TechSpot

Malware/spyware problems - fling.com and bogus spyware popups

By Arikado
Nov 9, 2008
  1. Hey folks. I was out for the day yesterday, and my dad was using my computer. Long story short, my computer has been hit with some annoying malware. Fixes I've used in the past didn't work, so I was referred to the eight step process.

    Avira found multiple trojans, such as TR/Vundo.gen, TR/Crypt.XPACK.gen, and JS/Agent/J66. Symptoms include Windows booting up slow, random popups, usually to fling.com or a bogus spyware website that attempts to get me to download a program, and a general drop/slowdown in system performance. I use Firefox, but my dad was using IE when the malware appears to be contracted. The problem extends to both browsers now.

    EDIT: Forgot to mention that the majority of the popups are the AntiSpyware2009 ones that seem to be pretty common lately. Also, after running scans with all of the programs in the eight steps, the problem appears to be gone, but I'd like to be sure before I consider the problem fixed.

    Here are my logs. Any help would be appreciated. Thanks in advance. :)
     

    Attached Files:

  2. rf6647

    rf6647 TS Maniac Posts: 829

    Welcome to TS.

    Use this info about O1 findings: Robtex for 127.255.255.255
    . The named URLs are re-directed. This may reflect your choice?

    Use HJT to Fix the following (apply checkmarks against these findings)
    Update MBAM & SAS.
    Re-run MBAM & SAS.

    Re-post the 3 logs.

    Note : Posts by MFlynn recommend repeated application of these tools (including safe mode). This differs from the favored 8-step malware removal guide. Personally, I have no problem using the tools in this manner following this initial post.
     
  3. Arikado

    Arikado TS Rookie Topic Starter

    Thanks for the reply. Here are the updated logs.
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    You're clean.

    Recommending cleanup is not my strong point.
    Recommendations Courtesy of Bobbye
    I call attention to Foxit vs Adobe, Java, OTcleanit.
    Specific HJT changes are reserved to that thread.
    It is appropriate to reset system restore, since one was infected (original MBAM).


     
  5. mflynn

    mflynn TS Rookie Posts: 2,655

    Good morning rf6647

    It is absolutely imperative to run over again until clean or finds something it can not handle.

    You see if a really bad boy is in charge it may hide other malware.

    Once this bad boy is gone it has opened the door for (any malware tool) in this case SAS and MalwareBytes to look at what was hidden then clean it. It could take 3 or more runs!

    Same for Virus Scanners if you have a bunch or a really bad one and it says it cleaned and removed them then another run may find more.

    So I always recommend runs until clean. Many Malware fighters are missing the boat on this one and doing a disservice by not doing it.

    Basically common sense!

    Hope you don't mind but Arikado needs a couple more steps.
    ----------------------------------------------------------------------------------------------------------------------------------
    Arikado
    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

    http://www.majorgeeks.com/ATF_Cleaner_d4949.html
    ----------------------------------------------------------------------------------------------------------------------------------

    After ATF-Cleaner, open SAS but do not run a scan, but add the config below first.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Leave the others as they are.

    This should clean the remaining tracking cookies in the last SAS log.

    Reboot run SAS again to be sure.

    Later guys,
    Mike
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...