I have the same problem as Skybax did back in 06/07

I have a problem with what I think is a trojan. Also it is uncontroably causing Internet explorer to open pop ups. I use Firefox primarily but even when I don't have internet explorer "open" it opens and starts popping up different windows. an icon appeared on my desktop. Can you please help, I'm not that up to date on malware and its removal.

 

This is the file. I am running it again. I ran it again and no infected files were found. I'm still having the same problem.

 

Hi Dumaz!
Welcome to MajorGeeks!

Please run the following:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log in the thread you are working in.

Note:

• Do not mouseclick combofix's window while it is running. That may cause it to stall.

After you finish with the above, please continue by following the instructions and links in the READ & RUN ME FIRST at the following address:

http://forums.majorgeeks.com/showthread.php?t=35407

You won't need to run Combofix a second time, but follow the other steps being sure to select those for your operating system and post ALL the requested logs for us to look at when you're finished. This will include the log for Combofix.

Thanks.
abri

 

I downloaded this, the box appeared, I pushed 1, nothing happened, I've pushed 2 to abort, but nothing is happening. I don't want to click the box to close it since it may cause problems. Is there something I should do?

 

Hi Dumaz!
Just close it. Try the following instead:

Using SDFix

If that tool works, please continue with the Read & RUN ME FIRST Before Asking for Support[/FONT] . Otherwise get back to me.

Thanks.
abri

 

Actually, finally ran combofix here is the log. I'll continue on. Thanks so much.

 

For some reason I can't upload the log. It says upload errors at the top after I try to upload it.

 

Try clearing your browser cache or using another browser like Firefox. This could be a problem of ours not yours. It often works if you try a second time.

abri

 

I've tried clearing my cache and tried using both firefox and IE, but I haven't been able to get it to upload.

 

Ok, I think it finally worked. Also, after running the stuff I had that problem that said just in time debugging. Thanks for all the help. I reran it again because all the stuff came back again, including the Tag searchus icon.

 

Hi Dumaz!

Can you run the instructions in the Read & RUN ME FIRST Before Asking for Support.

abri

 

I was already working on that so I am now down. I have attached the mglogs. Again thanks for the help.

 

Hi dumaz!

Please continue as follows:



1) Please use add/remove programs to uninstall:
Java 2 Runtime Environment, SE v1.4.2_03

2) Reboot

3) Download and install:
Java Runtime 6


4) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


5) Now do a system scan with HijackThis (called analyse.exe in the MGTools folder) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

6) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

8) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

9) After you have completed all of the above, please attach the Avenger log, and run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.


abri

 

I was unable to get multi quote to work so I'll try to do this without confusing you. 1-4 went fine.

5. I did every thing but the cile BHO: (no name)) - {75E9265F-E30F-4A3F-9568-4A323272EC39} ... wasn't there to select. There was another "no name" one in there but I left it alone since it wasn't on the list. I have atached it with the logs.

6,7,8,9 Seemed to work fine as well. I have attached the logs. Let me know the next step.

Thank you so much,
dumaz

 

The attach button will not let me click on it. I will try to attach again in a few minutes.

 

I tried again and can't. Actually can't click on any of the buttons around the reply box

 

I switched to IE and can upload now. Here are the logs.