Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Foreign pics/changes to website pt.2


  • This topic is locked This topic is locked
13 replies to this topic

#1 C47FSN

C47FSN

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 13 July 2009 - 12:03 PM

Hello again. Several months ago I sought help here for some problems with my computer. I noticed the problem when I started seeing what I would call foreign pics on certain websites, as well as some text differences. After receiving help with the problem it was eventually resolved.

Somehow though, I've ended up in a very similar situation. So being the genius that I am, I looked up the original topic and started going through some of the steps I considered within my capabilities... various spyware removal, antivirus, etc. A new problem has arisen. My computer will freeze in safe mode. I successfully used safe mode for sas, but when I tried to use it to run Drwebcureit it freezes.

I was hoping to sort this out myself but at this point I thought I should seek help.

What have I done?

BC AdBot (Login to Remove)

 


#2 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 15 July 2009 - 10:50 PM

I apologize if that previous description was too vague. I thought it would be easiest for someone to look at the original problem rather than repeat it here but maybe I was incorrect. On certain websites I am seeing pics in places that they certainly don't belong. Some of them I remember from other sites I've been to so I know they are out of place. Also some web sites are being displayed strangely... text size is altered, certain boxes are too large or small or partially cut off, all sorts of strange things. This site looks strange as well... the first time around that didn't happen. It would also seem that certain buttons (java?) on websites are inactive now, which I remember from the last time too. For instance the fast reply button did nothing when I clicked on it below my last message.

Among various malware that was discovered and removed during the process I was led through last time using Super Antispyware, Malwarebyte's Anti Malware, Dr. Webcureit, and Hijack This, it was determined there was a "flash drive infection". After certain cleaning processes, basically everything returned to normal.

I am confused as to how I ended up with a very similar problem. It makes me feel stupid for two reasons: first, I've unintentionally walked right back into this mess, and second, I still don't know how or why I did it. This makes it more irritating to me, and probably to those who helped me the first time. Which I apologize for.

So like I had written before I was attempting to go through the cleaning/detection process myself, and ran into the problem where safe mode is freezing. Now I am unsure how to proceed.

I wrote this to try and be more informative, not to be pushy. I'm not sure how topics are responded to or in what time frame, but like I said before I thought maybe I had been too vague.

Oh lastly, I was sure there would have been some way to edit my first post rather than write a second, but with the way the browser is displaying the page, I couldn't find any edit button or options.

Thanks,

C.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 AM

Posted 15 July 2009 - 11:13 PM

Hello and welcome. Let's try a good normal mode scanner and get a log.

Please run these next. If you have Spybot installed temporarily disable it.
Next run ATF:
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 16 July 2009 - 10:43 AM

Thanks for your reply.

Here is the log:

Malwarebytes' Anti-Malware 1.39
Database version: 2441
Windows 6.0.6001 Service Pack 1

16/07/2009 11:40:33 AM
mbam-log-2009-07-16 (11-40-33).txt

Scan type: Quick Scan
Objects scanned: 87275
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 AM

Posted 16 July 2009 - 11:36 AM

Hi,I forgot to add this... Tell how it's running after this.
Download and Run FlashDisinfector

You have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 16 July 2009 - 03:20 PM

The program ran fine and just said that it was finished. It didn't mention if it found anything. I checked certain websites and of the three that were having problems, one has returned to normal. Like the first time I had this issue, the gamespot website gets mangled for some reason, and bleepingcomputer doesn't look right either.

Thanks for your help,

C.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 AM

Posted 16 July 2009 - 03:38 PM

Hi, as i cannot see anymore malware it may be deeper so you will need to run HJT/DDS.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 18 July 2009 - 12:04 PM

Ok, I'm just in the process of backing some things up before I continue. I do have a last question though: I've recently transferred some files from this pc to a ps3 via a usb stick, and I also downloaded and have been using PSmedia centre. Can the ps3 be affected by the flash infection? I haven't noticed any symptoms, I just thought it was worth asking.

Oh, this website has returned to normal somehow during the last few days.


Thanks again for your help,

C.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 AM

Posted 18 July 2009 - 01:34 PM

Hi, can you run Flash D on all drives,,then you should be oK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 18 July 2009 - 04:06 PM

Thanks!

Oh wait... does this apply to the ps3 too? can't run flash disinfector (.exe) on ps3.

Thanks again,

C.

Edited by C47FSN, 18 July 2009 - 04:15 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 AM

Posted 19 July 2009 - 12:38 PM

I'll confirm this for...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 AM

Posted 20 July 2009 - 03:51 PM

Ok I feel this should be safe..
Flash_Disinfector was designed to remove infections that load an autorun.inf file on removable media and create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. I doubt sUBs had this in mind when he created it but he does say "any removable media". With that said, I doubt his tool would cause any harm if run while a PS3 was plugged in.

Although I read Sophos warned that visitors of certain pages on the US Playstation website are at risk of malware infection, I'm not aware of the PS3 itself being vulnerable to infection.

http://www.totalvideogames.com/PlayStation...ite--12891.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 C47FSN

C47FSN
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 20 July 2009 - 06:17 PM

Ok that's good to know. Thanks for the link too. The ps3 is connected to the pc through a router, not directly. I'm not sure if that matters but I thought it was worth mentioning.

Thanks again for your help,

C.

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,912 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:32 AM

Posted 31 July 2009 - 05:58 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/245784/changesoddities-in-firefox-browser-wrong-pictures-fonts-spacing-colouring-etc/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users