Could someone help me out?

Discussion in 'Malware Help (A Specialist Will Reply)' started by trickae, Feb 2, 2006.

  1. trickae

    trickae Private E-2

    I 've been removing spyware for a while
    but the latest case is beyond me.

    MEASURES I HAVE TAKEN:
    Its not 180 or cweb,
    All hidden files are enabled, theres nothing odd that appears in add/remove software, no foreign files running in memory, all temp internet files have been removed, cookies is not enabled (i'm choking with all the passwords i had to write down now.), I've combed through my running processes - nothing

    Even more so - spybot S&D, ad-aware SE, Microsofts New spyware removal software all return a "congratualtions no threats detected"

    All are updated to the latest versions. All the latest definitions have been installed.

    No weird websites have been visited - i've run trend micro's housecall several times over the past week.

    - THE THREAT -
    multiple internet explorer pop ups open when no internet activity is present. Even after i disabled my proxy connection in IE - blank windows still pop up.



    Now i have just restarted my computer in Normal boot. I have excluded Quick time and itunes from starting up. I have a safe version of msn plus. I have had it for ages and its the version that comes with no malware what so ever. Even before my current spyware problem I 've had the latest version of MSN plus and have never seen spyware like this.

    Heres my HJT and IseeU log

    • Edit by bjgarrick: Unrequested, Inline HJT log removed!
    thank you in advance.
     

    Attached Files:

    Last edited by a moderator: Feb 2, 2006
    trickae, Feb 2, 2006
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Welcome to MajorGeeks.com!

    Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

    Now, please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    • Make sure you check version numbers and get all updates.
    http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

    http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis
     
    bjgarrick, Feb 2, 2006
    #2
  3. trickae

    trickae Private E-2

    K, i've gone through and completed all the steps but i still have persisitant malware problems - theres a tonne of pop ups still coming up.

    I found a folder,caller vienrar which seemed to be running a data miner and it kept logs. I deleted the entire folder.

    i've attached my HJTlog and my iseeyou scan results. these were taken on a normal boot in safe mode.

    thanx
     

    Attached Files:

    Last edited by a moderator: Feb 4, 2006
    trickae, Feb 4, 2006
    #3
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, there is no need to run ISeeYouXP, I didn't request this so it's not needed. This should only be used when requested by a malware fighter.

    You still have not ran every step in the READ ME!

     
    bjgarrick, Feb 4, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In addition, step 7 of the READ ME is not being followed. HJT is installed improperly, the log was from safe mode instead or normal boot mode, and msconfig is still running to control startups. Please follow step 7 completely.
     
    chaslang, Feb 4, 2006
    #5
  6. trickae

    trickae Private E-2

    hey Guys I've found the problem - panda and bitefinder came out clear. I'll get the new HJT and install it in a folder of its own.

    the problem was from a a program installed in a folder called

    vienarar - it was installed in my winrar folder.

    The latest version of spybot caught the main exe file - but it came back somehow because of a bat file found in the folder. I removed the entire folder in safemode as i couldn't before - (it said the program was in use and i was unable to delete the folder). Now my computer runs smoothly and i've yet to encounter any problems.

    thanx for all the tips tho.

    trickae


    vienrar - One thing that should be mentioned is that the malware will reinstall it self if its removed. ALso its hard to track as the pop ups are varried in time and by what shows up. They have a different popup everytime. It went from ringtones, russian wallpaper sites, to christian coffee houses.

    Furthermore what ticked me off was that nothing was detecting it. Now spybot has caught on - so it should be easier to remove now.
     
    trickae, Feb 5, 2006
    #6
  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    After you have relocated HJT attach a fresh HJT log.
     
    bjgarrick, Feb 5, 2006
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds