Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad Pop-ups, Internet Conection Is Crawling. It Keeps Coming Back!


  • Please log in to reply
9 replies to this topic

#1 peekpr

peekpr

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 14 July 2008 - 12:14 PM

Hey there, i've been trying to remove some kind of infection for quite some time. Just when i think it's gone, it starts generating pop ups again. Usually the pop ups are for sites that look like phishing sites. But usually the biggest problem is that my internet connection doesn't usually navigate off my homepage. It just sites idle "waiting to connect" while a pop up or two comes up. Any help would be great!

Running Windows XP Home Edition
Version 2002
Service Pack 2


i have a HiJack This logfile but i know i'm not supposed to post here.

Thanks.
D

EDIT:
Afer some lurking, i noticed that almost everyone is being directed toward MBAM. i'm in the process of scanning now and will post the logfile shortly.
Thanks.

Edited by peekpr, 14 July 2008 - 12:46 PM.


BC AdBot (Login to Remove)

 


#2 peekpr

peekpr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 14 July 2008 - 01:14 PM

After running MBAM 3 times and restarting twice, it looks like things might be cleared up. Below is a log file for perusal. Can someone let me know if it looks ok?
Thanks!

Malwarebytes' Anti-Malware 1.20
Database version: 949
Windows 5.1.2600 Service Pack 2

11:11:29 AM 7/14/2008
mbam-log-7-14-2008 (11-11-29).txt

Scan type: Quick Scan
Objects scanned: 38185
Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (Rogue.SpywareDestructor) -> Quarantined and deleted successfully.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 AM

Posted 14 July 2008 - 02:15 PM

Are you finding any suspicious processes in Task Manager? When you experience or encounter strange behavior, always check for new, unknown or suspicious processes that may be running on your system.

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 peekpr

peekpr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 14 July 2008 - 02:28 PM

Hello! i've noticed on Task Manager that things will pop in and out, but they go so quick i can't really tell what they are. Right now, i don't notice anything out of sorts. However, a few minutes ago the pop ups came back. i'll go ahead and do these other steps and get back when i'm done.

Thanks for the reply!
d.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 AM

Posted 14 July 2008 - 02:33 PM

Not a problem. Don't forget to post the scan results.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 peekpr

peekpr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 14 July 2008 - 05:24 PM

Here's the results of SUPERAnti Spyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/14/2008 at 03:15 PM

Application Version : 4.15.1000

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type : Complete Scan
Total Scan Time : 02:32:13

Memory items scanned : 154
Memory threats detected : 0
Registry items scanned : 4879
Registry threats detected : 0
File items scanned : 51567
File threats detected : 0


So, it looks like my computer is browsing at normal speed. SuperAnti Spyware found nothing.....but, the occasional pop up.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 AM

Posted 15 July 2008 - 08:33 AM

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different or the same tools to do the job. Even then, with some types of malware infections, the task can be arduous.

Can you describe the occasional pop up?

Do they look like the one in the example shown here? If so, it indicates that your system is not secure. You should follow the instructions provided in "Disable the Messenger Service" to help protect your computer from unwanted spam and other potential threats.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 peekpr

peekpr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 15 July 2008 - 11:58 AM

The pop ups look more like fake e-bay pages and yellowpages.com type sites. Occasionally it offers me a chance to earn an online degree or meet singles in my area! :thumbsup:
Sometimes the popups have sound and video with them.

The pop ups show up every minute or so, then for some reason, i can go for a few minutes without them. Task Manager show no unusual action when a pop up is on screen.

i ran SuperaAnti Spyware again and all it found were tracking cookies, but nothing major.

Here's the log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/14/2008 at 06:52 PM

Application Version : 4.15.1000

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type : Complete Scan
Total Scan Time : 00:56:18

Memory items scanned : 374
Memory threats detected : 0
Registry items scanned : 4881
Registry threats detected : 0
File items scanned : 52277
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\Dan\Cookies\dan@paypal.112.2o7[1].txt
C:\Documents and Settings\Dan\Cookies\dan@www.findstuff[1].txt
C:\Documents and Settings\Dan\Cookies\dan@doubleclick[1].txt
C:\Documents and Settings\Dan\Cookies\dan@tribalfusion[2].txt
C:\Documents and Settings\Dan\Cookies\dan@atdmt[2].txt
C:\Documents and Settings\Dan\Cookies\dan@advertising[2].txt
C:\Documents and Settings\Dan\Cookies\dan@findwhat[1].txt
C:\Documents and Settings\Dan\Cookies\dan@enhance[2].txt
C:\Documents and Settings\Dan\Cookies\dan@partner.finditquick[1].txt

OH! i forgot....for a little bit when i first got the virus, my windows automatic updates turned off and wouldn't allow me to turn it back on. i can't believe i forgot about that. After running the MBAM, i was able to turn it on.

Edited by peekpr, 15 July 2008 - 12:01 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 AM

Posted 15 July 2008 - 12:27 PM

Both SAS and MBAM are excellent scanning tools but even they cannot find every kind of malware so we may be dealing with something they do not detect.

What is your primary anti-virus and have you performed a full system scan in "Safe Mode"?

You should also perform at least one of these online Virus scans:
((All the following, except Trend Micro Housecall Scan, require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)
BitDefender Online Scanner <- Add a check by "Autoclean" and choose the option to "Quarantine".
ESET Nod32 Online Scanner <- Vista compatible but Internet Explorer must be Run as Administrator.
F-Secure Online Scanner. <- Follow the directions on the F-Secure page for proper Installation. (also checks for rootkits) (Vista compatible)

If we still don't find any more malware, then your pop ups will require further investigation in the HJT forum where more powerful tools can be used than we allow here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 peekpr

peekpr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 15 July 2008 - 12:37 PM

The primary Anti-Virus is Symantec.

The first scan i did was in safe mode. The last scan i did was in normal mode. i'll go ahead and do a scan with one of these other thingees and let you know!
:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users