Malware Problems - Please Help

Welcome to Major Geeks!

Your logs do not show any signs of malware.

• Exactly when do you get these popups?
  • Is it only when a browser is opened?
  • Is it only when connected to certain websites?
• What exactly do they say? What site is it?

Slow PCs and crashes are more often due to software that you are running and problems with in the OS. However just to be on the safe side, let's do two scans for rootkits:

Now please download F-Secure's BlacklightBeta

• Download fsbl.exe and save it to the Desktop.
• Once saved... double click fsbl.exe to install the program.
• Click accept agreement and Click scan
• This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the BlackLight log.


The run this Using Sophos Anti-Rootkit and attach the log.

 

Note you should uninstall the below old version of Sun Java since you already have the current version installed:

Java(TM) SE Runtime Environment 6 Update 1

 

This too is more than likely not related to malware.

Those other two logs were also clean.

As far as the popups are concerned!

1. You are saying that they only occur only when connected to the internet and when browsing is that correct? Do they ever occur when no browser is opened?
2. Which broswer are you using?
3. Do you get popups if you boot in safe mode and connect to the internet (assuming you can connect in safe mode)?

Now let's try a few additional things to see if they help with the popups.

Run this Disable/Remove Windows Messenger to remove Windows Messenger.


Let's Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!


Also try this, Go to Start > Run and type in cmd

• Click OK.
• This will open a command prompt.
• Type or copy and paste the following line in the command window:
  ipconfig /flushdns
• Hit Enter
• Exit the command window

Are popup's still occurring? If so how often and track what sites you are connected to when they occur.

 

You did not answer which browser you are using.

Also did you complete the other steps I gave you?

 

Note: Explorer is not the same as Internet Explorer. Explorer ,means Windows Explorer.

But my question is what browser are you using when the popups occur? Or do they occur when either browser is open? When the popup comes up, which browser opens?

Are you still getting popups? If so, how often?

 

Are you sure this is a browser popup? Can you post a snapshot of this when it occurs again?

 

Please only tell me about ones that are still occurring. Also attach a snapshot.

 

Okay then in the meantime I suggest you get started on the below. You need to do all steps and make sure you get a firewall installed.

 

I forgot to post the link I wanted you to get started on. Here it is: How to Protect yourself from malware!

For what program?

Yes that is a hardware firewall. You still need a software firewall as mentioned in the above link.

 

Yes it is! Adding the software firewall could even help prevent some of these popups if the are coming from the internet towards you.

 

You are better off taking screen snapshots and saving them in JPG form. You can compress and/or crop these images to make them small enough to upload. Word docs will always be way too large. To do this, I use utilities like: FastStone Capture 5.6 and FastStone Photo Resizer 2.4, you can find them here: http://www.faststone.org/

We do have the second program on Major Geeks too: FastStone Photo Resizer

 

If you are not getting this anymore then I would not worry about it. In addition this is really not a malware problem. A pretty good explanation of it can be found here:

http://kb.mozillazine.org/Security_Error:_Domain_Name_Mismatch_or_Server_Certificate_Expired

 

You're welcome. Surf safely!