Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me with a virus


  • Please log in to reply
No replies to this topic

#1 cutescream

cutescream

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 10 June 2011 - 02:03 AM

Hi, I'm so glad I found this forum because I really need help!

Basically an ad opened in Firefox, one of those "Alert! you're winner #1!" type flashing ads, and it installed something that redirects me to sites based on whatever I've searched for or just random sites like clocks.com... In my history it looks like this:

smokedturkey.com/?xurl=http://refresh-ccash.com/rAt1Jqoe6X5Qq6o8d2256ccb15b0fd241fde36687efdf85916x&xref=http://smokedturkey.com/default.pk?tsearch=low+glycemic&rid=fad1fd9da0e25ffb02aa2feab35592aed9ac18b8f1a04bd8dd33fc819663245b672cd48b341be4adc4d1ba07f543167c&s=Go


With a friend's help I got RKill installed (every time I came to this site the virus redirected me). It finds this:

Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\grpconv.exe


Also my (useless) anti-virus program keeps alerting me of a program trying to run in my temp folder like this:

C:\WINDOWS\Temp\mqno\setup.exe

I keep blocking it but the warnings are still there, from a different random folder each time.


I've run Malware Bytes and SuperAntiSpyware. They find trojans and adware, I remove them, reboot and nothing changes.

Any help would be much appreciated! Thanks.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users