Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Devasting and Strange Computer Behaviour after Rogue Spyware removal


  • Please log in to reply
3 replies to this topic

#1 MrScaryMuffin

MrScaryMuffin

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 27 May 2010 - 12:12 PM

My computer
Windows XP
Firefox
avg free, mbam, spybot s&d, lavasoft ad-aware, ccleaner, auslogics defrag



Background

Earlier this month my computer got hit with a very aggressive Rogue Spyware program. I can't recall the name of the program now and browsing through the known list of such programs does not ring any bells. The program first made a pop up on the bottom right that said that spyware/malware was detected. Thinking that it was my normal anti-spyware/malware program, I clicked the pop up. Instead of running my usual programs, it brought up a web page telling me to buy the program. It was late, and I clicked that bottom right pop up at least one more time before I realized that something was up.

Internet was working fine before, but slowly any page I tried to reach would instead show an error page that looks like what you would get if you didn't have internet. The error page said that the page I was trying to reach was infected or something and that I should click the link to go and buy the program. Eventually all internet pages showed this and I couldn't do Google searches anymore.

Worried, I tried booting up my usual anti-spyware/malware programs but now any programs I tried to run showed a windows pop-up that said that the program was infected and that I should hit OK to go to the web page and buy the program. I don't think I hit OK once, but instead clicked the X to close the pop up.

Luckily, my home wireless router was still fine and I used my iTouch to access Google and came across the BleepingComputer site when searching the name of the rogue program. I followed the instructions for its removal, which included booting up in safe mode. Once in safe mode, I was able to access the internet by changing my proxy settings back to normal. I had to do this in IE, since I couldn't really find the option in Firefox readily. I downloaded rkill from either IE or Firefox and ran the program. Rkill didn't seem to do anything except end itself and so I ran mbam, as suggested.

mbam did pick up on malicious programs on its scan. However, when I rebooted my computer, the bottom right pop ups were still coming up. So, I went back to safe mode, ran rkill, downloaded and re-installed mbam, updated it and ran its scan again. For good measure, I also updated and ran avg anti-virus, spybot s&d, and lavasoft's ad-aware in safe mode overnight.

When I restarted my computer the next day, things seemed to be fine again and I was happy. Since I was in the cleaning mood, I ran auslogic defrag. I also downloaded the latest version of ccleaner and ran that. I noticed that ccleaner had some registry clean up thing, so I ran that as well and let it fix all the issues it found. Additionally, I also unhooked my computer tower, took it outside and use a compressed air can to clean out the fans and such. I also cleaned up my keyboard, but I don't think that matters much :thumbsup:

My computer ran perfectly fine after this for about a week before I started to notice some strange behaviour.



The problems

The first thing I noticed was that Google results were acting funny. The new results page threw me off a bit, but what was really confusing was that, on occassion, when I clicked on a result link, it would take me to another search result page. This would occur with some pretty significant links, like NHL.com, etc. I would go back to the Google results page and try again a few times. After getting the same stupid results page (looks like of like the pages you get when you are looking for a company page that isn't there and the webhost provider offers a bunch of similar links that you can go to) the Google results link would finally work the way it is supposed to.

I thought it was strange, but it didn't occur often enough (probably two or three noticeable times) that I really thought anything of it. The second problem that started happening was that, I would get a strange error saying some win service thing needed to be shut down. If I clicked OK, there will be extreme slow down in loading up web pages and some things just won't run at all. If I don't click OK, I can finish what I'm doing with no problems.

As an aside, I've been having a hard time running Steam, but this is probably unrelated as I have always had issues with it. One time, after playing Team Fortress 2, I loaded up Left 4 Dead 2 but the sound would not work. Another time, when I played Left 4 Dead 2 without booting up anything else prior, I suffered the same sound problem for about a minute before it kicked in. I always get slow down when exiting Team Fortress 2 and also when alt tabbing windows in and out of it. Anyways, I'm just throwing it all in here just in case they are related.

The next problem that came up was that, occassionally, while I'm browsing, Firefox would open a random tab to some webpage. I never bothered to read the pages, so I don't recall what they were about, I just know that there were at least 3 or 4 different pages that would open on their own. They might open when I click something, or just when I'm reading a page without doing anything at all. I realized after a few times that this was a cause for concern, but before I could let it come up again to make a detailed note of the problem occurring, I suffered the major issues below.

The big problems that started to occur were two things: First, my desktop would not load at start up. This is happening right now still. I would see my wallpaper, but not the desktop icons and not the taskbar. If I hit alt+ctrl+del, I can see the Task manager and after a very long period of time, everything will finally show up.

The taskbar and start menu, however, looks like the classic or Windows 95 version, not the XP version. A quick browse through the internet on my iTouch nabbed an easy fix: Hit start menu, right click on my computer and go to Manage, click through service and enable Theme. However, Theme was already set to automatic and every time I startup, I have the same issue as any fixes I apply will not stick.

The biggest issue of all, is that I no longer have internet on the computer. It seems like the network connection is not being detected at all. My iTouch and any other computer in the house still has access to the router, but my computer, which is directly connected, does not. I've tried power cycling the router but that didn't do anything.


Done Actions

I ran all my anti-spyware/malware programs again and they have come up with nothing. I had saved the registry stuff before letting ccleaner fix the issues it found and double clicked that file to reverse the changes. After rebooting my computer that did nothing, as the taskbar and internet problem still persists.

I've done a few searches online, but this is such an odd case, I can't quite word it well enough for a search engine to find a solution and so I'm turning here for help.

Please help, much thanks in advance.

BC AdBot (Login to Remove)

 


#2 MrScaryMuffin

MrScaryMuffin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 27 May 2010 - 03:24 PM

After doing a bit of digging, I think I have a better understanding of my problems.

http://www.bleepingcomputer.com/forums/t/319647/antispyware-soft-fixed-but-now-internetless/

Looks like someone else is having the same internet woes as me. Antispyware does sound like the rogue program that got me. I'm going to try out some of the suggestions in this thread.

http://www.bleepingcomputer.com/forums/t/319310/search-result-redirect/

The google redirect and random tab popping up thing seems like it has something to do with this. I'll be trying out the fixes here.

#3 BlindingLink333

BlindingLink333

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa, USA
  • Local time:06:23 AM

Posted 27 May 2010 - 03:30 PM

After doing a bit of digging, I think I have a better understanding of my problems.

http://www.bleepingcomputer.com/forums/t/319647/antispyware-soft-fixed-but-now-internetless/

Looks like someone else is having the same internet woes as me. Antispyware does sound like the rogue program that got me. I'm going to try out some of the suggestions in this thread.

http://www.bleepingcomputer.com/forums/t/319310/search-result-redirect/

The google redirect and random tab popping up thing seems like it has something to do with this. I'll be trying out the fixes here.


Firstly, The first link you posted there does not seem related to your issue, as you are not having problems connecting to the internet, and the second link relates to Rootkit activity, which is a much more serious problem than what you have been describing. Personally, I would like to know what anti-spyware programs you have run, that didn't find anything, and I might have some more advice.

#4 MrScaryMuffin

MrScaryMuffin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 27 May 2010 - 05:49 PM

After doing a bit of digging, I think I have a better understanding of my problems.

http://www.bleepingcomputer.com/forums/t/319647/antispyware-soft-fixed-but-now-internetless/

Looks like someone else is having the same internet woes as me. Antispyware does sound like the rogue program that got me. I'm going to try out some of the suggestions in this thread.

http://www.bleepingcomputer.com/forums/t/319310/search-result-redirect/

The google redirect and random tab popping up thing seems like it has something to do with this. I'll be trying out the fixes here.


Firstly, The first link you posted there does not seem related to your issue, as you are not having problems connecting to the internet, and the second link relates to Rootkit activity, which is a much more serious problem than what you have been describing. Personally, I would like to know what anti-spyware programs you have run, that didn't find anything, and I might have some more advice.


Thanks for reading the first post.

I am having trouble connecting to the internet (last problem listed under the Problems section, also noted as the biggest issue currently). Thus, this is pertinent to my interests.

Second link deals with a Google redirect issue, which is the first thing in the Problems section. Of course, if this isn't the exact case, I've now found a few more links and I'll be comparing notes to find the one that best match my dilemma (once I have internet again, of course).

Finally, if you want to know what anti-spyware programs I'm running, try reading the first section, where I list my programs.

The first line in this reply is sarcastic, but I do appreciate the response and attempt for help. Cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users