is really no way to beat them. They don't show up in processes, don't show up in hijack this as loading at startup, and are near impossible to find in the registry due to odd names. Yet they manage to run every 15 seconds only when you have your internet cable plugged in. So unless a program knows that something like sfvb18423dlsll.dll or whatever it was is a new trojan, you are out of luck like I ALMOST was.

 

Oh and a word of advice to everyone, with these new batch of IE exploiting popups spreading on the net get firefox or at LEAST get a very powerful popup blocker.

 

If you have ran the steps in the READ ME, please attach the following logs.

• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender (Step 6)
• Panda Scan (Step 6)
• HijackThis

 

I managed to beat it so don't worry, If you want any of the above files for lets say informational purposes then I have some of them but I once again made some stupid mistakes, I honestly didn't think I would beat it so at the end I did scans just to check up on things and didn't save the logs expecting the popups to pop right back up on logging back in to normal windows and reconnecting the cable for internet. So when they didn't I was surprised.

Bitdefender found nothing so I didn't save a log (sorry), counterspy found some lower types of easily removed malware so I didn't save a log (I know im a fool).

Pandascan and spysweeper each seperately found different rarer malware on my computer. It looks like it was some type of smitfraud working in tandem with something else very new that was hiding in dll and .vbs files. I really should have saved those logs, my apologies. I honestly thought after all the other scans that panda and spysweeper wouldn't be much more of a help and any better at finding it, but it is like each program fills in a seperate hole so you need to run them ALL.

I was going to check if the popups came back, and if they did (which I was sure they were going to) it was time for me to do one last mass scan and gather all the log files.

 

Attach the logs you have, mainly attach the HJT log.

 

Ok, I took these files before I did the full out offensive scan of everything including pandascan and spysweeper which found the new varient hiding in multiple places so unfortunately they don't give much information as to the particular new beast hiding on my computer.

I was uninstalling bitdefender since it can't run in safemode and the popups came and interrupted the install process making it a mess as you can see in the hijack log.

I will post new logs, post virus defeat, in the next post also.

 

And these are new files that I took (and kept in a different folder so the old ones are still available) unfortunately im not noticing barely any difference.

What I can remember that was causing it and not being picked up by the other scanners was there was a .vbs file that had a useless name with a bunch of random characters somewhere, and a dll file with an equally useless random characters name and somehow they were able to run at intervals on their own without having to startup or show up in hijack or processes which is why it was such a pain in the behind for me to get rid of them.

 

All I know is if someone else has a bad problem with popups and the usual scanners aren't working refer them to panda AND (this is vital) spysweeper immediately. Panda found the .vbs file, and spysweeper located the dll file.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Next, run CCleaner to clean up cookies and temp files.

Reboot to Safe Mode!

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you complete this post, attach a fresh HJT log with a new GetRunKey and ShowNew logs.