Help with pop-ups on clicks malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by killian, May 2, 2013.

  1. killian

    killian Private E-2

    Hi, I did a reinstall on my family's pc 6 weeks ago, and use Avira as antivirus and firewall, with Malwarebytes and Superantispyware installed and used occasionally; pc has one admin. and one limited account, with Avira blocking the limited account from downloading/viewing various websites. 2 weeks ago I changed the Avira setting on the limited account and forgot to switch it back when I was finished and went away for the week. When I returned my son had downloaded some things (a game program) and seems to have infected the pc.

    Specific problems: 1. using Facebook (only my wife on the admin. account uses it) when a link is clicked pop-ups appear; this was limited to Facebook but today I noted that pop-ups appeared when clicking links on majorgeeks.com as well.
    2. pc screen switches off quite frequently (but not all the time - hasn't happened today).

    I followed the instructions of Read & Run Me EXCEPT:
    I ran ccleaner on limited account but forgot to run it on the admin. account until after running RogueKiller; I then ran it (I had run it the day before on both accounts).
    I ran MGtools with Avira on. After it ran I turned Avira off and ran MGtools again.

    All the installing and running of scans went well with no problems.

    After running all, the pop-up problem persists.

    I hope all is in order and done correctly! Thanks in advance
     

    Attached Files:

    killian, May 2, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not true. It has 3 admin user accounts.
    Code:
    Users on this computer:
Is Admin? | Username
------------------
   Yes    | Administrator
   Yes    | Juliana
   Yes    | Rowan
    Your logs were from the Juliana account. Is this the one having problems? Or does the other account have the problem? Or both?

    With which browser or browsers are you having problems?

    And what popups exactly are you referring too? Your logs are basically clean.
     
    chaslang, May 3, 2013
    #2
  3. killian

    killian Private E-2

    Hi, and thanks. First: yes, sorry, there are 3 accounts - one is the default admin. account created when installing xp and this is not used. The admin. account 'juliana' is the one with the problem.

    While waiting for your reply I realised that the problem may be related to the 'google redirect' thread http://forums.majorgeeks.com/showthread.php?t=230267 so I had started the processes as stated in the thread and completed them just now.

    The specific pop up problem is: using Firefox (the only browser used, Explorer is installed but not used very often) when clicking a link on a website (originally only facebook but now others) a pop up window appears (the pop up is a new Firefox window that opens; Firefox is set to open clicked links as tabs - but these appear as new windows and not tabbed) and was initially named 'yieldmanager', but now others appear like 'spartoo' - once the pop up window is closed the original clicked link works correctly. A second problem is that the pc screen turns off quite frequently, espcially when the pc is turned on first - once on for a while it will stay on.

    So, attached are the logs for the google redirect thread, including a repeat of the read and run me as asked for in the google redirect thread; rest to follow in next reply. I hope all is in order.
     

    Attached Files:

    Last edited: May 4, 2013
    killian, May 4, 2013
    #3
  4. killian

    killian Private E-2

    Here are the remaining logs,
     

    Attached Files:

    killian, May 4, 2013
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're logs are all clean.
    Try resetting Firefox per the below:

    Reset Firefox to Defaults

    Then run the below.

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    More likely a hardware issue. You can post about this in the Hardware Forum.
     
    chaslang, May 4, 2013
    #5
  6. killian

    killian Private E-2

    Thanks very much,
    after running JRT the pop ups appear to have stopped - I've spent a few minutes clicking numerous links on different websites and nothing has popped up so far....attached is the JRT log,
     

    Attached Files:

    • JRT.txt
      File size:
      1.2 KB
      Views:
      1
    killian, May 4, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    10. After doing the above, you should work thru the below link:
     
    chaslang, May 4, 2013
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds