Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W.T.F. Computer may be posessed by satan


  • Please log in to reply
11 replies to this topic

#1 poly510

poly510

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 08 October 2010 - 08:08 PM

I am running Windows XP and use Mozilla for my primary web browser. Now it opens new tabs when it feels like it, and goes to random ads. It also doesn't open up at all after I set my computer to sleep and then bring it back awake. I am running the latest malwarebytes and super anti spyware, but it hasn't done anything to it. Please help me rid my computer of this demon. Thanks for any help!

BC AdBot (Login to Remove)

 


#2 poly510

poly510
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2010 - 02:34 AM

Bump. Can anyone help me? Its getting more frequent and more annoying. Thanks!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 10 October 2010 - 02:53 AM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 poly510

poly510
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2010 - 05:18 PM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller


Thanks. I did what the instructions said, but I am still having problems. I still get redirected, my internet is wayyyyyy slow, and every time I turn my computer on i get a "windows has experienced a problem and must..." so I click OK, and the screen goes blank except for the background, and then it all comes back a few seconds later. Any ideas?

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 10 October 2010 - 05:20 PM

Run a scan with Malwarebytes in Normal Mode and a scan with SUPERAntiSpyware in Safe Mode and post both logs.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 poly510

poly510
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2010 - 05:23 PM

Sorry, I forgot to mention that when I ran tdss, it DID remove an infected file.

Ill run those both now

#7 poly510

poly510
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2010 - 07:04 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/10/2010 at 03:44 PM

Application Version : 4.43.1000

Core Rules Database Version : 5663
Trace Rules Database Version: 3475

Scan type : Complete Scan
Total Scan Time : 00:19:30

Memory items scanned : 270
Memory threats detected : 0
Registry items scanned : 6644
Registry threats detected : 1
File items scanned : 15494
File threats detected : 5

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
.doubleclick.net [ C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iuf6sjo8.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iuf6sjo8.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iuf6sjo8.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iuf6sjo8.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iuf6sjo8.default\cookies.sqlite ]


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4791

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/10/2010 4:38:41 PM
mbam-log-2010-10-10 (16-38-41).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 190313
Time elapsed: 35 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 10 October 2010 - 07:09 PM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 poly510

poly510
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2010 - 08:13 PM

C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EB trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Chris\Application Data\444.bat Win32/Adware.FakeAntiSpy.G application cleaned by deleting - quarantined
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\17\48173611-537fd869 multiple threats deleted - quarantined
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\2\1849c402-1b13335f multiple threats deleted - quarantined
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\27\48c654db-238a1d37 probably a variant of Win32/Agent.HRYTTOE trojan deleted - quarantined
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\35\4e220c63-746d1e2c a variant of Java/Rowindal.A trojan deleted - quarantined
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\43\6cbe7fab-4d626201 probably a variant of Win32/Agent.FPEXZHL trojan deleted - quarantined
C:\Documents and Settings\Chris\Local Settings\Temp\exe.exe Win32/TrojanDownloader.Agent.QBX trojan cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\98S1QRIA\pgka[1].jar a variant of Java/TrojanDownloader.Agent.NAL trojan deleted - quarantined
C:\WINDOWS\enuqotiwuvu.dll a variant of Win32/Cimag.CK trojan cleaned by deleting - quarantined
C:\WINDOWS\explorer.exe Win32/Bamital.EC trojan unable to clean
C:\WINDOWS\system32\winlogon.exe Win32/Bamital.EC trojan unable to clean
C:\WINDOWS\system32\dllcache\explorer.exe Win32/Bamital.EC trojan deleted - quarantined
C:\WINDOWS\system32\dllcache\winlogon.exe Win32/Bamital.EC trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache1245132745408524602.tmp multiple threats deleted - quarantined
C:\WINDOWS\Temp\jar_cache6605111292471788458.tmp probably a variant of Win32/Agent.NXHSWPF trojan deleted - quarantined
C:\WINDOWS\Temp\ZWU14E.tmp\upgrade.exe multiple threats deleted - quarantined
C:\WINDOWS\Temp\ZWU2.tmp\upgrade.exe multiple threats deleted - quarantined
C:\WINDOWS\Temp\ZWU2E.tmp\upgrade.exe multiple threats deleted - quarantined
C:\WINDOWS\Temp\ZWU405.tmp\upgrade.exe multiple threats deleted - quarantined
C:\WINDOWS\Temp\ZWU707.tmp\upgrade.exe multiple threats deleted - quarantined
C:\WINDOWS\Temp\ZWUC3.tmp\upgrade.exe multiple threats deleted - quarantined
C:\WINDOWS\Temp\ZWUF7.tmp\upgrade.exe multiple threats deleted - quarantined
Operating memory Win32/Bamital.EC trojan

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 10 October 2010 - 08:32 PM

Please run the ESET OnlineScan again and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 poly510

poly510
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 11 October 2010 - 09:54 AM

I ran the scan, and my computer crashed. It gives me a blue screen with some error message in white at the top. I can not reboot in safe mode+prompts or safe mode+networking. I think I am just going to get my stuff off the hard drive, and reformat my computer.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 11 October 2010 - 04:34 PM

I think reformatting might be a wise option but let me know if you need any more assistance.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users