Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Maladvertising Hijack / Virus / Malware PC

  • This topic is locked This topic is locked
3 replies to this topic

#1 tiredoftrying


  • Members
  • 17 posts
  • Local time:12:54 AM

Posted 01 April 2011 - 06:22 AM

I am currently having multiple problems on a PC and a laptop. Have posted separately on laptop. This deals with the PC

Again problems started from Spotify maladvertising.

I have not managed to run either a dds or GMER log - the PC doesn't want to run the script - just opens in notebook, and when I have run GMER it crashes with a fatal error screen.

I have had various AV programs scanning but have not been able to get online to update them to latest definitions

Malewarebytes found Rogue.Fake.HDD
AVG found Luhe.Exploit.PDF.E
RKill kept stopping sCRrtwxnjAgI.exe and 18276148.exe. - 18276148 registered with MB for rogue.fake HDD but kept coming back so eventually I deleted both files manually and my Windowsrecovery problem went away.
AVG still found Luhe exploit
Symantec auotprotect keeps finding and quarentining something it call Bloodhound W32.1
AVG finds Win32/Zbot.G
Malewarebytes found Hijack.startmenuinternet and trojan Fakealert
This morning AVG has found Win32.lebag.ahb then lots of recurring Win32/Zbot.G

When I have managed to get online I have experienced the google link redirect. The machine runs very slow or refuses to run.

Should I just give up and throw it away? I don't want to and can't afford to!

BC AdBot (Login to Remove)


#2 oneof4


  • Malware Response Team
  • 3,779 posts
  • Gender:Male
  • Location:The Collective
  • Local time:07:54 PM

Posted 06 April 2011 - 07:19 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the RKUnhooker anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run RKUnhooker and you may skip this step.

Why we request you disable CD Emulation when receiving Malware Removal Advice

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
    Copy the entire contents of the report and paste it in a reply here.
Note** You may get this warning:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Just ignore it, click Cancel, then Accept. :thumbup2:

Best Regards,

#3 tiredoftrying

  • Topic Starter

  • Members
  • 17 posts
  • Local time:12:54 AM

Posted 07 April 2011 - 02:54 AM

Thanks for coming back to me oneof4

I have managed to resolve this problem - or rather someone has managed to do it for me - apparently I had two rootkits.

My other problems with my laptop are another story, but they are being dealt with in another thread!

Thanks again for your reply, you can close this down

#4 Casey_boy


    Bleeping physicist

  • Malware Response Team
  • 7,765 posts
  • Gender:Male
  • Location:UK
  • Local time:11:54 PM

Posted 07 April 2011 - 08:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users