Malware/Spyware - Can't remove and can't run removal programs

Status
Not open for further replies.

Combat Yeoman

Posts: 11   +0
I've got what I believe to be malware.spyware on my computer and can't seem to figure out how to get rid of it. It's taken over my desktop turned it black and has a message Warning Dangerous Spyware. I also have a pop-up stating Warning! Security report in the lower right hand corner.

I've run McAfee virus scan (nothing found) and done a quick windows update (no luck).

I have Malwarebytes' ANti-Malware and I was able to run it initially and it found nothing however I saw it hadn't been updated since Sep 08 so I then attempted to download the updated version. I am unable to successfully install or run it now. I get numerous application error window pop-ups that states "exception EInvalidop in module MBAM-Setu-.tmp ... and a pop up stating INvalid Floating point operation. Basically, I'm unable to execute the 8 recommended steps to prevent malware/spyware. Heck when I try to get into "my computer" to get to my files to try and change the name of malware it get an IE webpage system warning.

Also while at techspot I received this warning while poking around "ERROR! Connection was RESET by remote server.
This can be a reason for system faults, errors or critical data corruption. To prevent your critical data loss please do the full system scaning!"


Now I'm also getting a window stating MSKDetct.exe has encounted a problem and needs to close. prompting me to either debug or close.

I've alos tried to download and install super-anti spyware and spybot. I can download them but not run them (invalid floating point operation).

I'm not sure what to attempt to do from here. Any advice is greatly appreciated.
 
That popup is from Mcafee. you definately are infected and the infection is making your programs misbehave since they are tying up resources/files that your legitimate programs need access to to run properly. I am not a fan McAfee. there are several other free AV programs out there that I would use instead of that.
 
download SMITFRAUDFIX

When you save it to your deskyop rename it to SMITFRAUDFIX.TXT reason for this is McAfee intrusion prevention will want to delete it
once on your desktop rename it back to SMITFRAUDFIX.EXE

OK since you are hindered BOOT in the safe mode but without a network connection.
run it and select 2

Right Click on MyComputer icon and go to properties
Turn Off system restore
open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
do a disk cleanup in your Start/accessories/system tools/ Menu

After the reboot
download malwarebytes www.malwarebytes.org and install
run hijackthis and malwarebytes at the same time
select any files and or keys in the attachment I posted in hijackthis but on both maiwarebytes and hijackthis click fix at the same time.
then reboot immediatly.
if you forget to turn off system restore it will return no matter

reboot once complete, run hijack this and post your log here again
 
That popup is from Mcafee. you definately are infected and the infection is making your programs misbehave since they are tying up resources/files that your legitimate programs need access to to run properly. I am not a fan McAfee. there are several other free AV programs out there that I would use instead of that.

Sadly we bought and paid for McAfee so we will let our subscription run out. But yes, I've had a couple of free AV programs recommended and will definitely be going that route. Thanks.
 
I was able to do all the steps to the reboot. Once I rebooted my desktop continued to have the "warning" background and I immediately got a window pop-up stating "invalid Floating Point Operation". When I tried to download malewarebytes and then select run I get the "invalid floating point operation" pop-up and it prevents me from continuing with the install.
I verified that system restore is turned off. I'm not sure what the next option is?
attached is my current hijack this log:
 
Don't past it your post go to advanced and Attach it
this does not seem to be a trojan issue but a software issue at this point.
Go to ADD REMOVE Programs in the control panel and emove things you do n't use or need.

Then run HijackThis and CHECK ALL matching key's before clicking fix
to try and clean up this system
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?
O10 - Unknown file in Winsock LSP: c:\docume~1\mom\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\mom\locals~1\temp\ntdll64.dll
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
 
I've removed some unused programs and re-ran the hijackthis (file attached). Still no luck.

Couple of other things that are happening. When I open, or rather try and open programs like malware bytes or ad-adware to run them I webpage opens for real-antivirus. When I click on my computer the same wepage opens and it re-happens each time I open a folder in my computer so I end up with multiple wepages open to a real-antivirus add.

I also cannot manipulate my desktop theme. It's locked to the warning message. and the my documents file continually is forced open when I do various things.

I'm really at a loss here...
 
Here and looking at it

I really appreciate it.

I just verified it's affecting all 4 users on the computer. So it's not isolated to me.

Thanks and let me know if there is any additional info I can provide that will help.

Here's a screen shot from earlier in the day showing the variety of messages I'm getting
 
run Hijack this and check these keys


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O10 - Unknown file in Winsock LSP: c:\docume~1\mom\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\mom\locals~1\temp\ntdll64.dll

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
 
run Hijack this and check these keys


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O10 - Unknown file in Winsock LSP: c:\docume~1\mom\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\mom\locals~1\temp\ntdll64.dll

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

checked them ran the fix and rebooted.
File attached.
 
I was able to run malwarebytes and superantispyware in safe mode and that "seems" to have cleaned things up. Thanks for the help.
 
Status
Not open for further replies.
Back