Website opening up automatically!

Discussion in 'Malware Help (A Specialist Will Reply)' started by wolfend31, Nov 29, 2008.

  1. wolfend31

    wolfend31 Private E-2

    When I am accessing a website a new tab will open up and they are websites I don't normally visit. I have pop up blocker on so this is not pop ups. Usually, the websites are some anti virus thing that says it is automatically scanning my computer right now and it begins to scan. Although, there are other sites right as well. If I do a yahoo search, the a new tab might open up related to something I searched about.

    I did an Ad-Aware virus scan on my computer multiple times and deleted the problems that it found. Some of these problems included a "tracking cookie" or something like that. I then deleted all my cookies and stopped allowing them on my privacy settings. However, too many websites require me to allow cookies to keep them turned off. I don't know what the problem could be.

    Also, some websites are not running correctly since this problem began. MapQuest.com just brings up a screen that says "loading" if i perform a function. Facebook.com has given me problems getting to certain areas of that platform. I don't know what else to do.

    I downloaded NoScript from Firefox and that helped some of my websites run a little better, but not at 100%. Also, NoScript has not stopped websites from popping up out of nowhere. Please Help!!
     
    wolfend31, Nov 29, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Nov 30, 2008
    #2
  3. wolfend31

    wolfend31 Private E-2

    I have been going through all of the processes that you have listed, but I have a couple of questions before I continue from my current point.

    First, after I went to msconfig to fix the startup settings that it suggests, other programs open up automatically at start up. Mainly I am concerned with the Real Player program that opens up because I cannot find an option to stop this program from opening at start up. I tried deleting real player because I figured i could download it later if i needed it, but it won't let me and gives me an error message when doing so.

    Also, here are a couple of other notable things that happened so far in my process:

    - Cannot remove My Way Search Assistant as suggested. No option to remove or delete on Add/Remove programs page. Just says Used Rarely
    - Deleted Viewpoint Media Players
    - Cannot remove old version of Java as suggested. No option to remove or delete on Add/Remove programs page. Just says Used Rarely. Version is Java 2 Runtime Environment, SE v1.4.2_03
    - After running Search and Destroy, could not delete one of the items. First time it said there were 4 items that could not be deleted unless it was restarted and then it would run the program again at restart. After it ran, it deleted 4 items but then said it found 1 more item that could not be deleted.

    Now for the part that I am stuck at. I am about to run the 4th listed software, ComboFix. However, the instructions are a little confusing to me. I am using Windows Service Pack 3 and the instructions said I should download WSP 2. I tried doing this but when i go to run the install i get a little black screen that pops up and asks me to specify the drive i want to copy the images to. I don't know what this means or what to do from here. If i type a letter it just closes the screen and nothing else happens.

    I have the logs so far but I thought I would attach those at the end like the instructions suggest instead of doing so now. Tell me what to do next please!
     
    wolfend31, Dec 1, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should not be stopping because of these issues. As stated you should complete all steps and attach your logs. Minor issues like these can be addressed later.

    The instructions for ComboFix do not telling you to install SP2. They are trying to get you to do is install the Recovery Console. And if you do not have your original Windows XP boot CD, they are suggesting a method by which you can download files from Microsoft that enable you to get the Recovery Console installed. What they say is the below
    This does not say install SP2. They are referring to what you should select from this link http://support.microsoft.com/kb/310994 where you have to choose one of the setup disks. Microsoft had not publish any for SP3 and the SP2 one will work just fine for installing the RC.

    You need to follow the instructions more closely. You are not supposed to be running these files. You are supposed to do what the link for Using ComboFix has given you.

    If you cannot manage to follow those instructions for installing the Recovery Console, then just save ComboFix.exe to your Desktop and double click the file to run it.
     
    chaslang, Dec 4, 2008
    #4
  5. wolfend31

    wolfend31 Private E-2

    Thank you for all of your help. I have completed all of the necessary steps that you told me to complete and it seems that the problem is fixed! I appreciate your time and effort.

    Now that the problem is fixed there are just a few other things I would like to fix if possible. When I start my computer, there are a few programs that automatically start up that I don't want to. I want to find ways to stop this from happening. One program is RealPlayer. I looked for options in the program to get it to not start up but I could not find anything. Also, I was wondering if I could delete all of the software that I had to download in order to run the malware fix?

    I was going through the malware prevention tips and was trying to figure out if I had an anti-virus running or not and I did not know how to find that information. If I don't have one running I wanted to download one of the free ones that were suggested.

    One website suggested that I download the NoScript software from mozilla. I have found this software somewhat restricting sometimes but I was wondering if I should keep it anyways. The reason they told me to download it was in order to fix the malware problem but that did not work anyways. Otherwise everything else looks good with my computer.

    Thanks again!
     
    wolfend31, Dec 7, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See step 1 of th READ & RUN ME again which gave you this Dealing with Startup Processes


    See the final instructions down below.

    If you don't even know then you probably never installed one. If you had attached the requested logs we could have answered this.

    If you don't like it, then remove it.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Dec 9, 2008
    #6
  7. wolfend31

    wolfend31 Private E-2

    Here are the first set of logs. The reason I did not initially post them is because your original instructions said that I did not need to if the malware problem still persisted, which it has not. However, I am posting them now so you can tell me if I have an AntiVirus installed or not. Also, please let me know if there are any firewalls on my computer or if I need them or not. Thanks.
     

    Attached Files:

    wolfend31, Dec 10, 2008
    #7
  8. wolfend31

    wolfend31 Private E-2

    Here is my last log that I needed to attach.
     

    Attached Files:

    wolfend31, Dec 10, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have McAfee Antivirus installed so the question now is, "Are you getting updates for it?" If not, then you need to uninstall it and install something you can get updates for.

    You also have no realtime antispyware protection and you are relying on the less than adequate Windows firewall so you need a real firewall too.

    However you are still infected and have some work to do. If you already uninstalled ComboFix and MGtools, you will have to download them again to do the below.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below software:
    Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    After clicking Fix, exit HJT.


    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 12, 2008
    #9
  10. wolfend31

    wolfend31 Private E-2

    I have performed the scans and attached the logs that you asked for. Even before you told me to run these the original problem that I was experiencing had ceased when I did your original instructions. However, I was happy to see that you found hidden problems and are helping me take care of these. Here is a little list of all the things you asked me of:

    -As far as the updates for McAfee Antivirus, I am not sure how to find out the answer to this. Are they automatic or is it something that I am supposed to be doing myself? If I am supposed to be finding the updates then the answer to your question is no, I am not getting updates. If I am not getting updates, what do I do next? Do I need to uninstall it and download one of the free ones that you have suggested? Or can I just begin downloading the updates for McAfee and then be okay?

    -What kind of realtime antispyware protection can I get? Or is the firewall that you recommended enough where I won't need this? Also, I would like to download the firewall you have recommended, but I want to make sure I can get rid of my other one first...how do I do this?

    -I have uninstalled Windows Messenger. I got this from the MSN website so I thought it was MSN Messenger. How can I get the regular MSN messenger then if you say they are different?

    -I removed the Viewpoint Media Player.

    -Ran the HJT Micro program, and fixed the items you suggested I fix.

    -I followed your ComboFix instructions, and ran the CCleaner and MGtools as suggested.

    Let me know if there is anything else that I need to do. I appreciate all the help.
     

    Attached Files:

    wolfend31, Dec 13, 2008
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It all depends on which program from them you have installed. Some do not update unless you manually do it. You need to check to see from within the program if you can get updates and you need to check what versions of the Virus Definitions you have installed. If you are not paying for updates by a yearly subscription then you may not be getting them. You should know this.

    If your program is out of date and you are not eligible to download the updates (like you have not paid for it) then you will need to uninstall ALL of McAfee and use something like recommend in my final instructions which are given down below since your logs are clean now.

    See below.

    I just noticed that you may have a very out dated version of Sun Java installed and running. You should use the analyse.exe program (like in my last message) to fix the below line:

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    After clicking Fix checked continue.

    Now see it Java 2 Runtime Environment, SE v1.4.2_03 appears in Add/Remove programs. If it does then try to uninstall it. Then reboot.

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Dec 17, 2008
    #11
  12. wolfend31

    wolfend31 Private E-2

    Sorry that it has been so long since I wrote back, I got busy with the holiday season and such. Everything seems to be running okay on my computer except it takes a long time at start up since this process started.

    With regards to your last post, I uninstalled McAfee completely because I could not get updates. I ran the MGTools Analysis and fixed the one item you asked me to, but when I go to add/remove programs and selected Java 2 Runtime Environment, SE v1.4.2_03, no option to uninstall appears. It highlights it in blue and just says to the right that it is used rarely. Most programs give the option to Change or Remove when I select it, but not this program. How can I change this. This is the last step that I have to do before I install the newest version and then follow your final instructions.
     
    wolfend31, Jan 15, 2009
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See if you can use the below to uninstall it.

    Your Uninstaller! 2008
     
    chaslang, Jan 17, 2009
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds