Help Needed!!!

Discussion in 'Malware Help (A Specialist Will Reply)' started by babell, Dec 16, 2006.

  1. babell

    babell Private E-2

    First of all, thanks for this website. It has been a great help.

    Second, I ran all the steps in the "REAN & RUN ME FIRST Before asking for Support" thread.

    My problem, now: When running IE I am only able to open up one browser window at a time. If I try to open two then IE freezes and I cannot do anything until I quit IE and open it again. This is frustrating also because when I click on a link that opens up a new browser window it does the same thing and the new window pretty much stops IE all together. For that reason I could not run the PandaActive Scan.

    How did I make it this far you ask? Well, I went to work and printed out all steps and downloaded all files to a flash drive. Then I loaded all programs onto my computer. I am making this thread right from a friends computer.

    Problems fixed by the initial cleaning.
    Originally when I opened up IE it would be super slow and then an error would pop up. It was a RunDLL error saying, "An exception occurred while trying to run ""C:\windows\system32\brrotate.dll"Dllverify". Then after this error occurred I could run the browser, but one window only. This error no longer occurs and I noticed that Spybot got rid of a rotator virus during the initial cleaning.

    Other problems upon start-up:
    I get a "qms3.tmp has encountered a problem and needs to close" error upon start-up

    I have Norton antivirus and it always days that "spyware.safesurfing" has been detected and it recommend to remove it. I of course remove it, only to encounter this promt upon every start-up.

    Now upon shut down after my browser is closed I encounter an endprogram prompt for ixplore.exe.

    Well that is my problem. I would appreciate anything you can do for me as I have no clue what else to do. Just realize that I can only use one browser window and if I have t oclick on a link that opens up a new browser window then I am hosed.

    babell
     

    Attached Files:

    babell, Dec 16, 2006
    #1
  2. babell

    babell Private E-2

    Other attachments

    Here are the other attachments for babell.
     

    Attached Files:

    babell, Dec 16, 2006
    #2
  3. babell

    babell Private E-2

    Re: Other attachments

    First of all, thanks for this website. It has been a great help.

    Second, I ran all the steps in the "REAN & RUN ME FIRST Before asking for Support" thread.

    My problem, now: When running IE I am only able to open up one browser window at a time. If I try to open two then IE freezes and I cannot do anything until I quit IE and open it again. This is frustrating also because when I click on a link that opens up a new browser window it does the same thing and the new window pretty much stops IE all together. For that reason I could not run the PandaActive Scan.

    How did I make it this far you ask? Well, I went to work and printed out all steps and downloaded all files to a flash drive. Then I loaded all programs onto my computer. I am making this thread right now at an internet cafe so that I am able to attach the logs.

    Problems fixed by the initial cleaning.
    Originally when I opened up IE it would be super slow and then an error would pop up. It was a RunDLL error saying, "An exception occurred while trying to run ""C:\windows\system32\brrotate.dll"Dllverify". Then after this error occurred I could run the browser, but one window only. This error no longer occurs and I noticed that Spybot got rid of a rotator virus during the initial cleaning.

    Other problems upon start-up:
    I get a "qms3.tmp has encountered a problem and needs to close" error upon start-up

    I have Norton antivirus and it always days that "spyware.safesurfing" has been detected and it recommend to remove it. I of course remove it, only to encounter this promt upon every start-up.

    Now upon shut down after my browser is closed I encounter an endprogram prompt for ixplore.exe.

    Well that is my problem. I would appreciate anything you can do for me as I have no clue what else to do. Just realize that I can only use one browser window and if I have t oclick on a link that opens up a new browser window then I am hosed.

    babell

    Somehow I screwed up the first thread with the original three attaachments.
     
    babell, Dec 16, 2006
    #3
  4. babell

    babell Private E-2

    Re: Other attachments

    So the original Help Needed!!! thread that I put up is now gone apparently. I have no luck. When I try to attach the other logs to this thread it tells me that they have been already attached to the Help Needed!!! thread that I attached and it won't let me. I will try to attach them with another ID.
     
    babell, Dec 16, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Other attachments

    You first message was trapped by our spam filters for some reason. I validated it now and combine all your messages into one thread.

    I'm going to look at your logs now. Hang on for a bit if you can.
     
    chaslang, Dec 16, 2006
    #5
  6. babell

    babell Private E-2

    Cool. I am at home now using a friends computer. So I will be online for a while. Take your time.
     
    babell, Dec 16, 2006
    #6
  7. babell

    babell Private E-2

    More start-up fun. When I start up now Counterspy brings up "A Browser Helper Object (BHO) Requires approval. I remove it always because it recommends it, but this happens upon every start-up.
     
    babell, Dec 16, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What are the below files for and why are the being saved in the C:\Program Files folder. This is not a place where files should be saved. It should only be used for installed programs.
    Code:
    "C:\Program Files\"
mmd3.wal      Nov 29 2006     1019818  "MMD3.wal"
pimeer~1.wal  Nov 29 2006      753449  "Pimeer_Modern_v2.wal"
anunak~1.wal  Nov 29 2006     1170984  "Anunaki110.wal"
helios.wal    Nov 29 2006      259370  "Helios.wal"
    Make sure viewing of hidden files is enabled (per the tutorial).
    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll
    O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\system32\SmartShopper <--- the whole folder
    C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe
    C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe
    C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe
    C:\WINDOWS\10-47488c40c3cddfee98fc3b173f6d7beb.exe
    C:\WINDOWS\system32\slimgqjz.exe
    C:\WINDOWS\system32\Netverchk.exe
    C:\WINDOWS\system32\CAUnst.exe
    C:\WINDOWS\system32\tcblfxod.dll

    Now run Ccleaner

    Now reboot in normal mode

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\Documents and Settings\Brad\Local Settings\Temp\

    Now attach the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. ShowNew
    3. HJT


    Make sure you tell me how things are working now!

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Dec 16, 2006
    #8
  9. babell

    babell Private E-2

    You are genius. I can open up multiple IE windows, there are no longer any counterspy BHO blocker prompts, and no Norton Virus prompts. No start-up errors either.

    The only hang-up is when counterspy updates the software at start-up it pops up a window at the lower right that just freezes. I cannot close it. I usually just do an endtask on counterspy to get rid of it.

    Here are the scans.

    And I will disable system restore, reboot, and re-enable system restore right now.

    babell
     

    Attached Files:

    babell, Dec 16, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log is clean. If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    8. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Dec 16, 2006
    #10
  11. babell

    babell Private E-2

    OK, I have done the final steps and I now have a software firewall. Thanks for the tips and all the help. It is much appreciated.
     
    babell, Dec 16, 2006
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf Safely!
     
    chaslang, Dec 16, 2006
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds