redirect and pop up virus

Discussion in 'Malware Help (A Specialist Will Reply)' started by dennisfuel, Dec 2, 2009.

  1. dennisfuel

    dennisfuel Private E-2

    it started when i watched a movie online and i got "system defender" a fake antivirus program then any links i open into a new tab get redirected to other sites. every once in a while a new tab pops up as random web sites.

    combofix crashed my computer so i dont have a log for that and malware bytes didnt find any thing so the log was empty except for scan time and amount of files scaned

    thanks for any help
     

    Attached Files:

    dennisfuel, Dec 2, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you disable all of your AV and AS programs before running Combofix? I do not see it on your desktop.

    Let's remove a few things and then have you redownload it to your desktop.

    Continue by downloading a tool we will need - Pocket KillBox

    Now run Pocket Killbox by doubleclicking on killbox.exe
    Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:
    * Delete on Reboot
    * then Click on the All Files button.*(or on the folders option)*
    * Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\mulib19s
    C:\Windows\Temp\WFV1C36.tmp
    C:\Users\D\AppData\Local\Temp\CLW170B.tmp
    C:\Users\D\AppData\Local\Temp\is-RODH6.tmp
    C:\Users\D\AppData\Local\Temp\jkos-D
    C:\Users\D\AppData\Local\Temp\utt7DED.tmp
    C:\Users\D\AppData\Local\Temp\utt7DED.tmp.bat
    C:\Users\D\AppData\Local\Temp\wc170a.tmp
    C:\Users\D\AppData\Local\Temp\{44CAADA1-8D7A-40E4-B11E-DA84F9426132}
    C:\Users\D\AppData\Local\Temp\~nsu.tmp
    C:\ProgramData\27D59B0
    * Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    * Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    Now disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished). Now right click ComboFix on your desktop and choose to run it as administrator. Tell me if it runs.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Dec 4, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds