Help: Weird audio clips & pop-up ads everywhere

[denine]

Good afternoon,

I am new to the forum...I have two issues:

1.) My computer was invaded with spyware/malware/etc - I downloaded: Smitfraud Fix, HijackThis, and AVG Anti-Spyware 7.5. I turned off system restore, and ran all programs in safe mode, including Norton.

Norton found 9 instances of Trojan.ByteVerify, which it quarantined. AVG found a bunch of cookies, and Adware.AWS, Adware.DrAntiSpy, and Adware.BraveSentry, all of which I deleted.

Then a pop-up appeared that said windows had an issue with: FeedMerge.dll - which I did not know what to do with.

Anyway, my computer stayed clean until two days ago, and I had to redo everything this afternoon. I have pasted the logs below. Can anyone tell me how to get rid of this for good?

2.) I also have this weird audio virus(?) where random music clips, and infomercials start screaming from my speakers. I would love to get rid of this.

Thanks for any help offered. denine

 

[kritius]

Hi denine,

The first thing that you need to do is follow all the instructions HERE eactly as they are described and post back in this thread with the three requested logs,

• ComboFix
• HJT and
• AVG antispware

as attachments. (see how here)

Good luck and if you have any questions then just ask.

This thread is for the use of denine only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[denine]

Hi kritius,

I was unable to connect to the Panda Antirootkit scan. I kept receiving an error message? What should I do about this?

Also, Combofix bombed out my computer, so I used Deckards instead.

I did follow all of the other instructions, and posted the logs below.

thanks, denine

 

[kritius]

Go to Start > Run and copy/paste or type: taskmgr

• Under the Processes tab find the following tasks or processes:
  ViewpointService.exe
  ViewMgr.exe
• Highlight and click "End Process".
• Exit Task Manager.

Click on Start > Run and type: services.msc

• Press "OK".
• Click the "Extended tab".
• Scroll down the list and find the service called "Viewpoint Manager Service"
• When you find the service, double-click on it.
• In the Properties Window > General Tab that opens, click the "Stop" button.
• From the drop-down menu next to "Startup Type", click on "Disabled".
• Now click "Apply", then "OK" and close any open windows.

Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder

Run HJT select do a system scan only,
Have HJT fix the following files if there,
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)

--------------------------------------------------------------------------------------------------------

Update your Java Runtime Environment

• First try going to Start -> Control Panel -> double click Java
• Select the Update TAb at the top
• Click the Check for Updates button at the bottom
• If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
• After it installs the newest version Go back to Control Panel -> Add/remove programs
• Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.

• Click the following link
  Java Runtime Environment 6 Update 5
• The 4th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

Run HJT again and post back with a fresh log.

 

[denine]

HJT Log

Hi kritius,

I did everything above and posted the new HJT log.

As of yesterday, I was still getting an error message about:
C:\Windows\System32\FeedMerge.dll

I have not seen it since running the new fixes this morning, but since I do not know what this file is - I wanted to mention it to you. It kept saying that TrendMicro could not delete it?

I presume that all of these fixes should also fix the screaming from my speakers?

Thank you kindly,
denine

 

[kritius]

Could you go to the add/remove programs and let me know if there is anything to do with,
WinXDefender 2.1,
or anything similar to that?

Just let me know for now, dont want to do anything else until I find out about that.

 

[denine]

hey there,

I just went into add/remove programs and all I see is: Windows Defender, Version: 1.1.1593.0

Nothing about WinXDefender - anywhere else I could look?

 

[kritius]

Never mind, we;ll see what we find with this:-

You might want to print out these instructions as we will need to close every window that is open later in the fix.

Download this Malwarebytes' Anti-Malware and save to the desktop.

Once downloaded, close all programs and Windows on your computer, including this one.

Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.

MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box.

On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for WinXDefender related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so you can probably go and do something else and periodically check on the status of the scan.

When the scan is finished a message box will appear, click ok to show the results.

You should click on the OK button to close the message box and continue with the WinXDefender removal process.

You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

A screen displaying all the malware that the program found will be shown.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.

When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Save that log and post it back here.

 

[denine]

Malwarebytes

Hi kritius,

Sorry for the delay. I have posted the log you requested below.

Please let me know fi there is anything else I should do - also, there was a pop-up after running Malwarebytes that said some of the files could not be removed? I restarted, but I am not sure if it caught everything.

denine

 

[kritius]

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  o Extended (If available, otherwise use standard)
  o Scan Options:
  o Scan Archives
  o Scan Mail Bases
• Click OK
• Under select a target to scan, select My Computer
• The scan will take a while so be patient and let it run.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
  
  
  
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file
• In the Save as type prompt, select Text file (see below)
  
  
  
  
  
• Include the report in your next post.