Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random new browser windows when using Firefox, and random audio


  • Please log in to reply
2 replies to this topic

#1 mr_e_uss

mr_e_uss

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 27 December 2008 - 10:49 AM

My Windows XP Media Edition PC is infected with something. The most obvious symptoms are:
1) When using Firefox, new browser windows will randomly open -- to URLs that seem random. This happens often.
2) On occasion, audio will start playing -- as if some streaming internet audio was playing. I do not recognize the audio.

The above behavior started yesterday, Dec 26. Until then, I had no knowledge that something was wrong. However, once this started, I looked at Norton's log. (I have Norton 2008 running on the system.) On Dec 22, Norton discovered Virtumonde -- and thought it had removed it. On Dec 23, Norton again discovered Virtumonde and again thought it removed it. Since then, Norton does not find Virtumonde.

After I discovered that my system was having problems, I took the following steps:

Yesterday (Dec 26) I installed Spybot S&D. Spybot discovered Virtumonde (even though Norton no longer does). Spybot thought it successfully removed the infected keys. On a subsequent reboot, Virtumonde was again detected by Spybot.

I then installed MBAM. MBAM found additional evidence of Virtumonde. MBAM removed what it found. Subsequent reboots and rescans show that MBAM and Spybot think my system is clean of all issues they can detect.

Nonetheless, my system is continuing to exhibit the behaviors listed at the top. (#1, for sure; I do not yet know if #2 is resolved.)

The PC is networked in a LAN; the LAN is connected to the WAN via a DLink router. Two other Windows PCs are on the LAN (one Vista, the other XP Home). One Linux laptop is also connected to the LAN, wirelessly.

The system is set up with multiple user accounts -- both of which are Administrators. One account is hardly ever used. All of the above have been done logged in as one of the users -- the typical user of the system.

I have the MBAM log that shows the original Virtumonde infections (and subsequent logs that show that MBAM no longer detects anything). I also have a HijackThis log, that I collected this morning. I will them per your subsequent directions.

I would truly appreciate any help. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:52 PM

Posted 27 December 2008 - 10:57 AM

Disconnect from the net. Reset your router and give it a strong password.
If you use Spybot's Teatimer, disable it for now
----------------------------

Update Malwarebytes. This time do a FULL scan and post the new log here for us to look at
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 mr_e_uss

mr_e_uss
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 27 December 2008 - 11:06 AM

Will do.

I ran a full scan twice yesterday, but had disconnected my system from the network -- so that I couldn't update MBAM. The first time I did a full scan, MBAM detected (and resolved) problems. The second full scan came back clean.

I updated MBAM this morning, and kicked off a full scan. It will likely take nearly three hours. I will post the results a bit later today.

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users