Announcement

Collapse
No announcement yet.

Computer peeps..I need some help/ideas over here...;

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Computer peeps..I need some help/ideas over here...;

    Back around Thanksgiving, I picked up a virus on my machine from somewhere...

    I've got most of it cleaned up, but I'm still getting these occasional (pop ups for lack of a better term) ads that keep showing up in my task bar.
    Probably had about 7 or 8 show up yesterday.

    No porn, just BS health care ads or TV/video services or deal of the day type stuff.


    I've got adblocker running, also a pop up blocker along with scans by spybot, malwarebytes and stopzillia trying to filter out the problem, but some how, they're still showing up.

    What am I missing... where is this stuff coming from?

    Any thoughts or ideas about how to get rid of this problem would really be appreciated.


    Thanks
    mardyn
    Tags: None
  • #2
    Post your Malwarebytes logs and do you get redirected when searching from google?

    Comment

    • #3
      I was getting redirected on Google, but i got that problem taken care of along the way.

      I used a app called TDSSkiller that fixed a lot of the initial problem.

      I can do another scan and post up the log.... but it always shows "0 infected files"

      mardyn

      Comment

      • #4
        Just post logs from when infection(s) were found. I'd like to see what it was/is.

        Comment

        • #5
          Here's one of the first scans:

          Malwarebytes' Anti-Malware 1.50
          Official Site | Malwarebytes: Antivirus, Anti-Malware & Privacy
          https://www.malwarebytes.org
          Malwarebytes offers real-time antivirus, advanced anti-malware and privacy protection for all your devices. Launched in 2004 as a free virus scan, we still offer a free basic version 20 years later. Learn more.


          Database version: 5273

          Windows 5.1.2600 Service Pack 3
          Internet Explorer 7.0.5700.6

          12/8/2010 12:57:50 PM
          mbam-log-2010-12-08 (12-57-50).txt

          Scan type: Quick scan
          Objects scanned: 144780
          Time elapsed: 7 minute(s), 18 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 12
          Registry Values Infected: 0
          Registry Data Items Infected: 0
          Folders Infected: 0
          Files Infected: 6

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          HKEY_CLASSES_ROOT\Installer\Features\F284DD28157EB C94AAE3EFF9100A1ADC (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Installer\Products\F284DD28157EB C94AAE3EFF9100A1ADC (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\F284DD28157EBC94AAE3EFF9100A1ADC (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Installer\UpgradeCodes\50E90EC4E C063D44BB935A0D02415732 (Rogue.MalwareBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UpgradeCodes\50E90EC4EC063D44 BB935A0D02415732 (Rogue.MalwareBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ControlPanel\NameSpace\{9D3CF1 93-58E5-40d5-BA60-233F4C216E37} (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Components\1F26A7A704ABD8F4F8801F37167D691F (Rogue.MalwareBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Components\93DE74A43267CFB4CA586DB6F1F79964 (Rogue.MalwareBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Components\AA02C0F5889834C42886C1A98EA53266 (Rogue.MalwareBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Components\B575E3C1288DD9E4A83E9E064562CDC1 (Rogue.MalwareBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Components\D37F1F5D110C2EA4C85EC64E702394B9 (Rogue.MalwareBot) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{82DD482F-E751-49CB-AA3E-FE9F01A0A1CD} (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

          Registry Values Infected:
          (No malicious items detected)

          Registry Data Items Infected:
          (No malicious items detected)

          Folders Infected:
          (No malicious items detected)

          Files Infected:
          c:\documents and settings\New User\local settings\Temp\7zS6A.tmp\MSIStart.exe (Rogue.SpywareStop) -> Quarantined and deleted successfully.
          c:\documents and settings\New User\local settings\Temp\7zS6A.tmp\malwareremovalbot\spyclean er.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
          c:\documents and settings\New User\local settings\temporary internet files\Content.IE5\985X3BBL\irfvjtg[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
          c:\documents and settings\New User\local settings\temporary internet files\Content.IE5\985X3BBL\b398ad[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
          c:\documents and settings\all users\Desktop\malwareremovalbot.lnk (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
          c:\WINDOWS\Tasks\malwareremovalbot scheduled scan.job (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.


          Thanks TxR, I appreciate your help here..

          Comment

          • #6
            Dl this and then import MVPS HOSTS file w/ it.

            When it's done, click make read only at.the top left. Next, Dl Ccleaner Slim ad clean all temp files and DNS Cache then reboot and see if the issue isn't resolved.

            Comment

            • #7
              Okay, got it...

              not too sure about how to clean up the DNS Cache... isn't it supposed to dump with each reboot?

              THX!
              mardyn

              Comment

              • #8
                Originally posted by mardyn View Post
                Okay, got it...

                not too sure about how to clean up the DNS Cache... isn't it supposed to dump with each reboot?

                THX!
                mardyn
                On the DNS Cache, make sure that the box is checked in Ccleaner and it'll take care of it for you.

                Comment

                • #9
                  10-4,

                  I ran Ccleaner.... it seems to have helped, but didn't get everything yet. Had one pop up ad slip through a few minutes ago. Maybe that DNS didn't get dumped as I thought.

                  I'm still working on it.

                  Again, thanks for the great assistance and good info.

                  mardyn

                  Comment

                  Previous template Next
                  Working...
                  X