I believe I have an unwanted visitor.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dave.hull@shaw.ca, May 10, 2011.

  1. dave.hull@shaw.ca

    dave.hull@shaw.ca Private E-2

    Hello all.
    I've been a long time lurker here, and have found lots of welcome help by trolling the different forums.
    This time, I'm out of luck, and so I'm posting with the hope that you can help.
    I run XP Pro on a 32bit system.
    This whole thing started with 'typical' browser redirect.
    I was running Spybot and Windows Security Essentials.
    I started with HiJack this, and the logs identified something called 'ClickPotato'.
    It took some digging, but I found some direction on Bleeping Computer and managed to uninstall it.
    However, since then, I've had all sorts of trouble with redirects (typically to adservices10.enhance.com/cap
    Randomly, I am not able to launch any .exe files.
    Randomly, I disconnect from the internet.
    Randomly, when I log in, nothing comes up. I see my desktop image, but no icons and no ribbon on the bottom. Process explorer shows me that 'explorer' is running, but nothing is visible. When I end the process, and restart it, it comes up in PE, but still nothing visible on the screen except the desktop image.
    I've read and run the "READ ME FIRST" page, and attached are the logs.

    I hope you can help :)
    -Dave.
     

    Attached Files:

    Last edited by a moderator: May 10, 2011
    dave.hull@shaw.ca, May 10, 2011
    #1
  2. dave.hull@shaw.ca

    dave.hull@shaw.ca Private E-2

    Something else as well:

    Typically, I have a svchost that pins my processor.
    I will get random 'noises' coming from the computer if I leave it alone for a couple of minutes (by random I mean music, or talk radio style audio).
    I'm getting consistent redirects to clk.relestar.com/feed/click now when I do any search from Google.

    Hope the info helps.
    -D.
     
    Last edited by a moderator: May 10, 2011
    dave.hull@shaw.ca, May 10, 2011
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, May 10, 2011
    #3
  4. dave.hull@shaw.ca

    dave.hull@shaw.ca Private E-2

    Hello out there Kestrel, thanks for the attention.
    I've attached the TDSS log.
     

    Attached Files:

    dave.hull@shaw.ca, May 10, 2011
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Everything is running well I trust? I would suspect so as TDSSKiller took out what it needed to and the other logs look good too. You need to uninstall
    Java(TM) 6 Update 22 and then install current Java: Reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, May 11, 2011
    #5
  6. dave.hull@shaw.ca

    dave.hull@shaw.ca Private E-2

    Thanks Kestrel.
    I'll uninstall the Java 6 .22 and reinstall from your link.
    I will let you know how it goes after that reboot and a little settling in time.

    I do appreciate your time.
    -Dave.
     
    dave.hull@shaw.ca, May 11, 2011
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're most welcome. :)
     
    Kestrel13!, May 11, 2011
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds