Pop ups I've tried everything

Discussion in 'Malware Help (A Specialist Will Reply)' started by crzytchr, Apr 11, 2006.

  1. crzytchr

    crzytchr Private E-2

    Help! I have tried all of the cleaning steps and am still being bombarded with popups. Warning Beagle Virus, Warning Blackworm, Adult Friend Finder, Sysprotect and other assorted nuisances. Every time open the internet my privacy settings are reset. Please help! I am trying to attach my logs. It has taken me numerous attempts just to get this posted!!!
     
    crzytchr, Apr 11, 2006
    #1
  2. crzytchr

    crzytchr Private E-2

    ok..I've looked and my attachments aren't there. It just says "In Progress" What should I do?
     
    crzytchr, Apr 11, 2006
    #2
  3. crzytchr

    crzytchr Private E-2

    I tried to upload the attachments again and I get this:

    Upload Errors
    hijackthis.log:
    Attachment in Progress. Can be deleted here.
    Activescan.txt:
    Attachment in Progress. Can be deleted here.
    bdscan1.txt:
    Attachment in Progress. Can be deleted here.
    Counterspy.txt:
    Attachment in Progress. Can be deleted here.

    Please tell me what to do.
     
    crzytchr, Apr 11, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Try using a different browser like: Mozilla FireFox

    Upload the attachments using FireFox. If that does not work, then just post ONLY your HijackThis log inline using copy & paste and I will attach it.
     
    chaslang, Apr 11, 2006
    #4
  5. crzytchr

    crzytchr Private E-2

    Downloaded Mozilla, but if I finally DO get the attachments to upload correctly (happened only 3 times in two days) then it won't allow me to submit the post I am told I'm not logged in, but if I log in again it tells me I have an invalid link. I am so frustrated.
    Thank you for helping me. I am pasting my hijack this log below. I am sorry I am having to do it this way. I spent over 4 hours scanning and cleaning and saving everything correctly so I could do this the right way.

    Edit by chaslang: Inline log attached
     

    Attached Files:

    Last edited by a moderator: Apr 12, 2006
    crzytchr, Apr 12, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay to keep you moving along, run the below procedure:

    Virtumonde aka Trojan Vundo Removal

    Then attach the VundoFix log. If you cannot attach, post inline.

    Then also post a new HJT log.
     
    chaslang, Apr 12, 2006
    #6
  7. crzytchr

    crzytchr Private E-2

    VundoFix did find something this time, but this was not the original problem I had. I ran this a couple of times previous and it was clean. I even ran it yesterday prior to posting hoping to fix it without bothering you.
    I am still unable to post the logs correctly. Thank you for helping me even though I can't post the correct way. I really appreciate it.

    Edit by chaslang: VundoFix and HJT logs attached
     

    Attached Files:

    Last edited by a moderator: Apr 12, 2006
    crzytchr, Apr 12, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download and install the latest Sun Java version 1.5.0 update 6 from here: http://java.com/en/

    Then goto to Add/Remove programs and locate any old version of Sun Java you have and uninstall them. If you are not sure how to locate them, do the below and post the log:

    Get an installed programs list from HijackThis!
    • Run HijackThis, click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Click Save List (generates uninstall_list.txt)
    • Click Save, to save it to a file where you can find it.
    • Attach the uninstall_list.txt file to your next message.


    Now let's continue with fixes!
    Make sure viewing of hidden files is enabled (per the tutorial).
    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O20 - Winlogon Notify: qomlj - qomlj.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete     (if found):
    C:\WINDOWS\system32\geedc.dll
    C:\WINDOWS\system32\cdeeg.ini
    C:\WINDOWS\system32\cdeeg.ini1
    C:\WINDOWS\system32\cdeeg.ini2
    C:\WINDOWS\system32\cdeeg.bak
    C:\WINDOWS\system32\cdeeg.bak2
    C:\WINDOWS\system32\cdeeg.tmp
    C:\WINDOWS\system32\cdeeg.tmp2
    C:\WINDOWS\system32\cdeeg.dat
    C:\WINDOWS\system32\cdeeg.dat2

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file. Tell me if you have any problems deleting files.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST)    .

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Apr 12, 2006
    #8
  9. crzytchr

    crzytchr Private E-2

    For some unknown reason I still can't upload and remain signed in, so I am pasting the hjt log again. Sorry. Be sure to check out the homepag! ;)

    Edit by chaslang: Inline log attached
     

    Attached Files:

    Last edited by a moderator: Apr 14, 2006
    crzytchr, Apr 13, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you using IE to attach files or FireFox?

    Read step 7 of the READ ME again. Do not use msconfig while we are fixing malware!
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    Select normal startup and try attaching a new HJT log using Internet Explorer.
     
    chaslang, Apr 13, 2006
    #10
  11. crzytchr

    crzytchr Private E-2

    In response to your question, I have tried both many many times. It seems to work this time. I am sorry I did it wrong earlier. Thank you very much for your help.
     

    Attached Files:

    crzytchr, Apr 13, 2006
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!

    Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Apr 14, 2006
    #12
  13. crzytchr

    crzytchr Private E-2

    Thank you for everything. Have I told you already how awesome you are?:D You have been wonderful! Also, thank you for having me install Firefox. I love it already.
     
    crzytchr, Apr 14, 2006
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Most people do love FireFox. You will still need Internet Explorer at times for certain sites (like Microsoft Windows Update for one example).

    Surf Safely!
     
    chaslang, Apr 14, 2006
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds