Unable to stop the popups.

Discussion in 'Malware Help (A Specialist Will Reply)' started by tsonon1, Oct 21, 2006.

  1. tsonon1

    tsonon1 Private E-2

    On 10/12/06 at about 6:42 pm I finished downloading googles free cad(like) program. Before I even shut down the browser I started getting massive popups. The invasion was to the extent that it locked up windows. I restarted in safe mode and ran spybot and ewido. I saved the names of the problems from my first scans, but can't find the logs;

    downloader purityscan.co
    yeildmanager
    falkag
    mb/
    ion
    hijacker.vb.ph
    dowmloader.adload.fu
    adware.surfside

    I also had a smitfraud problem on 7/20/06; so I already had the removal tools for that and I ran it too for good measure. That was enough to stablize windows, so I booted normally. The popups started almost immediately, which, BTW are coming from somewhere on my system, some program is attempting to make these OUTGOING connections. I tried shutting off my DSL connection, but they are still actively trying to connect when I use IE (and once or twice using other programs). I used one of my firewall programs to block each IP address as it tried to connect, but I know that just hides the symptoms and the disease is still there. I then used your "READ & RUN ME FIRST Before Asking for Support" thread, and it seemed to help for about ten minutes. Now they aren't quite as often, but they keep coming. I don't know what I've missed, please help me.

    I am attaching hijackthis, aboutbuster, and aida logs for your review. Thank you!

    Traci
     

    Attached Files:

    tsonon1, Oct 21, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi Traci

    Sadly no-one is going to open a ZIP file thats coming from an infected PC ( same goes for Word Docs etc ) the only safe bet is to re-follow the guide below and attach your logs in .txt ( Notepad ) format, then we can get to work at cleaning your PC up :)


    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    DavidGP, Oct 21, 2006
    #2
  3. tsonon1

    tsonon1 Private E-2

    So sorry, sometimes you have to speak slowly and use small words with me. Here are about buster, the audit report from aida and hijackthis.
     

    Attached Files:

    tsonon1, Oct 21, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to follow the step by step directions that Halo gave to you and attach all the logs that were requested in that procedure. No place in there did he ask for about:Buster or Aida to be run. You must complete ALL steps in the READ & RUN ME and you must also install & rename HijackThis as requested. You are installed it exactly where we specified not to install it and you did not rename it. It would appear that you have not run the READ & RUN ME.
     
    chaslang, Oct 23, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds