Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So frustrated! Not sure what I have. Please help me :(


  • Please log in to reply
26 replies to this topic

#1 Aubriella504

Aubriella504

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 09:56 AM

Hi guys!!! I was on novmov last night and during a show I was watching, these annoying Lysol and AirWick advertisement ads kept playing. There was no ad displayed on the computer. I closed out of IE, and the ads were playing in the background. I tried googling what it could be and there were so many viruses it could be: vundo, black internet, routing.exe, perf.exe, iexplore.exe. I was looking around here and tried to run a hijackthis log (even though I have no clue what it's for) and was told "For some reason your system denied write access to the hosts file. If any hijacked domains are in this file, hijackthis may NOT be able to fix this". I've scanned with Norton, AVG, McAfee, Malwarebytes and the results for all says that no threat was found.

I'm so confused and just want to cry, I have no clue what virus is on my computer or what to do. I really don't want to restore my computer. Can someone please help me? :thumbsup:

Edited by Aubriella504, 27 October 2010 - 10:01 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:21 PM

Posted 27 October 2010 - 10:05 AM

What version of Windows are you running?

#3 Aubriella504

Aubriella504
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 10:07 AM

I am running Windows 6.0 with Vista.

Edited by Aubriella504, 27 October 2010 - 10:08 AM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:21 PM

Posted 27 October 2010 - 10:12 AM

Can you bring up my computer then open the c drive and navigate to the following:

c:\windows\system32\drivers\etc

Open up the HOSTS File then copy and paste the contents in your next reply.

#5 Aubriella504

Aubriella504
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 10:31 AM

I went to c:\windows\system32\drivers\etc and I found hosts. It asked me to choose which program I want to open the file. Am I in the correct location?

I am sorry if I might sound like a pain, I'm just such a newbie to this. :thumbsup:

#6 Aubriella504

Aubriella504
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 10:46 AM

I decided to open it with notepad, this is what came up:

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:21 PM

Posted 27 October 2010 - 11:30 AM

Your hosts file is fine. When you ran those scans did you make sure those products were updated?

#8 Aubriella504

Aubriella504
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 11:32 AM

Yes, I did an update on each product before I did the scans to make sure they were up to date.

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:21 PM

Posted 27 October 2010 - 11:37 AM

Can you post the logs from those scans?

#10 Aubriella504

Aubriella504
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 11:55 AM

From Malware bytes:

Malwarebytes' Anti-Malware 1.44
Database version: 3822
Windows 6.0.6000
Internet Explorer 7.0.6000.17037

10/27/2010 8:22:05 AM
mbam-log-2010-10-27 (08-22-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 291004
Time elapsed: 2 hour(s), 24 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



From AVG:

"Scan ""Whole computer scan"" completed."
"No infection was found during this scan"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"Wednesday, October 27, 2010, 2:31:57 AM"
"Scan finished:";"Wednesday, October 27, 2010, 3:56:25 AM (1 hour(s) 24 minute(s) 28 second(s))"
"Total object scanned:";"1414336"
"User who launched the scan:";"Aubri"


The scan for Norton isn't available because I had to uninstall it to run AVG.

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:21 PM

Posted 27 October 2010 - 12:02 PM

Have the advertisements reappeared?

#12 Aubriella504

Aubriella504
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 12:08 PM

Yes, they actually started a few minutes ago. They stopped for about an hour, now they are back. Last night, it was for Lysol and Airwick ads, now a new one has popped up saying "congradulations, you win". So, all together there are 5 ads that constantly loop.

#13 Aubriella504

Aubriella504
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 12:52 PM

I went into c:\windows\system32\drivers to find anything that was added or changed at or around the time I was watching the show on novamov. This is what I found, and it is at the exact time I was on that website.


Name: perfc009.dat
Date Modified: 10/26/2010 11:58
Type: DAT File
Size: 102 KB

Name: perfh009.dat
Date Modified: 10/26/2010 11:58
Type: DAT File
Size: 604 KB

Name: PerfStringBackup.INI
Date Modified: 10/26/2010 11:58
Type: Configuration Settings
Size: 701 KB

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:21 PM

Posted 27 October 2010 - 01:25 PM

What sites were you visiting when they popped up?

#15 Aubriella504

Aubriella504
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 October 2010 - 01:42 PM

I was streaming a show from novamov.com, there was a lysol ad on the screen and it was constantly looping, but it did show on the screen. Halfway through the show a notification came up and told me my computer was in danger and to click OK to fix it. I know to never click on that notification, so I didn't hit OK or Cancel. I went to my task manager and closed it out through there. As soon as internet explorer shut down, the same lysol ad began playing. Only this time it was other ads included with it, Air Wick, Paris Hilton perfume.

As I'm typing this, the ads have stopeed and its rock music playing for about 15 seconds then it cuts off. Then about 5 minutes later a clown laugh starts.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users