Big problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by idikitos, Jan 3, 2011.

  1. idikitos

    idikitos Private E-2

    Hello. This must be the biggest problem I ve ever had in my computer. A few days ago, while browsing some sites on the internet, I started getting a pop-up window of some russian site once every few times I clicked somewhere. At first it didnt look serious. I ran my avast scan then an anti-malware program but found nothing. Soon however the problem started to become more intense. Sometimes when I tried to click on something this pop-up window would show up and then I was unable to click on that specific box again..ever ! After trying all kinds of tricks I decided the only solution would be to format my hard drive. I did. I formatted it, I re-installed windows again (xp pro sp3) and to my surprise..the problem was still there (and all the specific sites I couldnt click on before..I was still unable to click on them !!). At this point, every time I click at anything on the internet ..if this pop-up window appears, I usually cant click on the same thing I was trying to click before whether it is a download link or a text link or whatever. And I cant click on it ever again. This thing is leading me crazy..
    Needless to say this had happened to all my 3 browsers before formatting, and right now i m using ie after format and the problem is still here. What is even more amazing is this: I have another laptop which I havent used for more than a month. Since this one is infected, I decided to use that one which is virus-free. I have a wireless router to connect to the internet. As soon as I turned on my other laptop and connected to the internet...suddenly the exact same problem appeared in the other laptop as well !!!!!! How is this even possible?
    I m going to attach the logs from the scans I ran (from the read and run me sticky)..and i really hope I can get some help because this has never happened to me before and it is just..crazy.
     

    Attached Files:

    idikitos, Jan 3, 2011
    #1
  2. idikitos

    idikitos Private E-2

    Here is the mgtools log as well..
     

    Attached Files:

    idikitos, Jan 3, 2011
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Java(TM) 6 Update 7 <--- Uninstall this outdated version of Java

    What is this seen running at start up?
    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::

Folder::
C:\Documents and Settings\George\7zSA60.tmp
C:\Documents and Settings\George\7zSA6D.tmp
C:\Documents and Settings\George\7zSA8B.tmp
C:\Documents and Settings\Default User\7zSA60.tmp
C:\Documents and Settings\Default User\7zSA6D.tmp
C:\Documents and Settings\Default User\7zSA8B.tmp
File::
C:\Documents and Settings\George\DelB18.bat
C:\Documents and Settings\George\elB18.tmp
C:\Documents and Settings\George\GLBA4F.tmp
C:\Documents and Settings\Default User\DelB18.bat
C:\Documents and Settings\Default User\DelB18.tmp
C:\Documents and Settings\Default User\GLBA4F.tmp
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

    • Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor.
    • Allow the application to run and a window will open showing that it is TDSSkiller from Kaspersky
    • Click Start scan
    • It will run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

    Reboot the machine again.

    Please also download MBRCheck to your desktop

    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some data on it
    • Right click on the screen and select > Select All
    • Press Control+C
    • Open a notepad and press Control+V
    • now please ATTACH that report to this thread

    You need to install some antivirus when we are finished here, but not until.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
    Kestrel13!, Jan 4, 2011
    #3
  4. idikitos

    idikitos Private E-2

    Here are the logs you asked me for. I don't think the problem is solved at all. Same parts of same sites are still not clickable, plus every time I choose to turn off or restart I get a message I must wait for a program called "sample" to end. I have no idea what this is (obviously some virus process which is running?). Also, nnow the problem has started moving to my files as well not only the browser. Now I m unable to click and run some setup programs and I m getting a blank screen on add/remove programs !
     

    Attached Files:

    idikitos, Jan 4, 2011
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This sounds more like a windows issue than a malware issue. However, let's have you try doing an online scan:

    eSet Online Scan.
     
    TimW, Jan 4, 2011
    #5
  6. idikitos

    idikitos Private E-2

    A windows issue? I doubt it. First of all, I m getting this pop-up window all the time while i m using my browser, windows dont do that. Second, what I find absolutely weird is that I had another laptop which I hadnt used for more than a month..and when I turned it on yesterday, it suddenly had the same problem as soon as it connected to the internet. (this is as if my internet line is somehow infected, whatever laptop i connect to the internet gets infected immediately !!!). And third, I went to that link for the online scan..the pop-up appeared..and I cant click on it ..so I cant run this..
     
    idikitos, Jan 4, 2011
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you running all of the computers through a router? If so, you need to find the recessed red button on the back or bottom and press it in for a few seconds. If you had any special configurations to the router, you will need to reset them. Tell me if that changes anything.

    You can also test this by by-passing the router and connecting directly to the modem. If the issue stops, it is the router that is infected.
     
    TimW, Jan 4, 2011
    #7
  8. idikitos

    idikitos Private E-2

    Well resetting the router seems to have fixed part of the problem. Sites are now clickable again and the pop-up has disappeared. However, the problem on files has remained. I still cant run some .exe files, and control panel-add/remove programs still gives a blank page. Any advice? Here is the Eset log as well.
     

    Attached Files:

    idikitos, Jan 4, 2011
    #8
  9. idikitos

    idikitos Private E-2

    Some extra info here. The laptop is obviously full of malware. I m still getting this "sample" program which I have to wait for to end when I try to turn off my laptop, I still cant run files and there is a .temp folder which was created by a program I was trying to install (official toshiba product no chance of malicious software) and when I try to delete this folder it says it is being used by another person or program (which is not real because it is just the setup.exe in there and it wont run anyway).
    As for my wireless router it has now stopped connecting to the internet, I had to look for my old modem and connect through that with an ethernet cable so I could get on the internet and post this.. I m getting extremely tired of this situation. If you can help me, please do so.
     
    idikitos, Jan 4, 2011
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Since we were not seeing any malware in your logs, I have asked Chaslang to have a second look at your thread.
     
    TimW, Jan 5, 2011
    #10
  11. idikitos

    idikitos Private E-2

    The situation right now is looking better, no browser problems but still a blank add/remove programs page. I think the "sample" program is not a virus probably a program i unnecessarily added but cannot now remove due to the blank page. I installed avast anti-virus, ran a scan, nothing found.
     
    idikitos, Jan 5, 2011
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    See if you can use CCleaner to check for programs in your add/remove folder. You may need to post in the software forum to get help in repairing your add/remove items.
     
    TimW, Jan 5, 2011
    #12
  13. idikitos

    idikitos Private E-2

    I can through ccleaner. But now explorer stopped working and the pc just turns off suddenly about once a day. I m sick of it. I fix one thing and 2 more come up. Maybe I ll just buy a new laptop..that might help.
     
    idikitos, Jan 5, 2011
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You may need to do a repair install. Worst case would be to backup all your personal files and data and do a reformat and clean install.
     
    TimW, Jan 5, 2011
    #14
  15. idikitos

    idikitos Private E-2

    Thats exactly what I was thinking too. I m on to it now. I think since the advice you gave me to reset my router actually solved the problem, a reformat will probably get everything back to working normally. I ll be back to you as soon as i m done.
     
    idikitos, Jan 5, 2011
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Correct! It is not malware, it is just related to the programs being used on your PC. We have seen this before and sometimes it had to do with Wireless Interfaces. Either way, it is not malware and not a topic for this forum.

    The fact that Add/Remove Programs does not display is also not likely to be malware. Sometimes antivirus programs have been know to cause extreme delay in see Add/Remove Programs populate. There are also cases where it may just be a problem within Windows. See this:http://support.microsoft.com/kb/266668/en-us


    For file and or registry permissions issues, the below should have been run:

    Resetting Registry and File Permissions
     
    chaslang, Jan 5, 2011
    #16
  17. idikitos

    idikitos Private E-2

    Thank you all very much for your help. The problem was related to the wireless router. As soon as I reset it, the pop-up stopped and a reformatting resolved the rest of the issues. Everything working fine now. However I insist there was malware because of this russian site that kept popping up, however an anti-malware program found it and deleted it so its all ok now.
     
    idikitos, Jan 6, 2011
    #17
  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know you are back up and running well. Safe surfing. :)
     
    TimW, Jan 6, 2011
    #18

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds