Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting virus and iexplorer running in background virus/spyware??


  • This topic is locked This topic is locked
4 replies to this topic

#1 Just D

Just D

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 23 June 2009 - 09:16 PM

I seem to have a very nasty bug that runs iexplorer in the background that produces some ads or something that I hear but cannot see. I also can't run spyhunter anymore or SDFix. It shows up in the task manager for a few mins or so and then goes away, but never runs.

After running RegCure once, I got a winsock error that had me down for several days. Just fixed that which allowed me back on the internet. Was going to do a complete wipe, but I can't even seem to do that. My pc is now running at 100% memory usage and I have no idea where to turn. PLEASE HELP!!

I have the DDS and attach....also Hijack This log as well.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 PM

Posted 27 June 2009 - 12:35 PM

Hello Just D,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Just D

Just D
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 June 2009 - 08:20 PM

Tea,

Thanks for the response. I was able to fix a lot of my problems, on my own, but I am convinced that I still have something lurking around. I might be paranoid, but it's better to be safe than sorry. I have attached my HJT log for you to look over.

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 PM

Posted 28 June 2009 - 08:32 PM

Hello,

Judging from that, I think you're right that there is still some stuff lurking.

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: {b37d5cb6-9475-85ea-58a4-8f27a0866f40} - {04f6680a-72f8-4a85-ae58-57496bc5d73b} - (no file)
O2 - BHO: (no name) - {311BC65D-68FB-4897-88D9-BD77290711B9} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: SciFinder Bar - {66d61d7a-eb71-4619-a3d5-5918cf7be7d6} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O20 - Winlogon Notify: pmnljIYP - pmnljIYP.dll (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DARRAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbup2: If McAfee still gives you problems, then you might need to uninstall it temporarily.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to JustD.exe and try it again. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 PM

Posted 06 July 2009 - 06:47 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users