pops ups

hey there. i am new to the site but have run all the appropriate steps in the "read & run me" page. i couldnt run bitdefender for some reason even though i downloaded the java link and tried to run it in normal mode.

i will upload the other logs on the next thread.

i think my room mate downloaded a site call zango which just started flooding the PC with pop ups.

if someone could help me it would be greatly appreciated.

thanks

 

pop ups

here is the other logs. for some reason my active scan log from panda will not upload. i followed the steps but i think the file may be too big.

it says that it is a 2 MB file and exceedst the limit.

also because i could not run bitdefender i dont have the log for it either.

any help would be appreciated.

thanks

 

Please put the activescan log into a zip file and upload it like that.

 

here is the zip file for the active scan.

thanks

 

What HAVE you been doing with this computer You have several complicated infections. I am a little suprised it even boots up!

I assume you installed counterspy as part of our read and run me, and I see no evidence of Antivirus, Antispyware and Firewall. As you have found out it is just not possible to survive on the internet without these things. Once we get you clean you need to address this!

Using add/remove programs which can be accessed from the control panel, uninstall the following:

I am asking you to uninstall Limewire since you have an infection that spreads over p2p networks. I don't want it interefering with the fix. You can install it again afterwards if you need to.

Do you know what Starware343 is?


I really need you to run the bitdefender scan as indicated in the read and run me. Its probably going to take a while and the really bad news is that I want you to run it twice. Once will hopefully remove some of the 7000 infected files so I don't have to list them for you and then again to tell me whats left.

Once you've run the scan I will need a new activescan, new HJT and new shownew logs too.

Sorry about the amount of logs and scans but as you can tell from your activescan log there are a LOT of problems. Don't worry though we CAN get it fixed

 

hey mate thanks again for the quick response.

to be honest i have no idea what starware343 is.

i have followed your instructions and got rid of limewire and to be safe i ran through the whole process again and this time managed to use bitdefender properly.

i ran it twice, the first time it came up with some 3000 infected files but the second time it did not detect anything. the attached log is the from the first scan. i did save the HTML link for the second scan, let me know if you need it but it did come up with no infections.

i have attached all the logs as requested. the other two are next.

thanks again.

 

the other two logs.

thanks

 

OK! THats got rid of a LOT of your problems but there are still more!

Using add/remove programs which can be accessed from the control panel, uninstall the following:

Did you have problems uninstalling these the first time ? They are still showing as installed...


Download

- Pocket KillBox

Extract to its own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)




Run HijackThis. Click the 'Do a system scan only' button.


Once the scan has completed click Config

Click Misc Tools

Click Open Process Manager

Terminate the following processes by selecting them from the list and clicking Kill Process

This will probably appear as C:\Documents and Settings\user\My Documents\Assembly\alg.exe

Click back to return to the scan results.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.

 

hey mate, thanks again for the quick response.

i have followed all the steps outlined. i didnt remove those files last time becuase on the email i looked at on microsoft inbox they did not show up. but they have been removed now.

i have attached new logs.

just to let you know, flash player is still popping up and when i reboot the computer it takes a while for my computer to come up after i click on it.

also in windows explorer there is a file called starware343 which i did not delete becuase it wasnt on the list but should i get rid of it?

things are running better though but on the active scan it stilled showed up just a few things.

let me know what else to do and how i can prevent this again.

thanks again.

 

Is this anything to do with your isp ? nsw.bigpond.net.au

Run HijackThis. Click the 'Do a system scan only' button.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).
If Killbox does not reboot just reboot your PC yourself.


If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.

 

hi mate

i dont think it would have anything to do with my isp, bigpond is a probably the biggest internet provider in australia and before my roomate started downloading stuff i never had this problem.

i have attached new logs for you.

a few things with the PC just to keep you updated:

when i open up my web browser the home page is "about: blank".

also last time i deleted files in window explorer i did the ones you asked like "windows prefetch" but they were still there this time, which i deleted again.

and when the computer first boots up, if i click on my computer in the start menu it stalls for about 20 seconds then up comes a box with a red "X" and it says "windows cannot find '(null)' make sure you typed the name correctly then try again. To search for a file click the start button and then click search".

also if i am typing an email sometimes out of no where the cursor will start at an earlier point so that when i continue to type it happens at the start of the email. dont know if that is a problem or not but thought i would mention it.

other than that it is running alot faster as you can imagine.

thanks

 

Goto Tools --> Internet Options and set your homepage to something useful like majorgeeks.com

Thats fine

Something we removed is still trying to start. Please upload a new runkeys log.

Not sure this is a malware problem, are you on a laptop?

Fix the following line with HJT

reboote into safe mode and delete the following

Most of what activescan found are backups of files we removed.