Malware invasion

Hi MajorGeeks,

So my laptop got infected with malware about 2 weeks ago, just before I went abroad with work for a week, so I did not use my laptop in that time. It seemed to happen after I was looking for some stuff on google images.

When I got back from abroad it was still in the same state, so I ran the READ ME FIRST, RUN ME FIRST protocol but it still seems to be infected.

I keep getting pop-up screens such as:
http://lp.empire.goodgamestudios.co...movies&ce_cid=20jRnv4kjrmHj98T1HuLhE1v4Xre000.

and adverts on facebook (not posted by facebook) advertising bodybuilding drugs, fat removal, japanese girlfriends etc.

Please help me fix my computer, it is relatively new and I hate it not being 'clean'. My laptop is an ASUS X53E running on Window 7.

I've attached the logs as requested.

Malwarebytes anti-Malware log:
------------------
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Matt :: ASUS-X53E [administrator]

31/07/2013 21:48:45
mbam-log-2013-07-31 (21-48-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236581
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Matt\Downloads\SoftonicDownloader_for_format-factory.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.

(end)


------------------

I hope you can help...Your help would be much appreciated

mfunkygibbo

 

Hi TimW,

Thanks for that. I have re-run the scan with RogueKiller and deleted those tasks highlighted in the log under 'Scheduled Tasks 2' from the registry tab when it comes up with stuff.

Is there a pop-up blocker I should install? I have checked the box in Firefox (the browser I use) not block pop-ups but is this not sufficient? Apparently not

 

Hi,

I've installed the add-on but pop-ups are still managing to get through including the one I have screenshot'ed and attached.

I am also getting green double underlined text ads on firefox. How can I get rid of these? Is this part of the pop-up problem as well?

 

Ok. Saved bookmarks. Downloaded Firefox. Rebooted.

Now in Internet Explorer.
Automatically a pop-up comes up in IE. Aargh: http://lp.empire.goodgamestudios.co...movies&ce_cid=20jRnv0ceIsz6nHp1HuLhE1v7cjJ000.
What does this mean?

Then went to look for the folders to delete.
So this folder is there:
C:\users\UserAccount\AppData\Roaming\Mozilla\Firefox

But this one (C:\Program Files\Mozilla Firefox) is actually in Program Files (x86). Do this matter?

Not deleted the folders yet. Will wait for your reply. Will use IE for the time being.

 

RogueKiller and Hitman logs attached.

Still getting that goodgamestudios pop-up on IE. and the green double underlined text.
Didn't delete firefox.

 

Ok. Scan run. Log attached.
Thanks for the support, I hope this will not be too taxing a fix for all parties involved.

 

Ok. Logs attached.
P.S. the licence agreement never came up. It did the first time I ran this in the beginning though. I presume that is fine...

 

Hey,
Log attached. Still no request for licence agreement, I presume from what it said when it was running that it was all clear to run the first time I ran the scan.

On an aside, I've been on IE all day pretty much (looking for jobs) and no pop-ups have come up. Probably jinxed it now. Only when I came onto MajorGeeks did I get the green text thing one time today.
Just thought you should know.

 

Brill. Thanks very much.
Should I go back into Firefox to check out that system? I prefer using Firefox as my browser. Do I need to do the reinstall of Firefox like you mentioned in an earlier message?
I've not seen any pop-ups on IE for the last 2 days. And I only get the green text thing on MajorGeeks on my thread with you when it comes up in history on the URL bar i.e. I type 'maj' then go to the thread. Elsewhere on the website it doesn't appear and when I log in and go to the thread it disappears. Not complaining, just seems a bit odd.

 

Thanks very much TimW!!

That's sorted it all out.
So should I download the app for the firefox pop-up blocker as well after running through the clean up procedure?

Thanks again for your help, couldn't have done it without you.
May the force be with you.