Remove Malware causing popups

Greetings,

I have a Toshiba Satellite A305 running Windows Vista Home Premium with a 64-bit operating system. I stupidly clicked on a link I received in an email and now I have Chinese popups appearing and sometimes my internet explorer goes to Chinese websites.

I have tried to follow the directions given at http://forums.majorgeeks.com/showthread.php?t=35407
I installed and ran SuperAntiSpyware, Spybot, and Malwarebites Anti-Malware. They did not identify any problems. I tried to run combofix.exe, but it gave an error message that it did not run on a 64-bit system. I had the same problem with MGtools.exe. I still had popups so I downloaded and ran Hijack This. I have attached the log.

Thank you for your help.
Robbi

 

Greetings Chaslang,

Thank you for your help.

I have atteched the logs.

-What popups?

All of the popups are in Chinese and look like advertisements. Some had penguins (I think this may be the ICQ messenger). When I tried to close some of them, a new explorer window opened to a Chinese website that also looked like an advertisement.

-To what website?
They are all Chinese websites (Sorry, I cannot read them, but they appear to be advertisements). Two of the sites I have be taken to are:
http://www.sddfnk.com/yydt/20080924/16455245.shtml
http://www.sdwjzx.com/china/

-What do the popups say?
Sorry, I don't know.

-When do they occur?
When I am surfing the web and often when I am searching from Google. In searching for help with this problem I clicked on
http://stylez.wordpress.com/2006/10/15/a-guide-to-removing-chinese-popups-www3721com/
The address in the browser is correct, but the site was all in Chinese.

-Do they occur if no browser is open?
No.

-Do they occur if you physically unplug your cable to the internet (or shut down your wireless connection if using wireless)?
No.

-What browser are you using?
Internet explorer

-Do they occur in safe boot mode?
I do not know. I was unsure if it was safe to shut my computer down after making all the changes in the "Read and Run Me First" posting. Should I change things back before rebooting in safe mode?

It is possible that my computer was infected by a flash disc instead of the website.

Thanks again!
Robbi

 

Greetings!

I hope you had a nice vacation.

I have attached the new logs. I hope I allowed the MGtools to finish this time.

I disabled all the add-ons and still saw the popups.

Thank you again for your help.
Robbi

 

Greetings!

Yes, you are correct. It is a different computer and should be a different thread. I'm sorry. I use the HP computer as a backup and both computers are now infected with the popup malware. I think I transferred it with my USB flash drive.

I tried updating all the programs and running all the scans again on my Toshiba. The logs are attached. On the HP in XP I had no problems with the scans. With the Toshiba in Vista I had trouble with ComboFix and MGtools.

With ComboFixI was able to open the command prompt window in the Vista Recovery Environment, but then did not know what to do to run ComboFix.

With MGtools as soon as I double click on the icon, I start getting an error message that this program cannot run on a 64-bit system. I close this and it immediately reopens. This repeats several times until I close the window. I do not see the licensing agreement from Trends Micro. I can navigate to the GetLogs.bat and run as an administrator. Then the error message begins again. I read the Error Fix 1, but did not see a fix for Vista. Can I run the XP fix?

Thanks again for your patience.
Robbi

 

Greetings!

This was a great idea. I am embarassed to say that when I went to do this, I discovered that the system restore was turned off. It is now on. I am not sure how it was turned off. With help from a friend I made a clone of the hard drive with Acronis a few months ago and perhaps it was during this procedure.

The popups have stopped on this computer--the Toshiba with Vista. I do not know why. It has Norton 360 running on it, but there was no obvious indication that this suddenly recognized the malware. I will continue to watch for popups, but for now they appear to be gone. I could load Norton 360 onto the other computer--the HP with XP to see if that works.

Thank you so much for your help.
Robbi

 

Greetings!

Well, I think I went for more than a week without any popups and then they began again. Grr...

I had hoped Norton had identified the malware and that it had been detected and removed.

Perhaps we can find a way to remove it from the HP and then apply that to this computer.

I will be careful to transfer files with CDs and not infect any other computers.

Thanks again for your help.
Robbi

 

Greetings!

I ran the scans and they seemed to work, but did not find anything. I attached the logs.

Some of the advertisements on the popups seem to be new.

Thanks again.
Robbi