Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Gamebox TOOLBAR


  • Please log in to reply
17 replies to this topic

#1 ReverseRevival

ReverseRevival

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 24 April 2010 - 12:07 AM

Okay, so I clicked on a bad link and ended up downloading something from Gamebox (I didn't know what it was, I was trying to download a torrent) only it's not the common Internet Gamebox thing. It's only pressence on my computer is a toolbar, complete with game functions and a search bar, on my firefox browser page. Oh, and the bleep ton of malware and adware etc. that is now present on my computer. With my pop-up blocker up, it gives me hundreds of popups in a day, it's about the same with it down, and I don't know what to do! Someone please help me?

I have McAffee firewall, and the SUPERantispyware, Free edition. I need to get this off my computer, because even when I remove and quarintine the adware that the SUPERantispyware that I'm getting, my web browser gets slower and slower every day, taking forever to load the simplest pages (this on a brand new laptop with a really fast wireless connection). I'm not sure how to use HijackThis, so if you could help me with that if you need me to download it, that would be super cool as well. Any and all help is appreciated in advanced!


-Mrs. Sarah White

P.S. I've attached a screen print of what the toolbar looks like, so you know what I'm talking about.

http://i43.tinypic.com/16k8b5c.png

Edited by Orange Blossom, 24 April 2010 - 03:58 PM.
Move to AII as no logs posted. ~ OB


BC AdBot (Login to Remove)

 


#2 ReverseRevival

ReverseRevival
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 26 April 2010 - 07:55 PM

Okay, I'm trying not to be obnoxious about this, but can someone please reply? Slowness has reached critical levels, and with me being in an online college.... It's kind of vital I have this fixed ASAP. Anyone willing to help, thank you.

#3 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:21 AM

Posted 26 April 2010 - 08:06 PM

Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.


#4 ReverseRevival

ReverseRevival
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 27 April 2010 - 08:10 AM

This is the result of my MBAB scan

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4042

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/27/2010 9:04:42 AM
mbam-log-2010-04-27 (09-04-42).txt

Scan type: Quick scan
Objects scanned: 131706
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\components\QualitySuperBrandingSystem.dll (Adware.PlayMP3z) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{6339581c-7838-64ee-63a9-d48b0e3d5f2e} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad607139-04a5-30ea-7468-a3b9de31e8eb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bf1a121f-580c-6eac-8a51-eefa3d51eb03} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad607139-04a5-30ea-7468-a3b9de31e8eb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{ad607139-04a5-30ea-7468-a3b9de31e8eb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad607139-04a5-30ea-7468-a3b9de31e8eb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\QualitySuperBrandingSystem.DLL (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qualitysuperbrandingsystem.qualitysuperbrandingsystem (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qualitysuperbrandingsystem.qualitysuperbrandingsystem.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualitySuperBrandingSystem (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualitySuperBrandingSystemFF (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QualitySuperBrandingSystem (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QualitySuperBrandingSystem (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem (Adware.PlayMP3z) -> Delete on reboot.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\components (Adware.PlayMP3z) -> Delete on reboot.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\content (Adware.PlayMP3z) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\components\QualitySuperBrandingSystem.dll (Adware.PlayMP3z) -> Delete on reboot.
C:\Program Files (x86)\QualitySuperBrandingSystem\QualitySuperBrandingSystem.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QualitySuperBrandingSystem\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\chrome.manifest (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\install.rdf (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\components\IPSFirefox.xpt (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\content\ps.js (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\QualitySuperBrandingSystem@QualitySuperBrandingSystem\content\psOverlay.xul (Adware.PlayMP3z) -> Quarantined and deleted successfully.

#5 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:21 AM

Posted 27 April 2010 - 10:19 AM

Clean out your temp files.
Download Attribune's ATF Cleaner and save to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.


DR. WEB CUREIT
----------------------
Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click No to All. [/i])
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


#6 ReverseRevival

ReverseRevival
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 April 2010 - 12:03 AM

Okay, so the first time I ran the Dr.Web CureIt thing, my computer shut off on me and all if the info was lost. The second time, it ran through with half the infected files moved/detected. Now I have it opened and I got to the whole saving part. I couldn't figure out how to get it to save to my desktop without moving the log, which I need to close dr.web to do. I try opening the log to make sure it's saved right, and there is two seperately named files where the log should be, none of which is the log (I saved it just like you said) and when I find how to change where the log file saves to, then change it, every time I save it, it just gives me a blank notepad. What did I do wrong? I followed the steps in order, so where did I go wrong? Here is what I did, step for step, as I read the instructions:

1. Scan finished, so I went up to the file > save report log
2. Opened the original save location (the folder) and found no file named log or anything like that.
3. Opened first of two notepad documents found in that folder. First one froze my computer trying to load.
4. Opened second of two notepad documents. This one was empty.
5. Went to Change setting > Log file and changed the address bar to %USERNAME%\Desktop\Log-file. If this is incorrect, please tell me. Windows 7 creators felt it was in some way smart to make it impossible to find how to write correct file locations.
6. Opened the document on my desktop, now called "Log-file"
7. Document was false as well. Now writing this post.

Is it normal for this whole process to take eight hours, anyway?

EDIT: I forgot to mention that the second file I opened that was blank, was the drweb file you mentioned in your instructions. So... I guess it either had nothing to report, or something went wrong here.

Edited by ReverseRevival, 28 April 2010 - 12:13 AM.


#7 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:21 AM

Posted 28 April 2010 - 03:14 AM

If you can't find the drweb log don't worry,it will have done what it needed to and yes an 8 hour scan is quite normal.

Do this next.

ESET Online:
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

What antivirus do you have installed ?

#8 ReverseRevival

ReverseRevival
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 April 2010 - 03:49 PM

My goodness this one was much quicker! Here is the log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1780e38b1c3c0e4eb9dc49619798b200
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-04-28 10:11:11
# local_time=2010-04-28 05:11:11 (-0500, SA Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5121 16776573 100 82 1528966 24487369 0 0
# compatibility_mode=5893 16776574 66 85 24014378 24029295 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=158663
# found=1
# cleaned=1
# scan_time=6827
C:\Users\Sarah\DoctorWeb\Quarantine\QualitySuperBrandingSystem.dll a variant of Win32/Adware.PlayMP3Z.AA application (cleaned by deleting - quarantined) 49B6BAB0CB388F5B7E60A6335305367D C

#9 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:21 AM

Posted 28 April 2010 - 04:05 PM

What antivirus do you have installed ? Are you still having problems ?

#10 ReverseRevival

ReverseRevival
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 April 2010 - 05:52 PM

I have McAffee, if I understand your question right.

Also, no, the toolbar is still there. With it still there, it will continue to ad malware, adware, spyware etc onto my computer, because it's from that toolbar that they are coming from. The problems such as pop ups and speed lose aren't there anymore, but they aren't right after a clean up. Those issues will be back soon unless the toolbar is removed

#11 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:21 AM

Posted 28 April 2010 - 06:21 PM

Take a look in

Add/remove programs
C:\Program Files

See if theres anything in there relating to gamebox/gamebar

#12 ReverseRevival

ReverseRevival
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 29 April 2010 - 03:18 PM

Unfortunately, if it was that easy, I would not be here :thumbsup: So, to answer your question, no there is nothing in my program files that would indicate they belong to the Gamebox Toolbar.

(BTW, just noticed you icon and actually looked at it for a sec. Man-U all the way, lol.)

Edited by ReverseRevival, 29 April 2010 - 03:19 PM.


#13 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:21 AM

Posted 29 April 2010 - 04:39 PM

Sorry but i don't know your computer ability,This toolbar is not flagged as malware by the scanners so they will not remove it.
Everything in my research on this points to these files being present.
%ProgramFiles%\InternetGameBox\InternetGameBox.exe
%ProgramFiles%\InternetGameBox\uninst.exe


Have you tried clicking on start and typing either gamebox/gamebar internetgamebox in there.

#14 ReverseRevival

ReverseRevival
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 29 April 2010 - 05:03 PM

Yeah, tried that. I even have hidden fodlers showing. None of those folders are showing up at all. I've even taken those file locations (%ProgramFiles%\InternetGameBox\InternetGameBox.exe and %ProgramFiles%\InternetGameBox\uninst.exe) and put them in the start menu search box. Nothing is coming up. These files, if they are on my computer, are being hidden from windows. I'm no expert, obviously (XD), but that kind raises a red flag of suspicion for me. Why would they need to hide there files if they weren't doing something I wouldn't want them to do? I know InternetGameBox itself is renowned for causing adware and malware issues on computers, but I've read nothing that says the InternetGameBox itself is a malware or adware file.

Maybe that's the issue? Maybe it's a legitimate piece of software (with some tricks up its sleeve to hide from me), but simply downloads these bad files onto my computer? I know for a fact that whatever else is going on, the toolbar itself, or the software behind it, is putting things on my computer, cause even after a full clean up with multiple scanners, this stuff all just comes back after a day or two.

#15 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:21 AM

Posted 29 April 2010 - 06:04 PM

Looks like the offending entries are going to be too difficult to find manually.DDS logs will show them and should be quite easy to remove.
The logs are not allowed in this section however.
Follow steps 6-9 here and post in that forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users