My wave volume keeps muting and I get invisible popup ads, I believe it's IE related

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

Do you have two hard drives or one hard drive with a partition on it?

Do you have all important data backed up? You really should do this before continuing since we will need to rewrite your MBR to fix this and while most times this can be done without any problem, these infections can react badly and that could result in a PC not being bootable. You really don't have much choice though since these infections are too dangerous to your security to leave on a PC.

Also note if you have a Dell PC which uses a non-standard MBR ( or another manufacturer's who does similar to Dell) , fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not continue but you risk serious problems leaving this infection in place and thus your only other option would be to try using the Dell Restore Utility to return a factory ship state which will remove everything you additional you have put onto the PC.

Once you answer this we can proceed.

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

That is up to you, but anyone you take it to will be faced with the same situation. My recommendation is that you go ahead and run the below fix. That way you are clean and can then use a program such as Acronis to make a backup of your system for any future issues.

If you wish to proceed:

Now - please do the following:

• Click Start, Run then copy and paste the below into the Run box and click OK.

"%userprofile%\Desktop\remover.exe" fix \\.\PhysicalDrive0

• Now reboot your PC and after reboot continue with the below instructions.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

Download the MGtools and save it to your root folder ( which is typically the C: drive). Then double click the exe to run it. It will produce a log at C:\MGLogs.zip. Attach that to your next reply.

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

Please read this:
Warning about Porn, Keygens, Cracks, and other Illegal Software.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run CCLeaner and make sure you have emptied everything from these folders:
C:\WINDOWS\Temp\
C:\Documents and Settings\Simmie\Local Settings\Temp\

Now please download to your desktop and run:
combofix.exe

Please also download MBRCheck to your desktop

* Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
* It will show a Black screen with some information that will contain either the below line if no problem is found:

* Done! Press ENTER to exit...

* Or you will see more information like below if a problem is found:

* Found non-standard or infected MBR.

* Enter 'Y' and hit ENTER for more options, or 'N' to exit:

* Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
* MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
* Attach this log to your next message.

Attach the log from Combo as well as the log from MBRCheck.

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

If McAfee is a paid for version., you might as well keep it. If the license has expired on it, then you should uninstall it for something else.

And yes, you are deleting everything in those temp folders. ( You won't be able to delete items from today's date. )

I still need the logs I asked for.

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

Do you have all important data backed up? You really should do this before continuing since we will need to rewrite your MBR to fix this and while most times this can be done without any problem, these infections can react badly and that could result in a PC not being bootable. You really don't have much choice though since these infections are too dangerous to your security to leave on a PC.

Also note if you have a Dell PC which uses a non-standard MBR ( or another manufacturer's who does similar to Dell) , fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not continue but you risk serious problems leaving this infection in place and thus your only other option would be to try using the Dell Restore Utility to return a factory ship state which will remove everything you additional you have put onto the PC.


Now if you wish to continue and fix the malware - please do the following:

* Run MBRCheck.exe
* Wait until you see the following lines:
o Enter 'Y' and hit ENTER for more options, or 'N' to exit:
o Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:

* Please push the 'Y' key and then press Enter
* When the program asks you to Enter your choice: enter 2 to Restore the MBR and press the Enter key
* Now the program will ask you to "Enter the physical disk number to fix (0-99, -1 to cancel):"
o Enter 0 and press the Enter key.
* The program will show Available MBR codes as below

* You need to select your version of Windows from the list. For example, enter 0 or 1 for XP or enter 3 for Vista.....etc. and then press Enter.
* The program will prompt for confirmation. Type 'YES' and hit Enter.
* Left click on the title bar (where program name and path is written). From menu chose Edit -> Select All
* You will see all the text in the window get highlighted.
* Hit the Enter key on your keyboard to copy all of the text into the clipboard.
* Paste that text into Notepad, save it to your desktop as MBRfix.txt
* Restart your PC.
* Attach the MBRfix.txt file to your next message..

Now you need to do it again, except this time it will be on physical drive1.

Then re-run MBRCheck.exe and attach that log as well.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

Copy all personal data and files to a CD. That includes IE and FF bookmarks, export your emails, any documents or other type files that you do not want to lose. You can't backup programs and such. Think of backing up whatever you know you would lose if, say, you had to boot to your recovery partition and restore the computer to it's original state.

We haven't lost one yet, but it is a precaution. Do you have your OS CD?

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

Once we run the fix for your MBR infection and you are clean, you should post in the software forum for advice on how to create a restore disc for your system.

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

I doubt you have any "dirty" files. This infection is usually contained in only the MBR. You can create a backup/restore disc after you are clean. It would be pointless to do it while you are still infected.

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

Works for me!! Now you just need to use windows explorer to find and delete:
C:\Documents and Settings\Simmie\Local Settings\Application Data\vowsdihtr
C:\WINDOWS\Temp\100.dat

Next, run CCleaner to clean out this folder:
C:\WINDOWS\Temp\

You should post in the software forum for instructions on how to create a recovery disc.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   
   
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
10. After doing the above, you should work thru the below link:
    
    • How to Protect yourself from malware!
    
    

 

Re: My wave volume keeps muting and I get invisible popup ads, I believe it's IE rela

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner.

Are you having any other issues?