Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of this adware(?) on my own...


  • Please log in to reply
1 reply to this topic

#1 Solaris Paradox

Solaris Paradox

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 26 October 2010 - 12:03 PM

Right, so I'm using Windows XP Home Edition, and the other day, was browsing the good ol' Internets, minding my own business, when out of nowhere I get suckerpunched by some rogue antimalware thing called Antimalware Doctor. After a number of attempts to get rid of it (I got a whole mess of files associated with the thing using Malwarebytes, but the thing was still giving me problems), I tried a System Restore and by all appearances, Antimalware Doctor is now completely gone--but there's something else on this thing now, and nothing I've done so far has managed to get rid of it (Spybot: Search & Destroy and McAfee have both turned up nothing). I may have picked something up while searching for a way to get rid of Antimalware Doctor.

The symptoms I've noticed are:
- Clicking on Google searches redirects me to some random search thing. (Copy/pasting the links into my URL bar leads me to the search result I was trying to get to.)
- My taskbar sometimes randomly switches from the blue-and-green XP look to the gray "classic" look, or vice-versa.
- Computer starts to become obscenely slow when in use for a fairly extended period; simply rebooting it gets it to run normally again.
- Ads pop up in new tabs, usually when I first open my browser (Mozilla Firefox). "Ads" include the obvious "you've won something" scams and the obvious "you have threats on your computer download this registry cleaner gizmo" scams. Actually, from what attention I've been paying to them, those might be the only varieties the ads come in.
- Keep getting this "there has been an error and this program needs to close" message for... what was it, "Gene..." @#$%, speak of the devil, I am not kidding, it just now popped up as I'm typing this. "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." And then there's the "send error report" thing that pops up for anything and everything that crashes on this computer. (Wow, that was... convenient.)
- Sometimes, when I start Windows, nothing starts--I just get to stare at my wallpaper and mouse cursor for a while. I can still CTR+ALT+DEL to get Task Manager up, and from there reboot the computer (usually gets things going again), but none of my icons or anything appears on-screen.

Now, this isn't a terribly huge issue for me as I intend to invest in a much better computer in the coming months as it is, but it'd be really cool if I could have this computer cleaned up and ready to go so I can pass it on to my little brother or something when I get my new one. Any help would be appreciated.

EDIT: Since initial posting, I have run a full scan with Malwarebytes' Anti-Malware. There are actually two logs to post for this, as my initial scan had to be cut short almost as soon as it began, but caught a few things nonetheless.

Despite the notable number of items caught by this scan, both the fake "you have threats on your computer" ad and the error message mentioned above have appeared since rebooting my computer.

Here are the logs--first, the initial scan that I had to abort, and second, the scan that was allowed to run its course:

---
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4953

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/26/2010 1:35:27 PM
mbam-log-2010-10-26 (13-35-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 13956
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\eciese.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xjuvu (Trojan.Hiloti) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\eciese.dll (Trojan.Hiloti) -> Delete on reboot.
---
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4953

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/26/2010 5:05:59 PM
mbam-log-2010-10-26 (17-05-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 248834
Time elapsed: 2 hour(s), 7 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\WSTB\upd8.0.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lewis Medeiros\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lewis Medeiros\Local Settings\Temp\ccuddji.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lewis Medeiros\Local Settings\Temp\orrm.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lewis Medeiros\Local Settings\Temporary Internet Files\Content.IE5\AOOPBXBS\xbsnusnvp[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lewis Medeiros\Local Settings\Temporary Internet Files\Content.IE5\AOOPBXBS\erztbwqyg[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lewis Medeiros\Local Settings\Temporary Internet Files\Content.IE5\X0CM80SP\tkbvqkfdls[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lewis Medeiros\Local Settings\Temporary Internet Files\Content.IE5\Z2AB4G00\rhlgoidbwq[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by Solaris Paradox, 26 October 2010 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:57 AM

Posted 29 October 2010 - 10:55 AM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users