Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pages may/may not open-popup page url.urtbk.etc


  • Please log in to reply
21 replies to this topic

#1 sunnyg123

sunnyg123

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 21 July 2009 - 01:20 PM

Hi this is my first post. Hopefully you can get me squared around w/o having to take my compuer to a shop. I've been reading and working on this for 2 days now. lol You all have some great info here. Thanks!

Yesterday a.m. when I woke up & got on the net my computer was running slow, most pages wouldn't (still won't sometimes) open, clicking the IE icon would give you an hour glass and just go away. Sometimes I could open it and it would build by right clicking and hitting open. Also 'most' of the time when a page DOES open a 2nd page opens too, blank, url.urtbk.com.... It is also kicking up a lot of can't show this page due to activex problem...And it might sound crazy (does to me) but when I type a lot of letters don't show up, and I do type well and I don't think I am hitting keys any lighter than others. But that's the least of my problem, I can proofread for that. lol

I started 'googling' the problem & found a lot of people having it, and that's how I found you. Your site seemed the best, easiest to understand for someone like me who can muddle through a little but not a lot of computer repair.

I do run Avira AntiVir premium. I thought it was good, not real happy right now though. I keep it updated automatically, and run daily or every other day full system scans. Day before yesterday, when I went to bed on the 19th, everything was working fine. I also run the latest AdAware, AE I think, but it will not run at this time. It starts, runs a few seconds and shuts down.

I have a Dell PC, Win XP, Media Center edition, Version 2002, SP2. Pent 4 CPU 3.00 GHz, 2.99 GHz, 512 MB Ram. I have 32.9 G used space and 116 G free space. Using IE7. (I dl 8 on when it first came out & didn't like it so went back.) I also have attached a HP Photosmart C5140 All in One printer.

I defragged, even though it said I didn't need to. After reading your suggestions elsewhere, I also successfully did the Malwarebytes step and I did Hijack this, and the DDS step. I have logs for all.

So....I am still having problems getting pages to open, although AT LEAST some do now. I am still having that stupid blank urtbk page popup. (EVERY time I search google it pops up about 4 times before I can read the page.) And I don't know what/where to check the activex thingy.

What else do you need to know from me? And which logs do you want me to TRY & attach? lol

Thanks again! I am praying with your help we can get it runnin' smooth again as we are on a fixed income and I am trying not to go to the shop. lol

BC AdBot (Login to Remove)

 


m

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:04:23 PM

Posted 21 July 2009 - 01:57 PM

Update mbam and run a FULL scan
Please post the results

Then run ATF and SAS


ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 21 July 2009 - 04:22 PM

I take it when I do the full mbam scan that you want me to tell it to remove selected? Or wait on that? I have 5 Trojan Aents and 2 Trojan Vundo.

#4 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 21 July 2009 - 04:28 PM

Ok I'm totally dense, lol, I don't see how/where to add an attachment to add these reports.

Will bbl, duty calls. Thanks

#5 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 21 July 2009 - 07:43 PM

How do I attach/upload (?) a copy of my mbam log please? Thanks

#6 Mysterysgames

Mysterysgames

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 21 July 2009 - 07:46 PM

Just copy-paste the content of the log in your post :thumbsup:

#7 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 21 July 2009 - 09:02 PM

Thanks! I thought I had seen somewhere it had to be attached.

Malwarebytes' Anti-Malware 1.39
Database version: 2475
Windows 5.1.2600 Service Pack 2

7/21/2009 4:11:54 PM
mbam-log-2009-07-21 (16-11-42) (2)

Scan type: Full Scan (C:\|)
Objects scanned: 280528
Time elapsed: 1 hour(s), 23 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Brenda Grubb\Local Settings\Temp\41.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00FD6E2.dat (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00fd6e2 (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f5ad00.exe (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Brenda Grubb\Local Settings\Temp\41.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Brenda Grubb\Local Settings\Temp\_A00F5AD00.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00FD6E2.dat (Trojan.Vundo) -> No action taken.

#8 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 21 July 2009 - 11:26 PM

Grrr I did the SAS scan, took around 1 1/2 hours give or take. Rebooted when it said, opened it back up....it took forEVER to get it to open, tried several ways..nothing. Finally rebooted and it did open then; but then it shows NO log, no prior logs, and shows no prior scans. So I assume I need to try the scan over again and see if it will open the first time & give me a log?

Also, a window popped up from Windows saying I have spyware, etc, and opened a page wanting me to run Anti Spyware Pro 2009. I didn't, thought I didn't want to mix the two, and they were probably just wanting to sell me something. Should I have went ahead and tried to run it before I completed this other scan with you?

Now what? I'll look tomorrow, bed time.

Thanks :thumbsup:

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 PM

Posted 21 July 2009 - 11:58 PM

Hello, sometimes this happens with SAS and it comes back after a shut down and reboot. Also it sometimes shows up in the Admin or other user account. And even in Safe mode again..

But did it find and remover thing more than cookies?

Also.. In the MBAM log it shows "No action taken".. This may mean you did not click "Remove Selected." after the scan.. If so you will need to rerun MBAM. Since Vundo can be stubborn may as well do it now anyway. Like this.


Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


How is the PC running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 22 July 2009 - 08:00 AM

Ok I just did the mbam rescan quick mode like you said. Got 8 results, removed them, and getting ready for the reboot. brb As for your other question...was my computer running any better...no, It was the same, and I had marked to remove the 7 earlier. Every page I open I get an extra popup page, either the url.urtbk page or a page from Windows wanting me to go here or there, stuff I've never seen or heard of before. Also.....I don't know if it's a virus or what, never seen it before, but my typing is still leaving letters out of my words, I've just been going back in and adding them. lol

Will reboot and brb. Here are the results from the mbam fst scan.

Malwarebytes' Anti-Malware 1.39
Database version: 2477
Windows 5.1.2600 Service Pack 2

7/22/2009 7:57:07 AM
mbam-log-2009-07-22 (07-57-07).txt

Scan type: Quick Scan
Objects scanned: 144198
Time elapsed: 12 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c00D8912.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00d8912 (Trojan.Vundo) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f5ad00.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f372df.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\brenda grubb\local settings\Temp\38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\brenda grubb\local settings\Temp\41.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brenda Grubb\Local Settings\Temp\_A00F372DF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D8912.dat (Trojan.Vundo) -> Delete on reboot.

Thanks!

#11 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 22 July 2009 - 08:29 AM

Ok, When I opened a new page after reboot I immediately got this:

Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti virus check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs. And it's from Windows IE. Ok or cancel.

You tell it to cancel, it kicks up a page anyway and starts to scan. bagoruv.cn.........

It scans fast then gives you: Your computer remains infected by viruses! They can cause data loss and file damages and need to be cured as soon as possibl.e Return to System Security and download it secure to your PC.

I have not let it dl or do it because I don't know if it's legit or fake and has more viruses to give me.

Also, when I tried to search in google, I got all the usual warning popups from my Avira saying it's a virus. You always get 4 of them. You tell them to delete all 4 times and then have the google page.

Also the url.urtbk.com pages are still popping up with each good page I open. And pages are openin slow.

t appers I'm not gaining any. Peraps it's time to go to the shop? Or do you still have patince and more triks? lol (I didn't fix the dropped letters in the last two sentences.)

Thanks

Edited by sunnyg123, 22 July 2009 - 03:15 PM.


#12 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 22 July 2009 - 11:17 AM

I just did another FULL mbam scam, and it came up with the sam results. Same errors/trojans, whatever still there that I have told it to rmove 3 or 4 times now. Says to reboot to finish them all, I do. All are still there every time, it is not removin anyting.

Here is the latest log from the full scan. I await someone's advice.

Malwarebytes' Anti-Malware 1.39
Database version: 2477
Windows 5.1.2600 Service Pack 2

7/22/2009 11:08:34 AM
mbam-log-2009-07-22 (11-08-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 249230
Time elapsed: 46 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Brenda Grubb\Local Settings\Temp\40.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00BDEDB.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00bdedb (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fab1bb.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Brenda Grubb\Local Settings\Temp\40.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Brenda Grubb\Local Settings\Temp\_A00FAB1BB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00BDEDB.dat (Trojan.Vundo) -> Delete on reboot.

#13 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:23 PM

Posted 22 July 2009 - 01:46 PM

the link in post 11 contains system security malware and should be removed

#14 sunnyg123

sunnyg123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 22 July 2009 - 03:16 PM

Sorry, I as just posting what it tells me. I removed it and just left the general idea. Thanks for letting me know.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 PM

Posted 22 July 2009 - 03:40 PM

Hello, if you see it come up on the screen again do not click on any of it. Rather press CTRL+ALT+DEL >> then click on that page in the Task manger that came up. Select "End Task"

now please run SuperAntispyware and ATF from garmanma's instruction in post 2.

Post that log and tell me how it's running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users