Adware/Virus help.. - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 25 (permalink) Old 01-28-2010, 04:32 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
Adware/Virus help..

Ok this is driving me crazy....I noticed 2-3 days ago my fan operating more frequently for longer periods of times. AVG/Avast does not pick anything up. What happens is a sound clip/commercial can be heard without any visible windows being open. When I checked the processes I noticed " IEXPLORE.EXE" using up more than normal memory usage. When I end the process, the sounds stops. After a while the same shit over and over. Another issue I am having is whenever I do a search via Firefox, it automatically redirects me to some BS website. I have uninstalled and reinstalled Firefox and the problem is still there. If it helps any, this does not happen with IE.

Any suggestions?

EDIT: I have downloaded malwarebytes, however when I go to run the install it never pops up???

Last edited by gtownGT; 01-28-2010 at 05:01 PM.
gtownGT is offline  
Sponsored Links
Advertisement
 
post #2 of 25 (permalink) Old 01-28-2010, 04:44 PM
Lifer
 
slow06's Avatar
 
Join Date: Jul 2006
Location: Arlington
Posts: 2,075
Quote:
Originally Posted by gtownGT View Post
Ok this is driving me crazy....I noticed 2-3 days ago my fan operating more frequently for longer periods of times. AVG/Avast does not pick anything up. What happens is a sound clip/commercial can be heard without any visible windows being open. When I checked the processes I noticed " IEXPLORE.EXE" using up more than normal memory usage. When I end the process, the sounds stops. After a while the same shit over and over. Another issues I am having is whenever I do a search via Firefox, it automatically redirects me to some BS website. I have uninstalled and reinstalled Firefox and the problem is still there. If it helps any, this does not happen with IE.

Any suggestions?

EDIT: I have downloaded malwarebytes, however when I go to run the install it never pops up???
Download malwarebytes anti-malware, update it and run it. Restart when it asks you, if you are still having problems boot up in safe mood and repeat.

(Not a computer expert but I just has a similar redirect symptom)




Edit: Damn!

Check out this link and start at number 2
http://www.bleepingcomputer.com/viru...-security-tool

It may not be your specific virus but the rkill file should allow mbam to install correctly, the virus may be blocking the install. You may have to delete what you already downloaded.

"A government big enough to give you everything you want, is strong enough to take everything you have."
-Gerald Ford/Thomas Jefferson

"A Republic, if you can keep it"
- Benjamin Franklin

The way to peaceably remove elected officials who deviate from the constitution of the United States of America...
www.blowoutcongress.com
slow06 is offline  
post #3 of 25 (permalink) Old 01-28-2010, 04:48 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
Link no bueno
gtownGT is offline  
 
post #4 of 25 (permalink) Old 01-28-2010, 04:52 PM
He's no good to me dead.
 
Bobba Fett's Avatar
 
Join Date: Jul 2007
Location: Fett's vette
Posts: 716
Sounds like you got a rootkit. Did you try scanning with AVG anti-rootkit?

Might also run Combofix and/or Sophos.
Bobba Fett is offline  
post #5 of 25 (permalink) Old 01-28-2010, 04:57 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
Quote:
Originally Posted by Bobba Fett View Post
Sounds like you got a rootkit. Did you try scanning with AVG anti-rootkit?

Might also run Combofix and/or Sophos.
I have AVG 9.0 (Free edition) and I don't see it as a option. I was checking other threads about Combofix and there were a couple of warnings about using the programs if It was the users first time.

Researching Sophos right now...
gtownGT is offline  
post #6 of 25 (permalink) Old 01-28-2010, 05:00 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
So yea quick update, this issue is now affecting IE as well. Ugghhh
gtownGT is offline  
post #7 of 25 (permalink) Old 01-28-2010, 05:02 PM
Lifer
 
slow06's Avatar
 
Join Date: Jul 2006
Location: Arlington
Posts: 2,075
Quote:
Originally Posted by gtownGT View Post
Link no bueno
Wierd, works for me.

Here is another link to download rkill
http://www.brighthub.com/computing/s...les/59807.aspx

Here is the important part of the first link

Quote:
# Before we can do anything we must first end the processes that belong to Security Tool so that it does not interfere with the cleaning procedure. To do this, download the following file to your desktop.

rkill.com Download Link

# Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

# Now you should download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes' Anti-Malware Download Link


# Once downloaded, close all programs and Windows on your computer, including this one.

# Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.

# When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing and is at the last screen, make sure you uncheck both of the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware check boxes. Then click on the Finish button. If Malwarebytes' prompts you to reboot, please do not do so.

If you receive a code 2 error while installing Malwarebytes's, please press the OK button to close these errors as we will resolve them in future steps. The code 2 error will look similar to the image below.


Malwarebytes Anti-Malware Screen

# As this infection deletes a core executable of Malwarebytes' we will need to download a new copy of it and put it in the C:\program files\Malwarebytes' Anti-Malware\ folder. To download the file please click on the following link:

Malwarebytes' EXE Download

When your browser prompts you where to save it to, please save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. When downloading the file, it will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.

"A government big enough to give you everything you want, is strong enough to take everything you have."
-Gerald Ford/Thomas Jefferson

"A Republic, if you can keep it"
- Benjamin Franklin

The way to peaceably remove elected officials who deviate from the constitution of the United States of America...
www.blowoutcongress.com
slow06 is offline  
post #8 of 25 (permalink) Old 01-28-2010, 05:24 PM
He's no good to me dead.
 
Bobba Fett's Avatar
 
Join Date: Jul 2007
Location: Fett's vette
Posts: 716
Quote:
Originally Posted by gtownGT View Post
I have AVG 9.0 (Free edition) and I don't see it as a option. I was checking other threads about Combofix and there were a couple of warnings about using the programs if It was the users first time.

Researching Sophos right now...
I apologize, I didn't realize that you had to have the paid version for the Rootkit scan for AVG.

As for ComboFix, I've had good luck using the program. I'm not an expert at removing rootkits. For me, either a combo of ComboFix/Malwarebytes/Sophos gets the job done or I pull out portable HDD to backup data and the WinXPSP3 CD to start with a fresh install.

Good luck with the removal.
Bobba Fett is offline  
post #9 of 25 (permalink) Old 01-28-2010, 05:37 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
I'm trying to download Combo fix but when I click the dl link it keeps coming up "The page cannot be displayed". Is the link below correct? Does it come up for anyone else?

http://www.combofix.org/downloadlink.php
gtownGT is offline  
post #10 of 25 (permalink) Old 01-28-2010, 08:23 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
bump for the night crowd.....TX Redneck?
gtownGT is offline  
post #11 of 25 (permalink) Old 01-28-2010, 08:32 PM
None
 
Jedi's Avatar
 
Join Date: Jul 2000
Location: Anti-Newbie
Posts: 12,675
DO NOT DOWNLOAD COMBOFIX FROM ANYWHERE OTHER THAN BLEEPINGCOMPUTER.COM

Go here:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Jedi is offline  
post #12 of 25 (permalink) Old 01-28-2010, 08:44 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
Quote:
Originally Posted by Jedi View Post
DO NOT DOWNLOAD COMBOFIX FROM ANYWHERE OTHER THAN BLEEPINGCOMPUTER.COM

Go here:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Photobucket
gtownGT is offline  
post #13 of 25 (permalink) Old 01-28-2010, 08:54 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
First, flush the DNS cache ...this is for XP
Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe

type ipconfig /flushdns press 'enter' ***note that there is a space between 'g' and '/'

Next,
Download the HostsXpert 4.3 - Hosts File Manager. Use your computer and copy this .zip folder to a CD

On the infected machine, make a new folder by right clicking on C:\ and selecting "New"
  • Unzip HostsXpert 4.3 - Hosts File Manager to the new folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #14 of 25 (permalink) Old 01-28-2010, 09:01 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe
Now try to run MBAM (malwarebytes) again, might be needed to uninstall and try downloading again with saving it renamed first.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #15 of 25 (permalink) Old 01-28-2010, 09:05 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
If none of those work, try this and then retry MBAM.

Please download exe_fix and save it to your desktop

Double click on exe_fix.com to run it.

Type the number 1 at the prompt and allow the tool to run.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #16 of 25 (permalink) Old 01-28-2010, 09:06 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
Download the HostsXpert 4.3 - Hosts File Manager. Use your computer and copy this .zip folder to a CD

I need to burn the folder to a CD-R correct?
gtownGT is offline  
post #17 of 25 (permalink) Old 01-28-2010, 09:08 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
That will be fine. I'll check back in the AM, I need to get to bed. If need be, we can try a remote out tomorrow.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #18 of 25 (permalink) Old 01-28-2010, 09:14 PM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
Quote:
Originally Posted by Tx Redneck View Post
That will be fine. I'll check back in the AM, I need to get to bed. If need be, we can try a remote out tomorrow.
Ok thanks
gtownGT is offline  
post #19 of 25 (permalink) Old 01-29-2010, 05:10 AM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Well how'd it go? Any luck?





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #20 of 25 (permalink) Old 01-29-2010, 05:41 AM
Time Served
 
Join Date: Jun 2009
Posts: 144
The reason those links aren't working is the virus is probably telling your DNS to block the sites from opening and downloading and what not.

The installs will be blocked as well, most likely.

Always boot to safe mode with networking when you have a virus.
Kadumel is offline  
post #21 of 25 (permalink) Old 01-29-2010, 06:39 AM Thread Starter
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
Quote:
Originally Posted by Tx Redneck View Post
Well how'd it go? Any luck?
The websites kept coming up blocked, even when in safe mode.
gtownGT is offline  
post #22 of 25 (permalink) Old 01-29-2010, 12:52 PM
Lifer
 
slow06's Avatar
 
Join Date: Jul 2006
Location: Arlington
Posts: 2,075
Quote:
Originally Posted by gtownGT View Post
The websites kept coming up blocked, even when in safe mode.
One thing you can do is download rkill with a different computer and then save it to a flash drive and take it to the infected computer. That is what I ended up having to do.

I believe the same can be done with mbam-setup.exe. to make sure you get the entir download.

Then you can run rkill a couple of times (sounds odd but it really can help to do it more than once as the creator suggested) and install mbam.

"A government big enough to give you everything you want, is strong enough to take everything you have."
-Gerald Ford/Thomas Jefferson

"A Republic, if you can keep it"
- Benjamin Franklin

The way to peaceably remove elected officials who deviate from the constitution of the United States of America...
www.blowoutcongress.com
slow06 is offline  
post #23 of 25 (permalink) Old 01-29-2010, 06:37 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Check your PM's





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #24 of 25 (permalink) Old 01-30-2010, 08:32 AM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Memo, does this sound familiar?

http://www.prevx.com/blog/139/Tdss-r...s-the-net.html

You might run this and see if it picks up what we didn't take outta the registry and anything else we didn't catch.

http://info.prevx.com/downloadcsi.asp





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #25 of 25 (permalink) Old 01-30-2010, 10:34 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Have you done anything else w/ it?





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome