Unwanted windows opening

By k1234
Mar 24, 2009
Topic Status:
Not open for further replies.
  1. This started from last week. When i opened any browser (usually i am using Mozilla) it started opening unwanted IE windows. Then i lookup to task manager , i found some "nidle.exe" and Twain.exe" is running. i Google it and found its virus/malware/ spyware. Not sure.

    Please find attached log files. I followed your 8 steps. Please let me know what to do?

    Thanks:
  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Wow you were and are still loaded!

    Go here and download to Desktop: http://www.adrive.com/public/97c4357781f45c7e443061094b8cfaff3836f57446eb242ab2ee0b6cd68a0107.html

    Double click it to run it.

    Then click OK to self extract.

    Once extracted dbl click to enter Fixer folder.

    To run it 1st double click Daft, then click scan and check any found items and click fix and then exit.

    Then just dbl click Fixit.cmd to run it.

    But boot to Safe mode and run it! When finished reboot.

    After the above is complete run both MBAM and SAS Quick scans again as they will likely find more. Post the logs.

    Mike

    EDIT: It is normal to see File or registry entry not found or service not started as this is a cover all. These only mean you do not have these items.
  3. k1234

    k1234 Newcomer, in training Topic Starter

    I've started running Fixer.cmd at safe mode. but it still working i don't know what's going on? Do i need to terminate the job or need to wait for some action?
  4. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ok no don't exit yet! It is hard to say depending on Speed of CPU and HD and how many files.

    It pretty much has continuous screen activity so if it is moving it is OK. If it is not moving do a ctrl c and if it asks to abort the batch answer (n)o. it should continue on.

    Post me the gist of the last line on the screen before you abort!

    If it still does not respond then close it and continue with next step.

    Mike
  5. k1234

    k1234 Newcomer, in training Topic Starter

    I did all but still found virus :(

    Please look at attached 3 files. 1st is Fixer.Cmd and another 2 are MBOM and SAS.
  6. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Looking good!

    What did you have to do on the Fixit when it was paused? Was it actually still running and proceeded on it own?

    The Fixer output is normal only means these services are not started.

    SAS is clean except for some harmless tracking cookies.

    MBAM Quick scan, need to be run again to show us a clean log!

    Then do the below.

    Download ComboFix

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.
    =========================================

    Download SDFix to Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.

    And a new HJT log.

    Mike
  7. k1234

    k1234 Newcomer, in training Topic Starter

    Hi,

    I followed your steps and saved log files. but i saw some weired thing like when i started SDFix my McAfee found two virus alert named SDFix and it terminate installation.

    So i am unable to install SDfix. But i do have MBAM clean log file.

    Please look at this files.
  8. mflynn

    mflynn Newcomer, in training Posts: 2,793

    You are likely clean but have some remaining files so to be sure do the DrWeb below.

    Run HJT Scan only and fix the below line.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    Go here Download DrWeb http://www.techspot.com/vb/post724044-3.html

    Then....

    Boot to Safe Mode only! Not with Networking and run...

    DrWeb will fisrt do an Express Scan on its own when it completes then you should do a full scan.

    The first Virus it finds select Cure and it will use this as the default automatically for all the rest. What it can't fix will be Quarantined!

    This will take a while based on CPU and HD speed and size, but is worth it!

    Mike
  9. k1234

    k1234 Newcomer, in training Topic Starter

    do u mean i don't need to run SD Fix? i need to run DR web?
  10. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Yes skip sdfix for now. But when you do try it again turn off Mcafee as it is mistakenly targeting SDFix. False Positive.

    Make sure you do the Fixit then the drweb both in Safe Mode.

    mike
  11. k1234

    k1234 Newcomer, in training Topic Starter

    i m trying to download drweb but every time it showing like page cannot be display.

    I tried from drweb website but still same issue. Can u please suggest me something else?
     
  12. k1234

    k1234 Newcomer, in training Topic Starter

    one more suggestion .. actually i m fan of online radio and while working i used to play. the site which i m using was working fine before me. but from the last week i got this problem and i stop using that. can u please suggest me if i can go with that site or not? here is the link : http://thehindimusic.com/music/city-101-fm-64/

    Your reply would be really appreciated.

    Thanks for support.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.