IE pop-ups/Internet Speed Monitor/tried it all! Help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by j.barleycorn, Dec 8, 2007.

  1. j.barleycorn

    j.barleycorn Private E-2

    Hello, all-knowing gurus!

    I'm running XP Pro with 4 users (2 kids) + admin. Out of the blue (no unusually activity on my part) I am now having issues with IE throwing pop-ups at us. I went through the entire PC claening routines when it first happened last weekend and thought I'd rid myself of it, but it is back again. Now the pop-ups are usually "FROM INTERNET SPEED MONITOR" , followed by (usually) an ad for Registry Cleaner. We use Firefox, so I don't rightly know why IE tries firing up, obviously some bugs somewhere.

    I've followed the entire malware fix routine as described on your site. Files are attached.

    I have McAfee always updated, but downloaded and ran AVG per the instructions. I did notice prior to running AVG that McAfee was disabled for scanning etc, which is odd. After AVG finished, I checked McAfee again, and it was re-abled!?

    Anyway, I hope someone can help! We're piling into the truck to go get our Christmas tree. I'll leave the computer on and check back in a couple hours.

    Thanks in advance! This is a GREAT site!
     

    Attached Files:

    j.barleycorn, Dec 8, 2007
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use add/remove programs to uninstall:
    Java 2 Runtime Environment, SE v1.4.1_02"
    Java 2 Runtime Environment, SE v1.4.2

    Reboot and install:
    Java Runtime 6

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:

    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Dec 8, 2007
    #2
  3. j.barleycorn

    j.barleycorn Private E-2

    Hi Tim-
    Here are the log files. I followed your instructions, but it looks like something was missing?

    Thanks for all the help thus far!
    J.B.
     

    Attached Files:

    j.barleycorn, Dec 9, 2007
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:

    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    Now run CCleaner and have it remove all temp files.

    Then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Dec 10, 2007
    #4
  5. j.barleycorn

    j.barleycorn Private E-2

    Done. Here are the files.
    Should I be keeping everyone off the computer until the thing is clean?
     

    Attached Files:

    j.barleycorn, Dec 10, 2007
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes you should keep everyone off until it is clean! Many of the items in my last fix did not work.

    Did you disable all security programs?
    Let's try this in safe mode with networking ......as administrator.

    Use add/remove programs to uninstall:
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2

    Download and install:
    Java Runtime 6
    But do not reboot yet!

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:
    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt
    Now reboot into normal mode and re-run ComboFix...and then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger and the ComboFix log.
     
    TimW, Dec 11, 2007
    #6
  7. j.barleycorn

    j.barleycorn Private E-2

    I went back in under admin in safe mode with networking, with McAfee disabled, and ran MG analysis, but not one of the entries you flagged for deletion was found.
    I have not seen any problems sine the last cleaning (2nd), and either has my wife. I have kept the kids off since the first cleaning.
     
    j.barleycorn, Dec 14, 2007
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please run (in normal mode) the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    We want to make sure you are clean. :)
     
    TimW, Dec 14, 2007
    #8
  9. j.barleycorn

    j.barleycorn Private E-2

    Here you go!
     

    Attached Files:

    j.barleycorn, Dec 14, 2007
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We aren't done yet:

    Open notepad and copy and paste the following text in the quote box into the window:

    sc stop DOMAINSERVICE
    sc delete DOMAINSERVICE

    Save this as fix.bat
    Choose to save as all files.
    Doubleclick fix.bat and let the program run.
    A small black dos window will flash, this is normal.

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:

    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    When we are sure you are clean you will need to download and install SP2!
     
    TimW, Dec 15, 2007
    #10
  11. j.barleycorn

    j.barleycorn Private E-2

    Hi Tim-
    Here's the files after all your instructions were followed...
    Thanks for the attention!
     

    Attached Files:

    j.barleycorn, Dec 15, 2007
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use add/remove programs to uninstall:
    Java 2 Runtime Environment, SE v1.4.1_02"
    Java 2 Runtime Environment, SE v1.4.2

    Install:
    Java Runtime 6

    Now reboot into safe mode as administrator:
    disable all anti-virus and anti-spyware programs (All of your McAfee Security suite) while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:

    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    You need SP2 installed when you are clean....please do the above and do not get on the web except to come here.
     
    TimW, Dec 15, 2007
    #12
  13. j.barleycorn

    j.barleycorn Private E-2

    Hi Tim-
    I rebooted as admin in safe mode, MG Analyzed, and once again not one of the elements you wanted me to delete showed up in the HJT listing. Both times I went on in safe mode, nothing was found.
     
    j.barleycorn, Dec 15, 2007
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Then do it in normal mode in your profile.
     
    TimW, Dec 16, 2007
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds