Howdy-problems with malware

By bninja9
May 29, 2010
  1. so my symptoms
    -random pop-ups on IE (my default browser is chrome btw) for some of the links i click on pages.
    -prevention of updates on anti-malware software and blocking of URLS that gives support
    recently while following 8step process blue screen that comes out of nowhere with a lot of words then soft restart crash

    after the steps ive gotten pop ups killed and updates now let through

    thanks in adavnce for the tech diagnosis

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm so glad to hear that some of the problems cleared up. But the malware infections you had are a sure thing to have left bad files on the system.

    First, I'd like to ask if you are having any problem with your internet connection or are still getting redirected? There should be at least one 'Yes' in that question, so let's fix it:

    DNS Changer
    You will need to do a DNS Flush, then reset your router.
    Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

    Exit the Command prompt when finished and shut the system down.-

    • [1]. Shut down your computer, and any other computer connected to your router.
      [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
      [3]. Unplug the router. Wait sixty seconds.
      [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
      [5].With the router unplugged, start your computer. Run MBAM again.
      [6].Connect to the router again. The turn the router back on.
      [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
      [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Then Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    I will check the new Malwarebytes log, the Combofix report and the Eset log for bad entries and we'll go from there.
  3. bninja9

    bninja9 TS Rookie Topic Starter

    so far sooo good......ive had some crash problems and such but much better now

    the one thing i couldnt do was reset the router because im not using one. Im using my college's internet through the wall

    one lingering problem that i forgot to mention was that my entire system stalls/freezes for 4 secondish intervals then reverts to normal processing speed. this might be due to heavy cpu demand of the scans and sweeps initiated but it might not.


    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I see that you are heavily into gaming. You have Xfire, which is a gaming utility and CurseClientStartup.ccip on startup- you have MMERefresh (midirelated), CyberLink, the webam, PunkBuster A&B, Bonjour, Creedo Autodetect, audio-editing tools and on and on. And these are in addition to whatever games you have open!

    I would guess that those freezes are most likely due to running out of available memory. Maybe you close something or it crashes and frees up RAM without rebooting. Or a reboot restores RAM and the cycle starts all over again. Yes, the scans will ]put extra load on, but only while they're running. And if you open the Task Manager, you can find the processes that have high CPU use and search to find what they are.

    Since Malwarebytes cleaned the system the first time, there is an improvement in bad entries and I would guess also in the system performance.

    But I'd like you run 2 more programs. (When we're through, I'll have you remove all the cleaning tools and their logs).

    Download TDSSKiller. Extract the zipped file to your desktop.

    Go to Start ->Run. Type/Copy and Paste the following text into the prompt:
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\report.txt -v
    • This will have the program write a detailed log
    • The screen will resemble this black screen:
    • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
    • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list..
    • You should get a screen like this:
    • A log file named report.txt should have been created and saved to the root directory (usually C:\report.txt).
    • Follow the prompts and attach the report to your next reply.
    Follow with
    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    By the way, consider uninstalling anything you ne longer need or use. You hard drive 'space' is limited, even with the 2 drive: 10% free on C and 56% on G. The G drive says 'fixed' but you had a removal in Combofix that indicates it might be a flash drive.

    Please don't use BitLord while I'm helping you. It is a P2P program which can present malware dangers to your system. I would recommend you uninstall it but even if I documented the dangers, would you consider it?

    Please update Java to v6u20: Check this site Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...