[Active] Getting Internet Explorer popups while on Chrome & found a trojan last week

By Hiralarious
Aug 10, 2010
Topic Status:
Not open for further replies.
  1. So I recently noticed that my computer was a slower than usual. This may be because I just came back from vacation so I don't know the speed as well as I used to, but yeah. Today I also started getting internet explorer popups while on chrome, even though I don't even use explorer. Also, I just got the blue screen of death thing twice today. I tried doing the 6 steps things, but I ran into a few problems. I already had malwarebytes downloaded on my computer, but it won't update for me - I get an error 732. However, I did run a full scan a few days ago, but the last time my malwarebytes was updated was january 7 2010. Also, I had to go out for a bit while I was doing the GMER scan, but when I was back I had the blue screen of death issue. I'll try again in a bit if needed, but yeah. Before I left, I noticed that it had found one thing.
    Oh, I have yet to run the DDS thing, but I will close my internet in just a second to do that.

    & thanks in advance :]

    I also have attached the old malwarebytes log & the two others.

    Also, strangely enough, while I was running the DDS thing the first time something came up that restarted my computer - it wasn't the usual stuff from program updates either. It had like a 30 second countdown too. I tried taking a screen shot, but for some reason it wouldn't paste into paint. Might not be related, but thought I'd mention it anyway.

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 761

    Once you have posted all the logs, I will take a look :).
  3. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    Done:)
    And thanks for the lightning fast reply<3
  4. crunchie

    crunchie Malware Helper Posts: 761

  5. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    Uh, I just downloaded the malwarebytes rules part and now when I try opening the program, I get a error 730.
    Should I just uninstall and reinstall the program?
    And also, yumm.. food:)
    But wow, where do you live? It's way past lunch time here. Hahha.
  6. crunchie

    crunchie Malware Helper Posts: 761

    Way past lunchtime yesterday (for me) no doubt. Tuesday 2.45PM here in the land of oz (Australia).
    Try uninstalling the reinstalling and we will see what happens from there.
    Before installing, run the tool from here: http://www.malwarebytes.org/mbam-clean.exe
  7. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    Oh schnap! malwarebytes found a lot of stuff O:
    And I'm insanely jealous that you live in aus.

    Attached Files:

  8. crunchie

    crunchie Malware Helper Posts: 761

    Are you still getting the pop ups?
  9. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    Nopeee.
    But do I have any other random viruses and stuff on there still? :/
  10. crunchie

    crunchie Malware Helper Posts: 761

    Not that I can see in your logs.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

  11. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    Ohkay, sorry it took me so long to replyy.
    The first scan wouldn't work for some reason & the second like, worked but then my internet died halfway through it so i was like, screw it.. and so I used the last one.
    But of course, my net died RIGHT when the scan was done, so I dont think it saved on a notepad thing.. but I took a screenshot. Hopefully that's good enough, if not, I can rescan. :]
    ... ugh, it says that the file size is too big for the thing.
    D:
    I'll rerun the thing overnight, I suppose and update you then :]
     
  12. crunchie

    crunchie Malware Helper Posts: 761

    If it makes it easier, boot into safe mode with networking to do the scan.
  13. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    Yay, finally got around to doing the scan :]
    My net likes dying on me at night which is when I generally do all the scanning stuff.. which is why I took so longg.
    MY BAD.
    But anyway, thank you again and here you go :]

    Attached Files:

  14. crunchie

    crunchie Malware Helper Posts: 761

    Looks ok to me. It is just flagging some of the tools you have used.

    How are things going?
  15. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    I think my computer is still pretty slow. :/
    I don't know if that's just because my computer is just slow & old or if it's my net, etc.
    But the pop up thing is gone.
    :3
  16. crunchie

    crunchie Malware Helper Posts: 761

    When was the last defrag done?

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    Well, it won't let me paste it because it's too long, so I just saved it.

    And I think I defragged my comp like, two weeks ago?

    Attached Files:

  18. crunchie

    crunchie Malware Helper Posts: 761

    Problem here likely started with all the P2P programs you have installed.
    I see that utorrent is set to run at startup. You may want to disable it from the startup to be sure it is not using the bandwidth.
    Set Windows updates to manual too.

    ==

    Viewpoint Manager is considered to be foistware, rather than malware, since it is installed without users approval, but doesn't spy or do anything "bad". Please read this article: http://www.clickz.com/news/article.php/3561546
    I suggest that you remove the program. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
    Viewpoint
    Viewpoint Manager
    Viewpoint Media Player


    =============

    Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

    C:\WINDOWS\WMSysPr9.prx

    =============

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Files
      C:\WINDOWS\tasks\zxnxgpof.job
      :OTL
      SRV - File not found [Disabled | Stopped] -- C:\Nexon\MapleStory\npkcmsvc.exe -- (npkcmsvc)
      SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
      SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb)
      DRV - File not found [Kernel | Auto | Stopped] -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ARSHIR~1\LOCALS~1\Temp\catchme.sys -- (catchme)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\Run: [KernelFaultCheck]  File not found
      O20 - AppInit_DLLs: (zbotub.dll) -  File not found
      :Commands
      [emptyflash]
      [purity]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  19. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    I can't seem to find viewpoint in the add/remove programs for some reason.

    Also, how do I disable utorrent from starting at startup and send windows updates to manual?

    & I only downloaded utorrent and the other p2p programs like, two days ago to download a program so nothing came from that.

    For the scan:

    Filename: WMSysPr9.prx
    Status:
    Scan finished. 0 out of 19 scanners reported malware.
    Scan taken on: Thu 5 Aug 2010 09:26:09 (CET) Permalink

    Also, second link doesn't work.

    Attached Files:

  20. crunchie

    crunchie Malware Helper Posts: 761

    Start > Run and type in msconfig and hit ok. Go to startups and uncheck the utorrent box on the left.
    Hit apply and ok out.
    Next time you boot you will get a message that you have changed your startup. Tick the box on the lft and then OK.

    ==

    Go to Control Panel and then Windows Updates. Select the 'notify me but do not download' option.

    ====

    How is the pc now?
  21. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    The only updates I see are program and automatic updates.

    And the pc is faster & less laggy, I think :3
  22. crunchie

    crunchie Malware Helper Posts: 761

    http://support.microsoft.com/kb/875349
    Thats the one you want.
  23. Hiralarious

    Hiralarious Newcomer, in training Topic Starter Posts: 17

    Mmks.
    And actually, I don't think my comp speeded up that much.
    ):
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.