Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reappearing Trojan W/ Popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 ezpkns34

ezpkns34

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 30 June 2008 - 05:43 PM

Never had a virus or spyware issue with this comp, but recently was told by my Spyware Terminator that I had a trojan. Used Spyware Terminator to get rid of it, but was noticing a good number of popups & my comp was moving a little slower than normal.

I then got AVG & it found what Spyware Terminator couldn't. I thought that would be the end of it, however, I continue to get popups from AVG saying that some .exe in my Temp files is infected & asks if I want to heal it (which I keep saying yes to). The files it lists are always random amalgamations of letters (ashtgus.exe or vmgogue.exe for example), but when I look in my Temp file, I see no such files. Is there any way that I can find out what's making these exe's appear in the file so that I can stop this issue?

I've also used Spybot S&D to get rid of some of the spyware so less popups (most of which would show an AVG warning on a blank popup as opposed to actually showing whatever site it was). I've looked through C:\Program Files but see no odd or unknown files or folders. Spyware Terminator & AVG are both reporting no viruses, and Spybot S&D & AVG are reporting a few tracking cookies, but nothing "too serious". The last popup I got was from perfsport.com, but can't say that I've remembered any of the other site names. I've also had a couple of instances where my Internet Explorer window will simply close for no apparent reason.

BC AdBot (Login to Remove)

 


m

#2 ezpkns34

ezpkns34
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 30 June 2008 - 06:31 PM

Posted Image

Example of the typical alert message AVG gives me

#3 ezpkns34

ezpkns34
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 30 June 2008 - 10:00 PM

Edited out HJT log. HJT topic posted here: http://www.bleepingcomputer.com/forums/t/155510/issues-with-recurring-trojan-popups/ ~ OB

Edited by Orange Blossom, 06 July 2008 - 06:24 PM.


#4 ezpkns34

ezpkns34
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 01 July 2008 - 12:50 PM

anyone?

#5 ezpkns34

ezpkns34
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 02 July 2008 - 02:48 PM

wow, helpful forum

Edited by ezpkns34, 02 July 2008 - 02:48 PM.


#6 iDukeHelp

iDukeHelp

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 02 July 2008 - 03:59 PM

You have a P2P program (LimeWire), which can be giving you this.

Also, Poker might have spyware.

Also delete viewpoint, viewpoint because it is known to be spyware-related.

#7 ezpkns34

ezpkns34
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 02 July 2008 - 04:02 PM

I've had the poker program & limewire program for months w/o any issues

What's viewpoint?

#8 iDukeHelp

iDukeHelp

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 02 July 2008 - 04:04 PM

Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Go to Add/remove programs then scroll to the bottom. It will most likely be called ViewPoint media player or something with viewpoint in it.

#9 iDukeHelp

iDukeHelp

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 02 July 2008 - 04:06 PM

Wait, since you KNOW you are infected, shouldn't you go HERE? When you get to the page, go to the "Preparation Guide For Use Before Posting A Hijackthis Log" pinned topic

#10 iDukeHelp

iDukeHelp

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 02 July 2008 - 04:08 PM

Quoted from Quietman7:


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Instructions with screenshots if needed.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#11 ezpkns34

ezpkns34
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 02 July 2008 - 04:10 PM

Yeh, I figured since I wasn't getting any assistance in this topic I had posted it in the wrong place & have since posted a topic in the malware section. Just had someone tell me they were gonna help me out in the topic. Thanks for the help though, appreciate it!

#12 iDukeHelp

iDukeHelp

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 02 July 2008 - 04:11 PM

No problem. Since someone is going to help you, better not follow my instructions.

Just uninstall viewpoint :D

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,720 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:04 PM

Posted 06 July 2008 - 06:25 PM

Topic closed to avoid confusion. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users