Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Popups & no access to windows update


  • This topic is locked This topic is locked
3 replies to this topic

#1 thefazza

thefazza

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 08 July 2010 - 03:12 PM

Hi

My computer got infected with the fake AV antivirus popup that disabled programs and internet. I think I have safely removed this but no I keep getting popups and other fake anti-virus type trojans. I also can't get to windows update. My internet options show not to connect via a proxy.

I have tried various anti-virus, spyware tools with no luck. can someone help and show me what further info is required. I am running Windows XP with a wireless connection to a router.

many thanks

Here is my log, can anyone help?

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 02/10/2007 19:06:16
System Uptime: 07/08/2010 19:38:45 (-718 hours ago)

Motherboard: Dell Inc. | | 0WG860
Processor: Intel® Core™2 CPU 6700 @ 2.66GHz | Microprocessor | 2659/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 461 GiB total, 340.815 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® 82562V 10/100 Network Connection
Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DC1028&REV_02\3&172E68DD&0&C8
Manufacturer: Intel
Name: Intel® 82562V 10/100 Network Connection
PNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DC1028&REV_02\3&172E68DD&0&C8
Service: e1express

==== System Restore Points ===================

RP730: 09/04/2010 22:21:46 - Software Distribution Service 3.0
RP731: 11/04/2010 20:42:44 - System Checkpoint
RP732: 13/04/2010 20:14:43 - System Checkpoint
RP733: 13/04/2010 22:14:02 - Software Distribution Service 3.0
RP734: 15/04/2010 21:16:36 - System Checkpoint
RP735: 16/04/2010 21:36:54 - System Checkpoint
RP736: 18/04/2010 19:58:47 - System Checkpoint
RP737: 20/04/2010 21:11:17 - System Checkpoint
RP738: 22/04/2010 12:08:31 - System Checkpoint
RP739: 23/04/2010 21:16:30 - System Checkpoint
RP740: 25/04/2010 14:08:44 - System Checkpoint
RP741: 26/04/2010 20:04:48 - System Checkpoint
RP742: 27/04/2010 20:37:29 - System Checkpoint
RP743: 02/05/2010 15:06:21 - System Checkpoint
RP744: 03/05/2010 20:59:37 - System Checkpoint
RP745: 05/05/2010 12:05:03 - System Checkpoint
RP746: 06/05/2010 19:58:03 - System Checkpoint
RP747: 08/05/2010 13:40:50 - Installed Compatibility Pack for the 2007 Office system
RP748: 10/05/2010 13:59:38 - Software Distribution Service 3.0
RP749: 12/05/2010 18:56:04 - System Checkpoint
RP750: 12/05/2010 22:09:01 - Software Distribution Service 3.0
RP751: 15/05/2010 20:06:39 - System Checkpoint
RP752: 17/05/2010 18:22:05 - System Checkpoint
RP753: 19/05/2010 21:18:16 - System Checkpoint
RP754: 20/05/2010 21:23:54 - System Checkpoint
RP755: 21/05/2010 21:41:59 - System Checkpoint
RP756: 24/05/2010 20:32:06 - System Checkpoint
RP757: 25/05/2010 21:41:53 - System Checkpoint
RP758: 25/05/2010 22:03:54 - Software Distribution Service 3.0
RP759: 27/05/2010 20:42:56 - System Checkpoint
RP760: 29/05/2010 14:37:53 - System Checkpoint
RP761: 31/05/2010 21:16:03 - System Checkpoint
RP762: 03/06/2010 19:06:28 - Software Distribution Service 3.0
RP763: 04/06/2010 21:18:46 - System Checkpoint
RP764: 06/06/2010 19:47:28 - System Checkpoint
RP765: 07/06/2010 19:51:45 - System Checkpoint
RP766: 08/06/2010 20:17:31 - System Checkpoint
RP767: 08/06/2010 22:07:56 - Installed DirectX
RP768: 11/06/2010 22:15:09 - Software Distribution Service 3.0
RP769: 12/06/2010 22:45:02 - System Checkpoint
RP770: 21/06/2010 18:31:45 - System Checkpoint
RP771: 22/06/2010 22:03:28 - Software Distribution Service 3.0
RP772: 26/06/2010 20:26:11 - System Checkpoint
RP773: 29/06/2010 18:42:31 - System Checkpoint
RP774: 03/07/2010 20:05:51 - System Checkpoint
RP775: 04/07/2010 20:35:52 - System Checkpoint
RP776: 04/07/2010 21:43:45 - Removed Ad-Aware 2007
RP777: 04/07/2010 21:44:30 - Installed Ad-Aware
RP778: 05/07/2010 21:30:25 - Removed Ad-Aware
RP779: 07/07/2010 21:35:26 - Installed Windows Defender
RP780: 07/07/2010 21:45:17 - Installed Microsoft Fix it 50267

==== Installed Programs ======================


1300
1300_Help
1300Tour
1300Trb
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.2
AiO_Scan
AIOMinimal
AiOSoftware
Aiseesoft DVD to iPod Suite
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz DVD 2
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVI Codec Pack
AviSynth 2.5
BBC iPlayer Desktop
Bonjour
Bonusprint Photoservice
BroadJump Client Foundation
Click and Convert Device Driver
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
Digital Line Detect
Director
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DocProc
Doctor Who: The Adventure Games
eMusic Download Manager 4.1.1
ESPNMotion
Favorit
Fax
File Shredder 2.0
FLV Player 1.3.3
FM Modifier 2.21
Football Manager 2007
Football Manager 2008
Free Internet Window Washer
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HMRC Employer CD-ROM 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpmdtab
HPSystemDiagnostics
InstantShare
Intel® Matrix Storage Manager
Intel® PRO Network Connections
IrfanView (remove only)
iSproggler
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 15
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Karen's Replicator
Last.fm 1.5.4.24567
Linksys Wireless-G USB Network Adapter
Macromedia Dreamweaver 8
Macromedia Extension Manager
MadTracker 2
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.2.0
Memories Disc Creator 2.0
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Modem Helper
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need4 Software Launcher 6.2
Need4 Video Converter 6
Otto
Overland
PerfectDisk 10 Professional
PhotoGallery
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Road Angel UK
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SkinsHP1
SkinsHP2
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SopCast 3.2.4
SoulSeek Client 156c
TomTom HOME 2.6.4.1641
TomTom HOME Visual Studio Merge Modules
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
V Stuff Backup v1.0.0
VC80CRTRedist - 8.0.50727.4053
Video to iPod MP4 PSP 3GP Converter
Videora Xbox 360 Converter 5.03
Virgin Media Broadband Help
Virgin Media HUB 3.5.12
Virgin Media Security
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
YouTube Downloader App 2.03

==== Event Viewer Messages From Past Week ========

05/07/2010 21:52:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
05/07/2010 13:03:32, error: PSched [14103] - QoS [Adapter {0DE3198D-D1BB-42A5-8B5E-74598E46CB6F}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
03/07/2010 19:39:08, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 09 July 2010 - 02:47 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:56 AM

Posted 12 July 2010 - 03:16 AM

Hello, thefazza.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 thefazza

thefazza
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 14 July 2010 - 01:52 PM

Thanks for your reply.

I think I have already cleared the virus with help from some of the guides/posts on this website. I ran malware bytes ant-malware in safe mode and then run TDSSKiller.exe. Not had any popups from IE in the last few days and I can now access windows update.

Thank you for your help.



#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:56 AM

Posted 14 July 2010 - 07:59 PM

No problem smile.gif

Since this problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please send me a PM with the address of this thread. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users