Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti Virus Pop Up Ad


  • This topic is locked This topic is locked
16 replies to this topic

#1 shadows38

shadows38

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 25 November 2009 - 08:28 PM

I have a Anti Virus Pop up for Trojan that needs removing.

My sister did this for me last time and the computer has cleared but I have recently run a a checker on it and I have several message about Rogue AntiSpyware and Trojans

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 30 November 2009 - 08:36 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 shadows38

shadows38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 01 December 2009 - 12:34 PM

Hi m0le

I have subscribed to this topic and am ready for the instructions.

I have used Malwarebytes' Anti-Malware and Spybot - Search and Destroy!!

shadows38 :(

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 01 December 2009 - 07:22 PM

Hi shadows38,

There are some malware temp files in RootRepeal so we'll target those. Is there anything other than popups on the PC?


Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

Then close Firefox and then reopen it.


Now let's remove the files

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\documents and settings\jess sheasby\local settings\temp\~df43af.tmp
    c:\documents and settings\jess sheasby\local settings\temp\~df66a5.tmp
    c:\documents and settings\jess sheasby\local settings\temp\~dff823.tmp
    c:\documents and settings\jess sheasby\local settings\temp\~dfff2a.tmp
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post the OTM log.


Finally please post a new RootRepeal log and run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 05 December 2009 - 07:40 AM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 shadows38

shadows38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 06 December 2009 - 10:24 AM

Hi m0le,

I have ran the OTM and these are the results
========== FILES ==========
File/Folder c:\documents and settings\jess sheasby\local settings\temp\~df43af.tmp not found.
File/Folder c:\documents and settings\jess sheasby\local settings\temp\~df66a5.tmp not found.
File/Folder c:\documents and settings\jess sheasby\local settings\temp\~dff823.tmp not found.
File/Folder c:\documents and settings\jess sheasby\local settings\temp\~dfff2a.tmp not found.

OTM by OldTimer - Version 3.1.2.2 log created on 12062009_151020


Finally please post a new RootRepeal log and run RSIT

Attached Files

  • Attached File  log.txt   47.63KB   2 downloads
  • Attached File  info.txt   37.38KB   0 downloads


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 06 December 2009 - 06:05 PM

Use Windows Explorer to find and delete these files:

C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



Let me know what problem still persist before we go ahead with the next step :(
Posted Image
m0le is a proud member of UNITE

#8 shadows38

shadows38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 09 December 2009 - 04:08 PM

I have deleted those files!!!

What is the next task??

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 09 December 2009 - 04:25 PM

Now we can start to see what there is on the PC

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 12 December 2009 - 01:47 PM

You still there, shadows38?
Posted Image
m0le is a proud member of UNITE

#11 shadows38

shadows38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 12 December 2009 - 05:57 PM

Yes I am Still here!!

I have run the Comfix and the Results are below in the attached file!!

See what you think and let me know the next steps!!

Cheers
Shadows38

Attached Files



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 12 December 2009 - 06:58 PM

I think that looks a lot better. :(

Hotbar is adware and Combofix has removed the entire program.

I notice that you also have some remnants of the Ask toolbar. The program itself is gone.

The Ask toolbar is not recommended. This toolbar enhances internet browsing and provides a direct link to the "ask.com" search engine. This program is not known to be bundled with spyware - The company strongly denies the toolbar as being malware.

Please read why it might be good to remove it here.

If you want me to remove the rest of it then we can in the next step.


For now we need to do an online scan

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 15 December 2009 - 03:51 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#14 shadows38

shadows38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 16 December 2009 - 09:32 AM

Hi Sorry,

I am still trying to run the ESET OnlineScan but it is taking a long time but I have had a lot of University work so I havent been able to run this programme fully!! Will report back when this scan is completed!!

shadows38

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:29 AM

Posted 16 December 2009 - 06:41 PM

:(
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users