Major Problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by JNKS, Oct 21, 2010.

  1. JNKS

    JNKS Private E-2

    Hello,

    I am having some major issues with both computers in my house. I will focus right now on the laptop because its the computer I use most. I first noticed the problem on my Desktop about 3 weeks ago but It seemed to spread to my laptop instantly. The problems are pretty bad and very aggressive. It started with 2 web pages opening almost every time I opened anything. This would happen on most all sites but it would happen for sure when i visited imdb, games radar, and an android forum site. I run Norton on both computers and malwarebytes was installed on both and I would run complete scans on each about once a week. The problem worsened, and I started getting several pop up windows and re-directs multiple times I would click on anything. Finally, the newest thing it started to do is direct my browser to a site that makes it looks like its scanning for Trojans and of course claims that my computer is infected. A dialog box opens and prompts me to open the program that will "fix" my computer. I X'd off of this and did not download anything, I don't know a ton, but I knew better than to run that. I installed several different scanners over the last two weeks and nothing would get rid of this. I decided to focus on fixing the laptop so I turned off the desktop about a week ago. After nothing worked I was so frustrated I decided to nuke it. I restored the thing to factory condition, Everything was wiped. I really thought this would fix the problem, however It did nothing other than give me factory state computer that still can't browse the internet. This problem persists across all the browsers I have; IE8, Firefox, Chrome. I'm out of ideas I've never been hit this hard before, I ran all the scans, the problem is still there. I don't know if this is something that stored itself in my router and implanted itself when I access the internet or if thats even possible or what. This laptop runs windows 7, thank you for any help.
     

    Attached Files:

    JNKS, Oct 21, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.




    Code:
    :Processes
explorer.exe

:files
C:\ProgramData\Partner\Partner.dll
C:\ProgramData\Partner\

:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters]
"DhcpNameServer"=""    

[HKEY_LOCAL_MACHINE\system\controlset001\services\tcpip\parameters]
"DhcpNameServer"=""    

[HKEY_LOCAL_MACHINE\system\controlset002\services\tcpip\parameters]
"DhcpNameServer"=""    
  
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{bb7bb35d-5a5a-42fd-afdc-0e1e6bbe8a90}]
  
[-HKEY_LOCAL_MACHINE\system\controlset001\services\tcpip\parameters\interfaces\{bb7bb35d-5a5a-42fd-afdc-0e1e6bbe8a90}]
 
[-HKEY_LOCAL_MACHINE\system\controlset002\services\tcpip\parameters\interfaces\{bb7bb35d-5a5a-42fd-afdc-0e1e6bbe8a90}]

:Commands
[purity]
[ResetHosts]
[createrestorepoint]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Now I suggest that you reset your router. There is a small recessed button on the bottom of the router. Hold it in for at least 3 seconds. This will put it back to factory settings, so if you have changed them, you will need to reconfigure the router.

    Tell me if either machine is still redirected.
     
    TimW, Oct 21, 2010
    #2
  3. JNKS

    JNKS Private E-2

    Success! I have been browsing on the laptop for about ten minutes with no problems. I have attached the log that was saved after the reboot, however the initial results under the green bar of the program would not allow me to copy. When the program was finished it prompted me to reboot and would not allow me to copy any text. Thank you so much for helping me with this, this has been a life saver! Do I need to run this program on my desktop PC as well, or should I just run the initial malware scan programs listed on this site to clean that machine. Again thank you so much, I don't know how I got hammered with this thing but it was very stubborn, I will be changing some of my browsing habits from now on to hopefully prevent something this annoying in the future.
     

    Attached Files:

    JNKS, Oct 21, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Start a new thread for your other computer and attach the requested logs. Did you reset your router? Are you having similar issues on that computer?

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:




    Support MajorGeeks with Geek Wear!
     
    TimW, Oct 22, 2010
    #4
  5. JNKS

    JNKS Private E-2

    Thank you so much for all the great help!
     
    JNKS, Oct 24, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are quite welcome. Safe surfing. :)
     
    TimW, Oct 25, 2010
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds