Adware Removal

[papaken4]

Please help!!! I have multiple iexplorer windows opening up in my task manager but are hidden from sight. I also have random audio blurbs and advertising clip play through my speakers but without any visible application or window open. I have run through the 8 steps process and am attaching the required files. Someone please see if my system is all crapped up.

 

[Bobbye]

Multiple iexplore.exe entires in Task Manager are normal with IE8.

HijackThis doesn't scan well on a 64bit machine so it's hard to read the Services. The only comment I have is that there are a great number of Services running! That means that most likely they are all set to Automatic-which isn't necessary- and are all starting when you boot.

I'd like you to run the following to see if it will clear up some of the entries:

Please download ComboFix HERE:
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Combofix is a general tool that helps the helper cleaning up a Hijackthis log.
It is able to remove some common infections and helps a user detect files that general scanners cannot find.
It also lists registry keys such as the key keys, the desktop keys, and other areas where malware hide.
The tool has some rootkit detectors too, allowing a helper to see if a rootkit is present on the PC.

Please rescan with Hijackthis and inlude new log with Combofix report.

 

[papaken4]

I have downloaded a copy from every serve and each time I attempt to run it I get a message saying "Alert, not safe to continue!!! The contents of the ComboFix have been compromised. Please download a fresh copy from the server bleepingcomputer.com.

The message also says I may be infected with a file patching virus "Virut"

???

 

[Bobbye]

Answer from Combofix support:

QUOTE
I haven't heard of any recent issues with CF today, as such, that message means exactly what it is telling him--the machine may be infected with Virut. If so, a reformat would be the best course of action. He should not backup any .exe's, .scr, htm, or html files. Any backups he makes of .doc, jpg, etc, should be burned to a CD or DVD - not a flash drive or another hdd as those may become compromised in the process as well.

From Blind Dragon:

"Virut" is a family of polymorphic memory-resident appending file infectors that have Entry Point Obscuring (EPO) capabilities.

See this thread for more description:
http://www.tech-101.com/solutions-security/topic219.html?hilit=Virut

Please note emphasis on:

It's polymorphic, which means it spreads faster than any antivirus can contain it. 99.99% of the time the only solution is a reformat and reinstall. Virut is so aggressive it even infects already infected files with itself. It's a computer killer...