virus/malware help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by LambyFrog1114, Apr 11, 2009.

  1. LambyFrog1114

    LambyFrog1114 Private E-2

    Any help would be greatly appreciated.

    I began having issues about a week ago... Here is basically what happens:
    The problem began with me getting a pop up message telling me i was infected - it was a type of window that Windows would use to alert you, but was obvious to me that it wasn't ... I immediately closed everything and did not click on anythign else...
    Now...
    Internet explorer and Firefox crash constantly - Firefox especially (which is what I mainly use) when going to normal websites that i reguarly visit [ie, checking email, bank account, facebook, etc]
    With Internet Explorer, when I do searches [via google] and click on links, I am often instantly redirected to some sort of ad page but then can tab back to the page I was trying to reach.
    I've also noticed that my Norton 360 which had said it expired [and to me it seemed like it was reasonable that it had] about 2 days before this all happened... now all of a sudden says it is active again for 45 more days?? However, it doesn't show up in my desktop tray anymore instnatly, i have to actually open the shortcut for the main page from my desktop. Also yahoo and myspace IM that always auto started upon start up no longer do.

    I had tried using Avira and it said it found a virus... something like blumblebee and would say it removed it, but upon another complete systom scan would continually find it again.

    I've gone through all the steps and have attached my logs.
    I had issues with Combofix - i couldn't get the program to download or go to any of the bleepingcomputer webpages at all - they just didn't load. I tried Firefox and when I attempted to save it to my desktop got a message that said "C:\Documents and Settings\******\Desktop\combofix.exe.part could not be saved, because the source file could not be read.

    Try again later, or contact the server administrator."
    with my first and last name [computer name] as the ****** part
    Then it appeared to download.... but upon trying to open the .exe file, got no response at all. after trying to delete the original and re-download it, had no success adn again received the same message above.

    Also. while using MGTools, I only got 2 logs, I did not get the newfiles.txt log at all.

    Thanks so much
    Let me know if I can clarify anything

    Lauren

    Getunkey.txt was too large to upload with this set so i'll upload it separately
     

    Attached Files:

    LambyFrog1114, Apr 11, 2009
    #1
  2. LambyFrog1114

    LambyFrog1114 Private E-2

    here is the other log...

    woops.... this is the message i get
    "GetUnKey.txt:
    Your file of 399.1 KB bytes exceeds the forum's limit of 250.0 KB for this filetype. "
    ???? What should i do?
     
    LambyFrog1114, Apr 11, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to tell me what happened when you ran MGTools.exe......did you make the license agreement to run HJT? Did you allow it to run until it told you to press any key?
    Did you get error messages?

    Let's first do this:
    download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it - let it run. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Apr 14, 2009
    #3
  4. LambyFrog1114

    LambyFrog1114 Private E-2

    Thanks

    With MGTools it just stopped after it created those first 2 files. I left it be for hours and it never did anything else - no error messages, never got the HJT prompt..nothing.

    I'll try the other thing you suggested tonight and post what happens

    Thanks
     
    LambyFrog1114, Apr 14, 2009
    #4
  5. LambyFrog1114

    LambyFrog1114 Private E-2

    Attached is my Avenger log.

    I ran into the same problem when running MGTools. I just stops when it goes to process the 'new' part... just never does anything after that. I let my computer sit for 12 hours and still nothing. No error messages, program stays open, but nothing happens.
     

    Attached Files:

    LambyFrog1114, Apr 16, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download Dr.Web CureIt and save it to your desktop.

    • Doubleclick the cureit-beta.exe file and allow to run
    • If it prompts you about getting any updates, get the update and then rerun the cureit-beta.exe installation.
    • When it finishes you will have a green window with a Start and and Update selection. Click Start
    • the Express Scan of your PC window will come up. Click OK to scan main memory to detect infected process in memory.
    • If anything is found in memory, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • You may see a popup window to Buy or get a discount on the program. Just click the X at the top right to close this popup. The scan will continue.
    • Once the short scan is completed, click the Custom Scan radio button. Then Select each of your hard disk drives (that is if you have more than one). A red dot shows which drives have been chosen.
    • Click the green arrow at the right under the Dr.Web logo, and the scan will start.
    • Click 'Yes to all' if it finds any problems and asks if you want to cure or move the file.
    • When the scan has finished, look if you can click next icon next to the files found:
      http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
    • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! This is necessary because there could be files in use that will be moved or deleted during reboot.
    • After reboot, rename the DrWeb.csv file to DrWeb.txt so that it can be uploaded here and then attach the log from Dr.Web to your next reply
     
    TimW, Apr 19, 2009
    #6
  7. LambyFrog1114

    LambyFrog1114 Private E-2

    Here is the DrWeb log
     

    Attached Files:

    LambyFrog1114, Apr 20, 2009
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That certainly took care of a lot of item, Are you able to now run the scans to completion>
     
    TimW, Apr 23, 2009
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds