Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I.e. Pop-ups


  • This topic is locked This topic is locked
8 replies to this topic

#1 Julianna W

Julianna W

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:25 PM

Posted 27 February 2008 - 03:40 PM

Very recently I have been having problems with Internet Explorer and getting a lot of pop-ups. I have tried running Spybot, but even though it claims to get rid of any of the problems, the pop-ups are only getting worse (so clearly the problems are). So I tried using Firefox only, but I still get I.E. pop-ups, just not as frequent. I was wondering what I should do next. I've read about posting a Hijack file, but didn't know if there was anything else I could/should do to try and help my computer first? Such as installing additional spyware, firewalls, etc... Sorry, I just don't know very much about this.

I am pretty sure my computer is infected with Adware, Trojan(?), and Rootkit.

Please, I really could use someone's help. My computer is getting much worse very quickly.
Now, when I open I.E. I got 58 pop-ups in a row. That is NOT an exaggeration.

Some of the pop-ups are:
deuscleaneronline.com
conferencingonweb.com
esmarttax.com
firstpremierbankgold.com
fubar.com
lynxtrack.com
setthetrend.com
wallst.net

Thanks in advance.

Edited by Julianna W, 27 February 2008 - 05:10 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:25 PM

Posted 27 February 2008 - 05:13 PM

Please do this and post back the log. Is this an XP machine?

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode:For 2000/XP
Safe Mode Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or the Opera browser click on that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt
.

Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post logs and Let us know how your PC in running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:25 PM

Posted 27 February 2008 - 11:49 PM

Yes, my computer is a Windows XP. I'm sorry, I forgot to add that to my post.

Thank you very much for the information! And thank you for explaining it to me so easily!

I had problems after running SuperAntiSpyware and restarting my computer. When I turned on my computer to restart it gave me several options as to how I could run my computer:
safe mode
safe mode with networking
last previous configurations (I worded that badly, sorry)
run Windows normally

When I tried to run Windows normally it continuously kept restarting, so I decided to run it with safe mode and networking. I hope this is ok for now?


Here is my log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2008 at 11:13 PM

Application Version : 4.0.1152

Core Rules Database Version : 3410
Trace Rules Database Version: 1402

Scan type : Complete Scan
Total Scan Time : 04:59:45

Memory items scanned : 177
Memory threats detected : 1
Registry items scanned : 5462
Registry threats detected : 16
File items scanned : 109457
File threats detected : 15

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\PMKJG.DLL
C:\WINDOWS\SYSTEM32\PMKJG.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ILTDCIWY.DLL
C:\WINDOWS\IA\COMMAND.EXE

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{2554C010-792B-4137-8EA4-BF21A94C5DB1}
HKCR\CLSID\{2554C010-792B-4137-8EA4-BF21A94C5DB1}
HKCR\CLSID\{2554C010-792B-4137-8EA4-BF21A94C5DB1}\InprocServer32
HKCR\CLSID\{2554C010-792B-4137-8EA4-BF21A94C5DB1}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2554C010-792B-4137-8EA4-BF21A94C5DB1}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DZRJWUGX.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Adware.MyWay
C:\Program Files\MyWay

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

Trojan.Downloader-SpoolLdr/Trace
C:\DOCUMENTS AND SETTINGS\HP_OWNER\SPOOLDR.INI
D:\SPOOLDR.INI

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\RWIQ\RWIQD\CLASS-BARREL

Adware.Adservs
C:\WINDOWS\IA\ASAPPSRV.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\GJKMP.INI
C:\WINDOWS\SYSTEM32\GJKMP.INI2
C:\WINDOWS\SYSTEM32\MCRH.TMP

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\LVFSKYHD.DLL
C:\WINDOWS\SYSTEM32\XECAILWI.DLL



I may not understand it, but I understand there are A LOT of bad words in there.

#4 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:25 PM

Posted 28 February 2008 - 08:57 AM

Firefox now keeps shutting down every few minutes, even though I am in safe mode.

I keep getting error messages.
The first message first appeared yesterday.
The second and third messages first appeared today.

First error message:
Your system could become unstable
A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer. **** WXYZ. SYS - Address F73120AE base at C00000, DateStamp 36b07 2a3 Kernel Debugger Using: Com2 Cport 0X28F, Baud rate 192000)

Second error message:
SysFader: IEXPLORE.EXE Potential Application Error
The instruction at "0x01d62739" refernced memory at "0x02354e50". The memory could not be "read. Click ok to terminate.

That's exactly what it said, even with the missed quote around read.

Third error message:
A Critical error could occur
*** STOP: 0X000007B (OXF2184, 0X00000, 0XCC0034) ***
Inacessible handler or device
Click this balloon to fix the problem.


My computer is definitely getting worse.

Edited by Julianna W, 28 February 2008 - 09:42 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:25 PM

Posted 28 February 2008 - 05:17 PM

Have you installed any new hardware or software recently?
Does the machine have Service Pack 2 installed or recently installed?
This could all be malware related also.
You can try to run these scans and see if you get some stability or go right to posting a HijackThis log and have them go all thru your PC.
Sorry to be a little short in my explanations but my ISP is having trouble and I may go off again...
Download and scan..Dr.Web CureIt!

Online Scanners
ESET Online Scanner
Panda ActiveScan?..will remove trojans free

Preparation Guide for use before posting a HijackThis Log
post that log here..
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
NOT in this forum
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:25 PM

Posted 28 February 2008 - 06:19 PM

The only thing I have added to my computer in at least the last month is Comodo.
Although I have downloaded several music files and at least one movie file. If I had to guess, I would think that's where the problem started.

I'm not sure about Service Pack 2. How do I find out if I have it on my computer?

I'm still concerned that after I scanned with SuperAntiSpyware I could not restart my computer normally. And I still cannot. Why is this happening and if there is any way to fix this? It takes my computer a lot longer to scan for problems when it's in safe mode, so it's very frustrating.

Thanks for the next steps.

Edited by Julianna W, 28 February 2008 - 08:04 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:25 PM

Posted 28 February 2008 - 09:22 PM

Ok, well scans from safe mode are better as the badware will not be active,hence easier to remove. That is probably where it all came from,but lets not fret that now. You have a seriously infected PC as you know and several more scans will be needed. Please try at least the online scan from normal mode.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Julianna W

Julianna W
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:25 PM

Posted 28 February 2008 - 10:02 PM

I CANNOT run my computer in normal mode. Even since scanning my computer with SAS, my computer has only been in safe mode, despite me trying several times to restart and run it normally. I understand that it's actually better right now to be in safe mode, but it's the fact that it can't start normally that's bothering me, as if there's another new virus that's causing the problem. That's why I kept mentioning it, because I didn't know if that meant something was very wrong.

I ran Dr Web Cure It, ESET Online Scanner, and Panda Active Scanner. The scanners keep detecting viruses that can't be deleted...

I have just posted my Hijack file in the other forum.
Should I not run VundoFix incase it changes my Hijack log?

I'm sorry if my question(s) are stupid to you. I am just completely ignorant here.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:25 PM

Posted 28 February 2008 - 10:32 PM

Your questions are certainly not stupid to me at all. I was only trying to see if we can get some out of the way for a little more functionality. I was hoping to get a scan log to see what all is on this PC.
No Do Not run anything else till the HJT Team tell you what to do. I'm going to post the common response that goes here now and close this thread. If you need anything in the meantime feel free to PM me about it.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.

Edited by boopme, 28 February 2008 - 10:36 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users