Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Pop Ups, Aim Don't Work, Virus Scanner Freezes


  • Please log in to reply
31 replies to this topic

#1 Wyzrd

Wyzrd

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, TX
  • Local time:08:32 AM

Posted 02 August 2009 - 02:34 PM

I just started having these problems last night. Internet Explorer will randomly pop-up with ads and I don't ever use Internet Explorer. Firefox is my browser of choice and I'm currently running version 3.5.1 with it. My homepage got changed from the usual Google I had it set to to this "http://www.zotrim.com/". My AOL Instant Messenger will connect. Once I open a conversation window until I send a message, then the box with the conversation goes white with one strip of gray across the top. and my display pic next to where I type disappears. I have tried also running Bitdefender Total Security 2009, but it always freezes before it gets to the end of the scan.

As far as Windows I currently run.
Microsoft Windows XP
Professional
Version 2002
Service Pack 3, v.5755

If you need anymore information feel free to ask.

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 02 August 2009 - 05:21 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#3 Wyzrd

Wyzrd
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, TX
  • Local time:08:32 AM

Posted 02 August 2009 - 05:47 PM

It won't let me download it. I get a error.

Using Firefox I get.

C:\Documents and Settings\File Transfer\Desktop\zztoy.exe could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.


Using Internet Explorer it won't even let me choose where to save it, I get.

Internet Explorer cannot display the webpage


Also, I just tried using Uniblue's Spyeraser, but that won't even load.

Edited by Wyzrd, 02 August 2009 - 06:04 PM.


#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:32 AM

Posted 02 August 2009 - 06:06 PM

http://malwarebytes.gt500.org/mbam-setup.exe

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

http://download.cnet.com/Malwarebytes-Anti...stPopTwoColWrap
Chewy

No. Try not. Do... or do not. There is no try.

#5 Wyzrd

Wyzrd
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, TX
  • Local time:08:32 AM

Posted 02 August 2009 - 06:20 PM

Thank you, I was able to download it from the last link you provided.

In order to get it to run I had to change it's extension to .bat. It is currently scanning. I will post the results when it finishes.

Edited by Wyzrd, 02 August 2009 - 06:39 PM.


#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 02 August 2009 - 07:51 PM

Ok, I will be waiting for the results
Computer Pro

#7 Wyzrd

Wyzrd
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, TX
  • Local time:08:32 AM

Posted 02 August 2009 - 08:24 PM

Ok I ran it once. It found seven infected files then froze up the whole computer later on during the search. So I restarted the computer and let it scan through again until it found them seven errors again, stopped it and got the results. Says here 7 trojans.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3, v.5755

8/2/2009 8:20:55 PM
mbam-log-2009-08-02 (20-20-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 19144
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> No action taken.



#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:32 AM

Posted 02 August 2009 - 08:33 PM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Chewy

No. Try not. Do... or do not. There is no try.

#9 Wyzrd

Wyzrd
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, TX
  • Local time:08:32 AM

Posted 02 August 2009 - 08:42 PM

Sorry but same thing happened again as earlier with MBAM.

I can't download it.

C:\Documents and Settings\File Transfer\Desktop\drweb-cureit.exe could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.



#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:32 AM

Posted 02 August 2009 - 08:47 PM

Can you try renaming it before you save to desktop?
Chewy

No. Try not. Do... or do not. There is no try.

#11 Wyzrd

Wyzrd
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, TX
  • Local time:08:32 AM

Posted 02 August 2009 - 08:49 PM

I still got the same problem.

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:32 AM

Posted 02 August 2009 - 08:53 PM

Do you have access to a clean computer and a usb jump drive?
Chewy

No. Try not. Do... or do not. There is no try.

#13 Wyzrd

Wyzrd
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, TX
  • Local time:08:32 AM

Posted 05 August 2009 - 01:24 AM

Sorry this has taken so long to reply to. Yes I do, I downloaded Dr Cure It and put it on my computer but it keeps freezing before it ever finishes. The first time I ran it, it found 9 thing some trojans and some adwares. The second time it found 8 more things. Each time it cured, deleted, or moved the files. The third time it froze at the same place it froze the second time. But I don't know exactly what it is because all you can read is this at the bottom.

C:...B-4AB9-8465-CB361C44FE90}\RP174\A0047507.exe

I tried running a search on my computer to find A007507.exe but nothing came up.

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:32 AM

Posted 05 August 2009 - 01:48 AM

Fully update MBAM to

Malwarebytes' Anti-Malware 1.40
Database version: 2561


Run a quick scan please
Chewy

No. Try not. Do... or do not. There is no try.

#15 Wyzrd

Wyzrd
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, TX
  • Local time:08:32 AM

Posted 05 August 2009 - 02:02 AM

Here is the file.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3, v.5755

8/5/2009 2:01:47 AM
mbam-log-2009-08-05 (02-01-42).txt

Scan type: Quick Scan
Objects scanned: 104088
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\lpvideo.lpvideoplugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\lpvideo.lpvideoplugin.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\lpvideo.xmldomdocumenteventssink (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\lpvideo.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\LPVideo.dll (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\LPVideoPlugin (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> No action taken.
C:\Documents and Settings\File Transfer\Application Data\pridl (Trojan.Downloader) -> No action taken.

Files Infected:
c:\WINDOWS\Temp\VRT3F9.tmp (Malware.Tool) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> No action taken.

Now do you want me to click on remove everything?

Edited by Wyzrd, 05 August 2009 - 02:03 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users