Malware/spyware problems - fling.com and bogus spyware popups

[Arikado]

Hey folks. I was out for the day yesterday, and my dad was using my computer. Long story short, my computer has been hit with some annoying malware. Fixes I've used in the past didn't work, so I was referred to the eight step process.

Avira found multiple trojans, such as TR/Vundo.gen, TR/Crypt.XPACK.gen, and JS/Agent/J66. Symptoms include Windows booting up slow, random popups, usually to fling.com or a bogus spyware website that attempts to get me to download a program, and a general drop/slowdown in system performance. I use Firefox, but my dad was using IE when the malware appears to be contracted. The problem extends to both browsers now.

EDIT: Forgot to mention that the majority of the popups are the AntiSpyware2009 ones that seem to be pretty common lately. Also, after running scans with all of the programs in the eight steps, the problem appears to be gone, but I'd like to be sure before I consider the problem fixed.

Here are my logs. Any help would be appreciated. Thanks in advance.

 

[rf6647]

Welcome to TS.

Use this info about O1 findings: Robtex for 127.255.255.255
. The named URLs are re-directed. This may reflect your choice?

Use HJT to Fix the following (apply checkmarks against these findings)

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: (no name) - {CF49FC17-A103-4599-B9E5-F92967FD5319} - C:\WINDOWS\system32\jkkKaaab.dll (file missing)
O20 - AppInit_DLLs: rjlzwp.dll

Update MBAM & SAS.
Re-run MBAM & SAS.

Re-post the 3 logs.

Note : Posts by MFlynn recommend repeated application of these tools (including safe mode). This differs from the favored 8-step malware removal guide. Personally, I have no problem using the tools in this manner following this initial post.

 

[Arikado]

Thanks for the reply. Here are the updated logs.

 

[rf6647]

You're clean.

Recommending cleanup is not my strong point.
Recommendations Courtesy of Bobbye
I call attention to Foxit vs Adobe, Java, OTcleanit.
Specific HJT changes are reserved to that thread.
It is appropriate to reset system restore, since one was infected (original MBAM).

Considered 'foistware'. User Choice. Use Add/Remove Programs
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

[mflynn]

Good morning rf6647

It is absolutely imperative to run over again until clean or finds something it can not handle.

You see if a really bad boy is in charge it may hide other malware.

Once this bad boy is gone it has opened the door for (any malware tool) in this case SAS and MalwareBytes to look at what was hidden then clean it. It could take 3 or more runs!

Same for Virus Scanners if you have a bunch or a really bad one and it says it cleaned and removed them then another run may find more.

So I always recommend runs until clean. Many Malware fighters are missing the boat on this one and doing a disservice by not doing it.

Basically common sense!

Hope you don't mind but Arikado needs a couple more steps.
----------------------------------------------------------------------------------------------------------------------------------
Arikado
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------

After ATF-Cleaner, open SAS but do not run a scan, but add the config below first.

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.

This should clean the remaining tracking cookies in the last SAS log.

Reboot run SAS again to be sure.

Later guys,
Mike