Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser opens by itself to random ads..


  • Please log in to reply
39 replies to this topic

#1 urbanninja

urbanninja

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 01 December 2008 - 07:20 PM

hello,

edit: [ im going to give the short explanation here(for those who hates walls of text) and the long one with details below this next paragraph.

Short explanation-
i downloaded some stuff and made sure that they were all malware and spyware free. one day i got on and my browser (mozilla firefox) opened by itself and advertised security programs and a blackberry phone and since then it opened up browsers frequently and advertised stuff (every time one opened, my trend micro pc-cillin alert came up and always said that i tried to open a dangerous site, close it and never open it again and it said it was spyware and adware). but scans for spyware and malware were always clean. still, the problem is that my computer is has gotten slow and my browser opens by itself.

LONG EXPLANATION-]
i recently (nov. 24, 2008 i think) accidentally corrupted a user profile because i manually shutdown my computer when it was saving settings.
i used a temporary profile created by my computer to make a new admin profile. all of my documents were intact and trend micro pc cillin found nothing harmful in my computer. i was sure that everything was back to normal so i downloaded a torrent program and got photoshop cs3, chief architect, fruity loops, microsoft office word 2007, and a winrar program. i also got a trial and a few other programs.i also got a tool for customizing the computer and i downloaded some new themes, boot screens, logon screens, and cursors.
while i was downloading all of this, i was always running the trend micro pc-cillin scan for malware and spyware and it was always safe. if anything ever was found then i removed it. i then did a system checkpoint, just incase anything went wrong. but everything worked perfectly until nov. 29, 2008 when my dad got on and said that the computer was opening hundreds of browsers with random pages he'd never seen and the computer also shut itself off.
i didnt believe him but later i used trend micro pc cillin to check for malware or spyware and none were found. then, i was getting on mozilla firefox and photoshop cs3 and 3 browsers opened themselves up to random ads and firefox crashed. trend micro pc-cillin popped up saying that 3 suspicious changes were detected in my computer and i accidentally clicked "allow changes".
i ran the trend micro pc cillin scan and it found 3 spyware, which i of course removed but my computer is really slow now and the browser opens up one or two windows with ads or a number such as 88.109.79.02 (just an example, i don't remember the actual numbers) every few minutes and i have scanned my computer and nothing bad was found. i removed all the torrented and trial programs that i had (except for the ones i need for school) and i was going to do a system restore but all of the system checkpoints were gone except for one on the day i found the spyware. but there are still no spyware or malware on my computer. every time a browser randomly opens up, i memorize the address, exit out the browser, and open internet explorer and add that page to restricted sites but these pop up browsers seem to never stop.
right now (dec. 1, 2008) i am running the trend micro pc-cillin scan again and so far it has detected 2 items. i will remove them when the scan completes but im sure that that will not fix the problem. any help would be appreciated.
also, some times when my computer comes on and i open something an error comes up saying somethin about a program is running so i have to switch to that program and fix it but nothing is running. so i dont know what to do. the buttons the error shows are "switch to" "retry" and "cancel" but cancel is dimmed out so "retry" does nothing and "switch to" only open the start menu on the taskbar. one more thing i can remember is that the first time the browsers popped up with me along with this error message, microsoft outlook express also opened and i kept getting messages about sending an error report for different programs.
once again, any help would be appreciated.=]

Edited by urbanninja, 01 December 2008 - 07:47 PM.


BC AdBot (Login to Remove)

 


#2 trashcan7

trashcan7

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 01 December 2008 - 08:13 PM

The only thing I can think of is virus or spyware, but you did say you scanned it several times.
Firstly, those numbers are IP addresses, which is like the address for a computer or router. Routers usually have dynamic IP addresses, so it'll change, so adding them will not help, unless you can make use of an asterisk. Meaning if you get them from 88.109.79.02, 88.109.79.94, and 88.109.79.32, for example, I think you can just restrict 88.109.79.*.

Secondly did you do these scans in safe mode? And was PC-cillin the only thin you used for spyware? In my experience, software like Ad-Aware, which is free, is a lot more thorough.

#3 urbanninja

urbanninja
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 01 December 2008 - 08:16 PM

what does safe mode do? and yes trend micro pc-cillin is the only one that i have.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:36 AM

Posted 01 December 2008 - 08:27 PM

I'm moving this to Am I Infected?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 urbanninja

urbanninja
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 01 December 2008 - 08:28 PM

actually, i just found 2 spyware which i removed and one trojan called "TROJ_DLOAD.OD"
the "clean", "quarantine", and "delete" buttons are grayed out so i cant clean or delete it! how do i get rid of it? the file name is "C:\System Volume Information\_restore{A5B7B60A-26FA-4723-ADEE-CBCA723EAADF}\RP277\A0080324.exe"
it does say that the status is quarantined. does that mean that i'm safe?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 01 December 2008 - 09:38 PM

We can remove that in a bit can yiu run this scan ..

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 urbanninja

urbanninja
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 01 December 2008 - 09:55 PM

yeah, i would do that but ive seen that you post that same post a whole lot and i dont see why your program should be any more efficient than mine..and you didnt answer if my computer is safe with them being quarantined...so i just want to know if its good for them to be quarantined but not deleted.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 01 December 2008 - 09:58 PM

i dont see why your program should be any more efficient than mine

I post it as it is effective. No one application is 100 % effective,but perhaps you already new that.

the "clean", "quarantine", and "delete" buttons are grayed out

led me to believe it was not moved anywhere.
Yes a quarantined file will no longer harm your PC.
Is your computer clean now other than the one file shown:
C:\System Volume Information\_restore{A5B7B60A-26FA-4723-ADEE-CBCA723EAADF}\RP277\A0080324.exe"

what does safe mode do?

Windows Safe Mode is a way of booting up your Windows operating system in order to run administrative and diagnostic tasks on your installation. When you boot into Safe Mode the operating system only loads the bare minimum of software that is required for the operating system to work. This mode of operating is designed to let you troubleshoot and run diagnostics on your computer. Windows Safe Mode loads a basic video drivers so your programs may look different than normal.

Edited by boopme, 01 December 2008 - 10:07 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 urbanninja

urbanninja
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 01 December 2008 - 10:05 PM

okay, if i download your anti-malware thing will i be able to use it in place of mine? or is that just for removing trojans, worms, and other uncleanable malware?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 01 December 2008 - 10:08 PM

It would be complimentary to TM.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 urbanninja

urbanninja
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 01 December 2008 - 10:11 PM

okay then i'll do that and have it up here in a few minutes or as soon as it gets done. thx!

#12 urbanninja

urbanninja
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 01 December 2008 - 10:13 PM

oh and it says "run" or "save". which one do i do?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 01 December 2008 - 10:15 PM

Run
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 urbanninja

urbanninja
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 01 December 2008 - 10:43 PM

hey, 6 posts up, u asked if my computer was clean now exept for that one file. well, there were already 5 items quarantined so this trojan made 6 but im using the malware thing u got me and im already reaching 200. how is it possible that TM missed that many? does that mean that i need to use urs and mine programs or do i need to get a better one?
and i saw a post of another moderator on a different topic saying to copy and paste some file. well, i uninstalled firefox just a few minutes ago and now im using internet explorer and the random browser popups are gone. but if i do need to copy something later like the other moderator had another user do, for some reason my mouse wont highlight words so i can right-click andcpy, instead it draws a blue box and wants to clip it. do you know how to change that?

also, this malware program thing that you got me seems to be very effective, as you said, but it seems like it is gonna take a little longer than TM does so i guess my next post might be up tomorrow so could you tell me about what time you would be back on or would any other moderator look at the contents of the report for whatever reason? im asking because i dont want to keep refreshing the page tommorrow like i did today, but this shouldnt be as urgent a matter as it was to daywith the browser problems and all.
anyways, thanks for your help and my next post will be up tommorrow.

#15 trashcan7

trashcan7

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 01 December 2008 - 10:54 PM

I think you can keep both programs. PC-cillin is mainly an antivirus application, while Malwarebytes is a malware application. These are two different things, and as he said, no one product is 100% effective. You definitely need an antivirus program, so PC-cillin should cover that, and you need at least one, if not more, malware programs.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users