Some horrible nasty virus/trojans/malware etc.

Status
Not open for further replies.
I Believe I got it. well part of it. on another site i saw that someone found these files that do not belong

"qttask.exe
hpmon.exe
qttaskm.exe
hpmom.exe
Run a search on your computers for these 4 files and delete them. After I did this I no longer received the pop-ups."

when i searched all of mine were in the same folder, it was called Web Media Viewer so i deleted them, I turned my internet off and ran teh computer in safe mode and then deleted them because it wouldnt delete them any other way. After I did this i stopped recieving pop ups. I'm going to do another scan with SAS and see what it says.

My only problem is i keep getting page load errors for mozilla firefox now. any ideas? It was loading fine on Saturday up until i started getting the random flashing yellow triangle and exclimation mark but still istn working. any ideas? I've even tried updating it. maybe the scan with sas will show something.
 
ok did option 2 with selective start up.. i got the system config thing when i restarted basically saying i had turned it off.
This was covered but I don't think you understood it: When you choose Selective Startup and make changes on the Startup menu, Windows considers this as a diagnostic procedure only. So you get a nag message to this effect when you reboot. Ignore the nag message> close the nag message after checking 'don't show this message again'. STAY in Selective Startup. IF you go back into Normal Mode, none of the changes you made will be kept and the Startup will revert right back to the way it was.

I always warn people about this message, because it will always come up if changes are made. Staying in Selective Startup is OKAY- I've had my systems in it since the first day!

IS this what you were referring to?
 
ok so its fine to just keep doing the little x on it and stuff..
but will my antivirus andd stuff run on its own still, i'm thinking i'll have to go in and manually turn it on when i wnat it on right?
 
Sorry for making a call on this - Follow Bobbye.

Good find.

In the near term, MBAM scan quick mode saves time. Complete scan goes down to the file/folder level.

Update MBAM & SAS (this may still be a sticky point)

Post the 3 logs. Describe your progress & restate symptoms, as scans may change things
.
 
i ran both SAS and MBAM and they all came up clean! no problems at all.. yay!!

do you still need to see the logs? i can attach them if needs be.

the trick for me was deleting those file it was in the web media viewer folder inside the program files folder on the C drive. I think its when We tried to watch an episode of The Office online from a site that wasnt the networks website.
 
on another site i saw that someone found these files that do not belong
See this site re: Virus Trigger:
http://www.bleepingcomputer.com/malware-removal/remove-virustrigger

Associated VirusTrigger Files:
c:\Program Files\WebMediaViewer\hpmom.exe
c:\Program Files\WebMediaViewer\hpmon.exe
c:\Program Files\WebMediaViewer\qttask.exe
c:\Program Files\WebMediaViewer\qttaskm.exe

You will understand then that simply deleting a file is not sufficient. Also this wad removed in Malwarebytes. See the Mbam log in Post 1.
 
ok so what if in the add or remove programs there is no virus trigger 2.1? There hasn't ever been one and I never got the pop up screen that started scanning like the one they showed.


when I run the MBAM it said there were no objects found. same with the SAS so does that mean they are gone or no? I can post the logs..
 
also all of those ones were still in the folder when i deleted them. so maybe its still infected.. but i'm getting no pop ups or anyting of the sort. and the computer is back to running up to speed.
 
Let's try and pull this back together. You need to focus so we can determine what is happening now.Please give me you current system status:

1. Pop-ups: are you getting any? For what? Do you us a pop-up stopper?
"but i'm getting no pop ups or anyting of the sort. and the computer is back to running up to speed."
So the pop-up problem has been resolved?
2. You were told in Post #6 to have Hijack remove the WebMediaViewer. Did you do it?
3. "getting a pop up down on the icon tray with an exlimation mark in a yellow triangle..." Technically this icon indicates an error somewhere.
4. "the little bubble that pops up saying security alert spyware found....."it wants me to download ulitmate antivirus 2008 too". Are you still seeing this- separate from the yellow triangle?
5. "said somethign like IE internet securities and then something esle under it cant remember now its gone." The only way we can help with this is if you give us the error message,

Please address these questions specifically. Then we can determine what-if anything-still needs to be resolved. Please don't download or install anything new until we get this worked out, including any new security programs or cleaners.
 
Sorry for being such a pain.. Thanks for being so patient with me. I put my answers in bold so its easier to see them.

1. Pop-ups: are you getting any? For what? Do you us a pop-up stopper?
No I'm not getting any pop ups. the ones I WAS getting were going through the pop up blocker. But now i'm getting NO pop ups.
So the pop-up problem has been resolved? Yes
2. You were told in Post #6 to have Hijack remove the WebMediaViewer. Did you do it?
Yes
3. "getting a pop up down on the icon tray with an exlimation mark in a yellow triangle..." It was a flashing yellow triangle its gone now, when I looked in the WebMediaViewer Folder, it was the icon for that.
4. "the little bubble that pops up saying security alert spyware found....."it wants me to download ulitmate antivirus 2008 too". Are you still seeing this- separate from the yellow triangle? No, it was with the yellow flashing triangle, but its not happening any more
5. "said somethign like IE internet securities and then something esle under it cant remember now its gone." The only way we can help with this is if you give us the error message, This is now gone too. They were icons they put on my desktop, they were in the webmediaviewer folder too.
 
one thing I have noticed is when I use the search box next to the web address bar on both firefox and IE it takes me to my results but its not google it looks just like google but very basic, I can take a screen shot if you'd like. If i click it a second time it takes me to google.
But it doesn't do it every time. Like just now i did it and it took me to that one, and now its taking me to google no matter what i put in for the search.
 
It sounds like the problems you started this thread with have been resolved. The purpose of this thread was to clean up the malware. That has been done.

Time to remove the cleaning tools:
* Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
* Click the CleanUp! button.
* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
Clear your existing System Restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
Next, go to Start > Run and type in cleanmgr> Select the More options tab> Choose the option to clean up System Restore and OK it.
This will remove all restore points except the new one you just created.
If you are experiencing a different problem, non-malware related, please post a separate thread describing the problem in either the 'Windows OS' or "Software & Utilities' forums.
 
wait...

I wanna see something to be sure before they clean up the tools
====================================

75415740545070046c3ec0.gif
Run Smitfraudfix
  • Download Smitfraudfix by S!ri from HERE
  • Double-click SmitfraudFix.exe
  • Select 1 and hit Enter
  • The report can be found at the root of the system drive, usually at C:\rapport.txt

=====================================

f_Logo1m_7c1b64d.png
Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply

Attach Here:
1) rapport.txt
2) kaspersky log
 
I think something isnt right when I go to run SmitFraud once it loads i get a RED screen and it says.

IEDF.exe file Missing!


then it says press any key to continue and when i do it closes the box and i wait and wait and nothing happens. I've tried it 3 or 4 times now.
 
Have you disabled any real time protection already. I was thinking it was already disabled - but maybe that didn't happen as I didn't read the whole thread - any real time monitoring can usually be disabled by right clicking it in the system tray and checking or unchecking to disable it.

Do this then try again - if that doesn't work

==============================================

Download FixIEDef by ShadowPuterDude to the Desktop.

Disable real-time protection that can interfer with FixIEDef:

Disable Windows Defender until the computer is clean
  • Open Windows Defender
  • Select Tools and then General Settings
  • Under Real Time Protection Options uncheck Turn on real-time protection
  • Select Save
Don't forget to re-enable it, when your computer is clean.

Disable SUPERAntiSpyware until the computer is clean
  • Right-click on the shortcut from the system tray
  • Choose View Control Center (preferences/options)
  • On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
  • Click Close to exit.
Don't forget to re-enable it, when your computer is clean.

Disable Teatimer
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

Run FixIEDef:

Double-click FixIEDef
fixiedef_zip.png


Click 'Accept'
FixIEDef_EULA.png


Click 'Scan'
press_scan.png


Wait for the scan to finish. It won't take very long.
fixiedef_scanning.png


WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during scanning. The icons and Start Menu on your Desktop will not be visible while FixIEDef is scanning. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

Click 'Exit' once FixIEDef displays the All Finished message.
all_finished.png


Post the Results of the scan:

Post the FixIEDef log file, located on the Desktop.
FixIEDef_Log.png
 
ok thats not working now its syaing my Java is messed up and i went to check and it said it was ok. but figured i'd reinstall just incase and did it 2 times and is still doing that..
i do have crossloop if you want to use that. not sure if any of you have it or not. but a friend had me download it to fix a problem a week or so ago to try and fix a problem with a video of one of our kids not lettting us move it.
 
Ok, something is not right here, I just glanced back over the thread quickly and never saw a log to look a little deeper into your registry. So lets do that now


avatar62338_1.gif
Combofix
  • Download Combofix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
 
Status
Not open for further replies.
Back