I think my system was infected with 'something' - no idea what - via a rogue ad on a legitimate website a few days ago. I'll describe the symptoms first, and then go on to how they have (at least on the surface) been solved. This isn't so much a post asking "how do I clean my system" so much as "to what extent have I cleaned my system" (or as near as you can ever be to knowing something along those lines). The problem no longer has any noticeable symptoms, but obviously I'd appreciate any advice/information on what the problem may have been and anything further I should do.
OS was at this point Win XP SP2 (I'd been lax about updating for a long time - I've since installed SP3 and some other updates).
The relevant visit to this otherwise legit site somehow resulted in (a) a popup/plugin install warning of some kind from Firefox, and (b) the opening via Foxit of a pdf file entitled "img.jpg.pdf" or something very like that. My current AV program (Avira) didn't notice anything. Following this I was able to close Firefox and then reopen it and use the browser as normal one more time.
After this, the one overt symptom of the problem started: neither of my browsers (Firefox and IE, the latter of which I use less often) would open. When I attempted to open IE, it would appear in the Task Manager processes list for a fraction of a second and then disappear, if even that. Firefox, on the other hand, would appear in the processes list when executed and would stay there indefinitely until killed, listing about 17MB of RAM usage, but no browser window would ever appear. This behaviour kept going through several reboots.
This was purely a problem with the browser programs themselves - there was no connectivity or networking problem, and my email client etc. kept working throughout.
An uninstall and reinstall of Firefox managed to get that browser working again sporadically - sometimes it would open and on other attempts it wouldn't. After trying to find information on similar problems, I then managed to download MalwareBytes and run it - this found several supposed bits of malware and removed them. Following this, both my browsers were functional again and there were no longer any overt symptoms of infection.
Since then I've followed the 8-step instructions from this forum, including rerunning MalwareBytes again. In so far as I understand the logs (which isn't much!), everything appears clean.
I did have one problem during the process - GMER, when run both with and without 'Devices' ticked, caused a spontaneous reboot part-way through the scan each time I tried to run it; eventually I rebooted into Safe Mode and ran a successful GMER scan there. As I result of this I ended up running DDS before finally getting GMER to run in Safe Mode - let me know if this is a problem.
I've attached both MalwareBytes logs (the first run that solved the browser-opening problem and the second run during the 8-step procedure), as well as the GMER and DDS ones.
Any advice about anything further I can/should do would be much appreciated.
Purely as an observation, it seems like a very strange piece (or pieces) of malware - what on earth would be the point of disabling a user's browsers? It's an extremely overt way to announce the presence of an infection, and doesn't seem to have any logic to it.
OS was at this point Win XP SP2 (I'd been lax about updating for a long time - I've since installed SP3 and some other updates).
The relevant visit to this otherwise legit site somehow resulted in (a) a popup/plugin install warning of some kind from Firefox, and (b) the opening via Foxit of a pdf file entitled "img.jpg.pdf" or something very like that. My current AV program (Avira) didn't notice anything. Following this I was able to close Firefox and then reopen it and use the browser as normal one more time.
After this, the one overt symptom of the problem started: neither of my browsers (Firefox and IE, the latter of which I use less often) would open. When I attempted to open IE, it would appear in the Task Manager processes list for a fraction of a second and then disappear, if even that. Firefox, on the other hand, would appear in the processes list when executed and would stay there indefinitely until killed, listing about 17MB of RAM usage, but no browser window would ever appear. This behaviour kept going through several reboots.
This was purely a problem with the browser programs themselves - there was no connectivity or networking problem, and my email client etc. kept working throughout.
An uninstall and reinstall of Firefox managed to get that browser working again sporadically - sometimes it would open and on other attempts it wouldn't. After trying to find information on similar problems, I then managed to download MalwareBytes and run it - this found several supposed bits of malware and removed them. Following this, both my browsers were functional again and there were no longer any overt symptoms of infection.
Since then I've followed the 8-step instructions from this forum, including rerunning MalwareBytes again. In so far as I understand the logs (which isn't much!), everything appears clean.
I did have one problem during the process - GMER, when run both with and without 'Devices' ticked, caused a spontaneous reboot part-way through the scan each time I tried to run it; eventually I rebooted into Safe Mode and ran a successful GMER scan there. As I result of this I ended up running DDS before finally getting GMER to run in Safe Mode - let me know if this is a problem.
I've attached both MalwareBytes logs (the first run that solved the browser-opening problem and the second run during the 8-step procedure), as well as the GMER and DDS ones.
Any advice about anything further I can/should do would be much appreciated.
Purely as an observation, it seems like a very strange piece (or pieces) of malware - what on earth would be the point of disabling a user's browsers? It's an extremely overt way to announce the presence of an infection, and doesn't seem to have any logic to it.