Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

another I hear audio "congratulations you won" problem


  • Please log in to reply
9 replies to this topic

#1 sugarcane64

sugarcane64

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:04:09 AM

Posted 31 July 2010 - 11:29 PM

Just like someone else a few posts down, I keep hearing at various intervals "congratulations you won" audio, I read over the threads in that post and ran the MBR Check and this is what I get:




MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...





also I have been running rkill when I heard it thinking it was malware and this is the latest log from that:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as George on 07/31/2010 at 23:04:35.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\All Users\Application Data\LljfNiX5.exe
C:\Documents and Settings\All Users\Application Data\LljfNiX5.exe
C:\Documents and Settings\George\My Documents\spyware\virusscan\virus reports\rkill2.com


Rkill completed on 07/31/2010 at 23:04:44.

i have run malwarebytes and superantispyware but they havent removed it yet! As always, any help is greatly appreciated


any help, like always is greatly appreciated. Im running Windows XP.

BC AdBot (Login to Remove)

 


#2 sugarcane64

sugarcane64
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:04:09 AM

Posted 01 August 2010 - 01:25 AM

I also just received a pop up ad AND I did run the dds as in the general instructions so I have those 2 files when needed

#3 sugarcane64

sugarcane64
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:04:09 AM

Posted 01 August 2010 - 01:27 AM

the rkill file from this pop up was:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as George on 08/01/2010 at 1:21:43.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\All Users\Application Data\LljfNiX5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\George\My Documents\spyware\virusscan\virus reports\rkill2.com


Rkill completed on 08/01/2010 at 1:21:51.



the application data/LljfNiX5.exe error seems to be the most commom found in the rkill but nothing gets picked up on malware bytes or SAS scans

Edited by sugarcane64, 01 August 2010 - 05:26 PM.


#4 sugarcane64

sugarcane64
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:04:09 AM

Posted 01 August 2010 - 05:24 PM

still having various problems, pop up ads, audio, a few other misc problems

#5 sugarcane64

sugarcane64
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:04:09 AM

Posted 03 August 2010 - 02:37 AM

still need help

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 03 August 2010 - 06:58 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If 'Suspicious' objects are detected, Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 sugarcane64

sugarcane64
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:04:09 AM

Posted 03 August 2010 - 06:27 PM

my computer wont boot up today! It didnt start until around 10am today. It worked last night when I went to bed, but today nothing..........hopefully it isnt time to reformat again. Quietman, you helped me in January when i had to reformat.... Im going to try some of those previous helps you suggested last time.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 03 August 2010 - 10:17 PM

Are you referring to reformatting again or using some of the tools that were used when you posted for help in January.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 sugarcane64

sugarcane64
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:04:09 AM

Posted 04 August 2010 - 03:02 PM

quietman...... I think I still have a disk I tried to use to repair the boot sequence. you had recommended about 5 different options and I tried 2 of them OR I may just go ahead and reformat as its doing the same exact thing as the problem in January....it wont boot in normal mode and only gets about 13 lines down when I try to boot it in safe mode and in January when it did that, I couldnt fix it so I had to reformat...Im thinking i may just reformat again.
This problem started way different but ended in the same exact result, is that normal??? And I know we had been avoiding the music downloading sites and trying to be real careful. I cant really trace when or how I got this one, and the audio "congratulations you won" really confused me.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 04 August 2010 - 04:34 PM

Your decision as to what action to take should be made by reading and asking yourself the questions presented in the links I previously provided in January as to why many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. I cannot make that decision for you

And I cannot add any more to this Microsoft TechNet article: Help: I Got Hacked. Now What Do I Do?.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users