Redirected sites; pop-up problems.

Discussion in 'Malware Help (A Specialist Will Reply)' started by RedShellhead, Feb 27, 2009.

  1. RedShellhead

    RedShellhead Private E-2

    Hello there,

    I'll preface this by saying that I read and followed the instructions in the "READ & RUN ME FIRST" thread, and its subsequent links, before posting this.

    My wife was browsing a forum or site she frequents about four days ago (I don't have the site name on hand, but it was an innocuous soap-making forum). She clicked on a link and, not having adequate/updated security (my fault, really) she immediately got hit with something. She now finds herself redirected to different websites every so often. (When trying to replicate the problem it happened once in my 15 minutes of browsing on her computer.)

    As I said, I followed the instructions in the Malware removal threads to the letter, except for these issues:

    1) combofix does not appear to be working. A small window with "combofix" on it will appear, along with a green progress bar. A small tab for the program (with the combofix icon, but no text) will appear on the start bar as well. After about 10 seconds, both of these disappear. I renamed the combofix.exe to cf.exe, but the problem persists.

    2) MGTools does not appear to be working. The first time I ran it the program appeared to stop functioning after running a couple of the scans. It said, "Searching for .COM files..." or something like that, and that was the last it said. It did not do anything else for more than two hours. An MGTools.zip file was created, but I'm not sure how complete it is. Since then, it won't even begin the scan.

    I will attempt to attach the logs that were created while running the other programs. Thank you very much for your help.
     

    Attached Files:

    RedShellhead, Feb 27, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You are correct about MGtools not finishing. We need to get more logs from it and we need to get ComboFix to run. Please do the below in the order written; however if any step does not work, just skip and continue on. You can explain what happens later.

    First a question! Do you use Real Player and MusicMatch Jukebox?

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    No reboot into safe mode.

    While in safe mode try to run ComboFix again.

    Also while in safe boot mode, run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then reboot into normal mode attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!

    NOTE: If the GetLogs.bat program seems to hang again while running ShowNew.bat, bring the command prompt window to the top by clicking on it and just hit CTRL-C to abort it. (it should not take more than 5 to 10 minutes ever and that is only when there are many many thousands of folders and files on your PC). Then do the below as a test to see if we can find out why is is hanging:

    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
     
    chaslang, Feb 28, 2009
    #2
  3. RedShellhead

    RedShellhead Private E-2

    Thank you very much for the help!

    Unfortunately, following these instructions did not seem to yield the desired results.

    I downloaded the Windows Messenger disable/remove program and ran it. Had it uninstall WM, and that appeared to work without a hitch.

    I then copied and pasted the bold text into notepad, saved it as a .reg file, and ran that; it did not give me any kind of message. Everything except for my wife's wallpaper blanked out for a few seconds (the desktop icons and start bar all vanished) and then reappeared. No message of any kind.

    I then rebooted in Safe Mode and attempted to run ComboFix. It repeated the behavior it was exhibiting before. (That is, a tab with the icon but no text appears on the start bar while a ComboFix loading bar runs for a few seconds. Both then disappear.)

    I then tried to run the GetLogs.bat file by double-clicking on it in the MGTools directory. No luck! It actually made the Safe Mode loading prompt come up again. You know, the window that says, "Your computer has started in Safe Mode...please click Yes to continue in Safe Mode, or No to..."

    I wish I could attach the requested logs, but it appears that neither program generated one.
     
    RedShellhead, Mar 2, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What happens if you click Start, Run and enter regedit and then click OK.

    Also try the below and tell me what happens.

    Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System Rile Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.
     
    chaslang, Mar 4, 2009
    #4
  5. RedShellhead

    RedShellhead Private E-2

    Sorry for the delay; I've been trying to find the Windows CD for my wife's computer without success. Going to keep looking so I can attempt to follow the second part of your instructions.

    As for the Start -> Run -> regedit, the exact same thing happens that I described previously. That is, everything except the desktop wallpaper and the mouse pointer disappears for several seconds before reappearing. That's it. No message, no sound, nothing else.
     
    RedShellhead, Mar 10, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well it is not looking very good. Based on the only logs you attached, there were no real significant malware problem. Thus you may be having more of a problem with the Windows Operating System itself and your options may only be the below:
    1. see if there is any way to get System Restore to run so you can restore to a point in time before the problem occurred
    2. if item 1 does not work, I would try using a procedure like what is mentioned in the below link to restore the registry hive from a known good date. This does require your Windows bootable CD
    3. If neither 1 or 2 work, do a Windows Repair which also reqires your Windows CD
    4. If neither 1, 2, or 3 work, a total reinstall will be necessary. You either need your Windows CD or a factory recovery CD or a recoery partition on your hard disk.
     
    chaslang, Mar 13, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds