Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups, can't get to windows update, ie and firefox get redirected


  • This topic is locked This topic is locked
11 replies to this topic

#1 spineblaZe

spineblaZe

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 22 July 2010 - 01:40 AM

I've run mal-warebytes, spybot search and destroy, and the eset online scanner, and the problem is still there.

I think the most telling thing is that i can't get to windows update, but i'm not sure. google searches are redirected, particularlily when searching for virus help (go figure).

here are my dds.txt and gmer text files.

Thanks in advance for your help!
-Erik

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:21 AM

Posted 28 July 2010 - 03:46 PM

Hi spineblaZe, and welcome to Bleeping Computer.

Do you still need help??.. Tell me what problem remains... Post the fresh DDS logfile...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 spineblaZe

spineblaZe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 28 July 2010 - 05:45 PM

Yes, I still have the exact problems listed in the original post. The computer hasn't been used since I made the post, do I still need a fresh DDS file?


Thanks for your help! :D





edit, here's the new dds.txt

Attached Files


Edited by spineblaZe, 29 July 2010 - 10:15 AM.


#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:21 AM

Posted 29 July 2010 - 12:08 PM

Hi again spineblaZe!!.. smile.gif

QUOTE(spineblaZe @ Jul 29 2010, 12:45 AM) View Post
Do I still need a fresh DDS file?

No harm running & posting... smile.gif

Please do the following:

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 spineblaZe

spineblaZe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 30 July 2010 - 09:21 PM

The pop ups and redirects seem to be gone (thanks!) but I still can't access windowsupdate.microsoft.com in IE or Firefox.

I am not at home right now, I couldn't get a reply to workl there for some reason. I will post my combofix log when i get back there.

Edited by spineblaZe, 30 July 2010 - 09:24 PM.


#6 spineblaZe

spineblaZe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 31 July 2010 - 01:19 PM

Here's the log

Attached Files

  • Attached File  log.txt   16.44KB   2 downloads


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:21 AM

Posted 01 August 2010 - 03:56 PM

Hi again spineblaZe!!.. smile.gif

Good to see the main problem is gone... Regarding the Windows Update access problem... When checking for updates or accessing the site - do you get an error (what is the number?) of some sort??..


If you do not recognise that file, delete it:
C:\LUO.bat

At this moment you doesn't seem to have antivirus software installed...
Without an AV, you have no protection and risk being quickly re-infected... Please install an antivirus program of your choice, run a full system scan with it, and post a log (if possible)... You may want to install one of the antivirus applications I recommend on my site: link

After installing an antivirus and performing a scan with it:

Make sure you've disabled emulation software with DeFogger:

Please download DeFogger to your Desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Go to Start --> Run --> write cmd and click OK...

In the command prompt write (or copy and right-click paste) this command in bold (and click Enter):


mbr -t > c:\logmbr.txt


Exit the Command prompt... A logfile should be created, post the contents of c:\logmbr.txt in your reply...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 spineblaZe

spineblaZe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 02 August 2010 - 11:03 AM

I ran defogger, did a newMalwarebytes scan, it found some stuff and i removed it, rebooted, left my computer for about an hour, came back and Antivir Solution Pro had installed itself on my computer, so I guess the problem isn't gone. I'll try get rid of that when I get home from work today and then I'll post my results.

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:21 AM

Posted 02 August 2010 - 12:40 PM

Hi again spineblaZe!!.. smile.gif

QUOTE(spineblaZe @ Aug 2 2010, 06:03 PM) View Post
I ran defogger, did a newMalwarebytes scan, it found some stuff and i removed it, rebooted

Have you installed any antivirus software as I recommended in my last post??..
This is very important... Also, please note that MalwareBytes' Anti-Malware is not an antivirus program - even with MBAM running in resident mode, you need a full AV...

QUOTE
left my computer for about an hour, came back and Antivir Solution Pro had installed itself on my computer, so I guess the problem isn't gone. I'll try get rid of that when I get home from work today and then I'll post my results.

Hmmm, may be an effect of an infection still residing on your computer...
Do you have a c:\logmbr.txt log from prior to getting reinfected??..

I'll need two logs now to have a full view:

- run a new scan with updated MalwareBytes' Anti-Malware...
- delete your current copy of ComboFix (just delete a file from your Desktop), then download a new copy and run a scan as instructed in the guide: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

If you run any scans on your own, I need to know that... Keep me updated...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 spineblaZe

spineblaZe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 04 August 2010 - 06:50 PM

Sorry for the late response, I haven't been home much.

To get rid of Antivir Solution Pro, I booted into safe mode and updated and ran MalwareBytes' Anti-Malware. I rebooted into safe mode a couple times running that scan, along with the ESET online scanner in safe mode. Several things were removed.

Then, staying in safe mode again, I re-downloaded and ran combofix again, each time booting into safe mode when combofix restarted the computer. Finally, I ran spybot search and destroy as well.


I'm back in windows, and the pop-ups are gone again, and i can FINALLY get to windows update, which downloaded some new security fixes.

I think everything is working properly now, what log should I post to double check?

thanks again for your help, I really appreciate it!


#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:21 AM

Posted 05 August 2010 - 01:39 PM

Hi again spineblaZe!!.. smile.gif

QUOTE(spineblaZe @ Aug 5 2010, 01:50 AM) View Post
Sorry for the late response, I haven't been home much.

No problem at all!!..

QUOTE
I think everything is working properly now, what log should I post to double check?

Well, without logs I cannot do much - I'm pretty blind, and I cannot provide a good help to you... You say that everything should be ok now, but I have no logs to confirm that...

If possible, I'd like to see all logs from your "battle" - that way I'll be able to give you further instructions... This includes:
- MalwareBytes' Anti-Malware logfile...
- ComboFix logs...

Preferably to be attached or uploaded to my site: Upload a log smile.gif
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:21 AM

Posted 23 August 2010 - 11:44 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users