Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Random Restarts,Browser Getting Redirected

  • Please log in to reply
1 reply to this topic

#1 Xaya


  • Members
  • 1 posts
  • Gender:Female
  • Location:West Coast
  • Local time:10:50 AM

Posted 04 March 2011 - 07:30 PM

It has been a frustrating couple of days while I tried to tackle this myself.I realize I need help please!

I am running Windows XP. (Only today did I upgrade it to SP3)

I use Firefox exclusively but other people in my family occasionally use IE.

I was using AVG(free) but yesterday during all my issues a friend encouraged me to switch to MSE.I did that.AVG had found no infections, MSE found one and quarentined it.

A few days ago we started getting pop ups from "Just-in-Time" Debugger. It would not go away. I Googled it and learned how to turn off debugging, of course this didn't help at all.Then yesterday FF would start opening a new tab with some audio that would start congratulating me for winning a new ipod or whatever.As this became more frequent I got concerned and started running scans.First AVG, then Malwarebytes...they never found anything crucial.I updated and ran Spybot.. I happened to watch it for a minute while it was working and saw files go by with the name "virtumonde" in them. I recognized the name because I have had that virus before and it was not pretty. I did a search of my files for virtumonde and nothing showed up. I ran Registry Fix as well.

I deleted AVG and downloaded MSE. It scanned for FOUR HOURS!!! and found one virus.( Java/CE-2010-0840.aj )which it healed. No sign of Virtumunde.

Today I ran Malwarebytes,Spybot and MSE again as well as HitmanPro... nothing serious was found by any of them but my machine is not acting right. It has randomly restarted a few times today. Once a new window opened in FF and a couple times I have been rick rolled when trying to do some research on what I can do to fix my problems(Yesterday I got rick rolled almost EVERY time I tried to click on a link looking for help, to the same site every time prompting me to "click here" to get the program to clean Virtumonde from my computer.I had to alt,cntrl,delete my way out).When my computer does restart it asks me what mode I want to start in, this is not normal.( Regular WindowsXP or recovery mode are my two options)

I have used HighjackThis to get a log and have that saved.

I also used Registry Fix to clean up my start up programs, some of those were blank and showed no names, so I clicked them off as well and only left a few of the things I really wanted.

I live in a rural area and because of that have limited amount of bandwidth per month from my gimpy little backwoods isp. Today is March 4th and I am already 3gigs in and no one in my house is doing any major downloading or gaming or streaming of any kind.This seems really extreme to me and I'm wondering if this virus is causing it.

I think that is all the info I can give from memory. I really do appreciate any advice I can get here. I know I am likely looking at having to do the dreaded reformat but am sure hoping there may be another solution.

Thank you so much for taking the time to read through all of my babbling.


*edit* I forgot to mention I could not get IE to open AND also windows firewall kept shutting it's self off yesterday too.

Edited by Xaya, 04 March 2011 - 07:56 PM.

BC AdBot (Login to Remove)


#2 Blade


    Strong in the Bleepforce

  • Site Admin
  • 12,796 posts
  • Gender:Male
  • Location:US
  • Local time:01:50 PM

Posted 09 March 2011 - 02:02 PM


Let's try running Malwarebytes this way.

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply


  • Make sure you are connected to the Internet.
  • Launch Malwarebytes' Anti-Malware
  • Click on the Update tab and click the button Check for Updates
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

In your next reply, please include the following:
Malwarebytes Log

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users