Help Please computer is acting strange:(

Discussion in 'Malware Help (A Specialist Will Reply)' started by babyturk, Nov 10, 2006.

  1. babyturk

    babyturk Private First Class

    Please help I don't know what is wrongt with computer? Last night when I was surfing the internet I had pornographic material come up for no reason, I think maybe possibly someone has control on the other end somewhere,I have also had a warning come up that said microsoft has checked my computer and my harddrive has stuff on there that could possibly wreck my marriage, or in my case I would get in trouble from mom and dad, but I don't go on porno sites,and it went on to ask me to instal some kind of utility to clean up my hard drive and what not, I went to do the bitdefender scan but it says I need to update my internet explorer to explorer 4+ please tell me what I can do? thank you very much:eek: :eek:
     
    babyturk, Nov 10, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    I think you know the drill by now, in running the Read Me below as its the best way for us to tell whats on your PC will be causing this, then we can go about removing it :)


    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    DavidGP, Nov 10, 2006
    #2
  3. babyturk

    babyturk Private First Class

    how do I post the counter spy scan results?
     
    babyturk, Nov 10, 2006
    #3
  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Once you have run the Counter Spy scan, click View ( top menu ) > Spyware Scan > View Spyware Scan History > Highlight the latest scan > click View Full Details of Scan and highlight all the text and past into Notepad and attach the log as normal.
     
    DavidGP, Nov 10, 2006
    #4
  5. babyturk

    babyturk Private First Class

    Here is my CounterSpy-Scan

    Please review it:)
     
    Last edited: Dec 6, 2006
    babyturk, Nov 10, 2006
    #5
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: Here is my CounterSpy-Scan

    I would remove instead of ignore those entries.

    Are you having any problems? If so, what?
     
    bjgarrick, Nov 10, 2006
    #6
  7. babyturk

    babyturk Private First Class

    I am sorry I don't understand just what you are saying.................
     
    babyturk, Nov 10, 2006
    #7
  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    In your CounterSpy Log..

     
    bjgarrick, Nov 10, 2006
    #8
  9. babyturk

    babyturk Private First Class

    so how do I remove ,Paltalk Low Risk Adware more information...
    Details: Paltalk is an advertising-supported instant messaging client.
    Status: Ignored
     
    babyturk, Nov 10, 2006
    #9
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    If your not familiar or do not use it then follow the remove it.

    Look in Add/Remove Programs for Paltalk Messenger and uninstall if found.

    Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

    Once you complete the above it will be removed.
     
    bjgarrick, Nov 10, 2006
    #10
  11. babyturk

    babyturk Private First Class

    Great thank you I think I hopefully did it correctly:)
    Why would a pornographic material come up with out my consent?Can this be hacker related? Do you think someone has access to my computer?
     
    babyturk, Nov 10, 2006
    #11
  12. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    If your talking about popups then it most likely is some type of malware. If you ran the online scans in the initial post "READ & RUN ME FIRST", attach those logs with a HJT log and we will take a look.
     
    bjgarrick, Nov 10, 2006
    #12
  13. babyturk

    babyturk Private First Class

    Here is my HJT log for your review

    Thanks for your help you are a very kind person and I really do appreciate you taking the time out of your life to help me out:)
     
    Last edited: Dec 6, 2006
    babyturk, Nov 10, 2006
    #13
  14. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Scan with HijackThis and check the boxes for the following entries:
    ( Make sure ALL browser windows are closed when you click FIX )

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://ca.search.yahoo.co m
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://ca.search.yahoo.co m
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://ca.search.yahoo.co m
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.shaw.ca/start/enca/addons/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.shaw.ca/start/enca/addons/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://ca.search.yahoo.co m

    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab

    Again, make sure ALL browser windows are closed when you click FIX.

    Next, run CCleaner to clean up cookies and temp files.

    Final Step...

    Reset Web Settings & Default Security Settings:

    To Reset Web Settings:
    Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


    To Default Security Settings:
    Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

    After you complete the above, reboot and see how things are running.
     
    bjgarrick, Nov 10, 2006
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds