Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Congratulations You've Won" audio + pop-ups


  • Please log in to reply
4 replies to this topic

#1 Matt_B_1967

Matt_B_1967

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 28 July 2010 - 08:19 AM

As of last night, my PC started exhibiting abnormal behavior so I started scouring the 'net which lead me to this fine site. After reading some posts that described similar symptoms (see below) and I tried some basic checks and fixes (also listed below.

Symptoms
Random audio files are playing when no browser (or other user initiated audio application) is open:

- Congratulations You've Won!
- a commercial for a bank
- commercials in German
- frequent mouse clicking sounds (I do not have any audio assigned to mouse actions)


as well as random pops when no browser is open:

- Someone you know in Noblesville took an IQ test"
- Message from web page - Think first! Click CANCEL on the next page to receive a new gift card option. Your free $500 gift card is yours by filling out our 5 min. internet survey.


Task Manager does not indicate that any instances of a browser are active.

System Stats

- The latest version of Norton Internet Security with Live Update enabled and default security settings.
- Firefox 3.68 (only updated last night from previous version)
- Internet Explorer 8.0.6001.18702
- Java version 6 update 21 (only updated last night from update 17)
- Windows XP SP3

Completed Scans
I ran a complete scan with Norton Internet Security which found zero threats.

Last night I installed SUPERAntiSpyware Free Edition, ran a complete scan with in Safe Mode and the only threats indicated were 11 tracking cookies which I had removed (I did retain the log file).

I also installed I Malware Bytes Anti-Malware, ran a complete scan with which showed zero infections. I also retained the log file from this scan.

I ran Hijack This and nothing in the log seemed out of the ordinary.

Finally, I'm running a scan with ESET Online Scanner but it will not be complete before I leave for work. That said, after completely scanning my C drive and part of my other drive, it found zero infected files. I'll run it again overnight if needed.

Recent Notable Activity
Norton Internet Security has notified me twice of an attempted attacks from cinbonto.com, specifically cinbonto.com/75632jz64h23/tmp/des.jar so the infection appears to be Java based.

The only programs I have installed in the past week (besides the ones mentioned above) were a game (City of Heroes) and misc. utility for the game (Hero Stats).

Thank you in advance for your help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 AM

Posted 28 July 2010 - 02:30 PM

Hello,this is a Bootkit Rootkit.
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Matt_B_1967

Matt_B_1967
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 28 July 2010 - 02:45 PM

Thank you for the reply boopme. I will follow your instructions to the letter.

#4 Matt_B_1967

Matt_B_1967
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 28 July 2010 - 03:46 PM

After discussing my situation with our companies IT staff (whom I trust) and reading up on this type of virus, it seems like the safest course of action would be to do a reformat and reinstall of the OS. Considering how stealthy this type of virus can be, I don't know if it's wise to even take a chance that it wasn't removed.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:46 AM

Posted 28 July 2010 - 10:25 PM

Hello,

Thank you for posting back. I think you would be wise to follow what your IT dept. recommends in this instance. You don't want to risk sensitive or confidential information.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users