TechSpot

Popup hell

By jzeb
Oct 30, 2008
  1. hello all, just followed the 8 step action that you recommend to do. below should hopefully be the three logs . any help would be extremely gratefull as i'm in pop up hell. it only seems to happen when switching the pc on at start up in internet explorer. also since scanning with the three applications the shift button doesn't work. anyone got any ideas
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry you had to wait two days! Lots of malware around!

    Nice job on the logs. One Real Time process needs to be disable though:
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    Spybot S&D (Teatimer)
    The Java needs to be updated to v7u10: Please do that here: http://java.com/en/download./manual.jsp

    Please rerun HijackThis with TeaTimer disabled.

    Question: Have you set a blank homepage? I need to know that before I check the new log.

    Do you still have the \FISHER PRICE PET SHOP game on your desktop? If so, please do a right click> scan with the AV program. A Trojan was found on:
    If they include any of the following, each needs to be scanned separately:
    Please attach the new HijackThis log when through.
     
  3. almcneil

    almcneil TS Guru Posts: 1,277

    I'd recommend Ad-Aware 2008 (see Downloads section at this site).

    Repost with results.

    Best,
    -- Andy
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I don't think it's necessary for you to run AdAware. It's not going to come up with anything the others programs didn't. Hopefully you will continue with what we have started.
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I have removed a number of posts debating which program(s) the thread starter should use.

    We will wait for jzeb thoughts on which suggestion they would prefer to take

    I note that Bobbye has successfully cured all Virused\Malware issues on individual users computers; on many threads.
     
  6. jzeb

    jzeb TS Rookie Topic Starter

    sorry for the slow reply, and for all the advise.
    thanks bobbye for your help, disabled tea timer and attached is the new hijack file. Tried to update java, couldn't find v7u10 but was confirmed that i am running java v6u10. All home pages are set to google.co.uk. the fisher price folder is still on the desktop and i've scanned the file with both anti virus with no threats detected, i can delete whole file if needed.I did a search for grafitti and a load of files were found do you want me to scan each file. thanks for everyones help.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have the about:blank malware. All of the following processes should be checked for removal. An additional cleaning process may need to be run.
    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    IF you are not actively using this Remote Assist, the Service should be Disabled. It can be Enabled at any time it is needed
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe (see additional info about in separate post)
    [/QUOTE]
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Start> Run> type in 'msconfig' without quotes> eenter> Selective Startup> Startup tab>> the following processes do NOT need to start at boot. They can be started Manually as needed. If this is agreeable to you, UNCHECK EACH of the following:
    .
    Apply> OK. (the only processes that NEED to start on boot are the antivirus, firewall, touchpad for laptop and network process if on network.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
    IF ou are not using the Support Soft: Start> Run> services,msc> right click on SupportSoft> Properties> Change Startup type to either MAnual or Disabled> Apply> OK.

    Reboot into Normal Mode. You will get a nag message that you can close after checking 'don't show this message again'. Stay in Selective Startup.

    Leave the game files for now. They were cleaned, but they were a source of infection so if you do future downloads, advise Save download to desktop> right click> scan wit AV before installing.

    Run HijackThis again and attach new log.
     
  8. jzeb

    jzeb TS Rookie Topic Starter

    thanks bobbye for the fix and apologizes for the slow reply. Did everything asked except for ;
    1. msconfig section could not find windows mediaplayer or rex watch tray
    2. add/remove programs there was no google eula launcha
    3. could not find or dont know how too find support start so no changes made.

    Attached is the new hijack file, once again thanks for the help.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Start> Run> services.msc> SupportSoft or SSRC.

    I did further checking on the "RoxTray" (note corrected spelling).Roxio Media Manager (Easy Media Creator V9) : When it runs the first time, it leaves the RoxWatchTray. It is suppose to be a high resource user, so you would do better without it running in the background.

    Using msconfig, uncheck any Roxio entries. If you can determine enough through the 'Command" column, widen it. Hold the left mouse button down on the cross hair next to 'Location' in this image. Move the mouse to the right to expand the column:
    http://img116.imageshack.us/img116/5327/msconfigyd9.jpg

    If the pop-up problem has been solved and the system is running well,we can remove the cleaning tools:
    * Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
    * Click the CleanUp! button.
    * It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    Clear your existing System Restore points and establish a new clean restore point:
    Let us know if you need any more help.
     
  10. jzeb

    jzeb TS Rookie Topic Starter

    thanks bobbye, i haven't done the last lot of instructions yet, i'll start that tomorrow.
    As is stands now i still have the malware on start up. So if the last post is still to do with the clean up then please ignore this and i will let you know how i get on. If not are there any other instructions or logs that are needed, as i only get the opportunity once a week to visit my sister, and the infected pc. Thanks for your time.
     
  11. jzeb

    jzeb TS Rookie Topic Starter

    Just completed all the instructions you asked for in previous posts, and malware is still there on startup. attached is the new hijack file just incase you need it. doubled checked everything from the start just to make sure. thanks
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Before I go through the log, please advise system status.
    You refer to "pop-up" hell but at no time can I find where you described what those pop-ups were.
    You state
    But don't tell us what it is.

    You began this thread 2 weeks ago. It appeared that the malware had been handled and instructions were given to remove the cleaning tools and old restore points.

    We need to know what we're looking at and I don't know what you're seeing and what you're considering malware.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...