Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really Bad Stuff Going on With Computer


  • Please log in to reply
12 replies to this topic

#1 greenevansj

greenevansj

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 16 August 2012 - 06:01 PM

I was playing a Flash game with my son recently when I had about 30 little windows pop up as my Firefox closed. All of my icons were hidden and a fake Windows Virus Removal program began to run. I was able to delete the program, I think. But, my browser is hijacked. I can't use Firefox. I can't install programs. I have to paste every link into my IE address bar because of the hijacker. Without being able to install anything, I can't use Malware Bytes or anything to try to fix it.

Any help you guys could provide would be greatly appreciated. Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:57 PM

Posted 16 August 2012 - 06:19 PM

Boot into safemode with networking


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 16 August 2012 - 10:27 PM

Narenxp - Thanks so much for the help. I had one small problem in that I can't really get any applications to work, except for IE. The only one I was able to get working was the ESET Online Scanner. Sorry. I'm sure this will complicate things but, like I said... this seems like some really bad problem. Here are the results of the ESET scan:

C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\The Greens\AppData\Roaming\dwm.exe.vir a variant of Win32/Kryptik.QEE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\The Greens\AppData\Roaming\Microsoft\conhost.exe.vir a variant of Win32/Kryptik.QEE trojan cleaned by deleting - quarantined
C:\Users\The Greens\AppData\Local\Creative Tech\ffbzxbxr.dll Win32/Kryptik.AKGO.Gen trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\The Greens\AppData\Local\Temp\NODB600.tmp Win32/Kryptik.AKGO.Gen trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\The Greens\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4c8c57b8-1fc9b20b Java/Exploit.CVE-2012-1723.AP trojan deleted - quarantined
C:\Users\The Greens\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\20711efb-745a2ef9 multiple threats deleted - quarantined
C:\Users\The Greens\Downloads\ac3filter.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

#4 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 16 August 2012 - 11:32 PM

I tried to double click, right-click and open and also, right-click and run as administrator. But, I wasn't able to open either of the programs you had me download.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:57 PM

Posted 17 August 2012 - 05:01 AM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot click on REPAIR

Now run the other tools

Edited by narenxp, 17 August 2012 - 05:01 AM.


#6 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 17 August 2012 - 09:21 AM

I tried to run FIXTDSS from the download menu. It didn't work. I tried downloading it to the desktop and it still wouldn't work. I'm not able to run any new program that I put on my computer.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:57 PM

Posted 17 August 2012 - 09:26 AM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

#8 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 17 August 2012 - 09:42 AM

Alright, I was actually able to run this one! :) Here is the log:

ListParts by Farbar Version: 10-08-2012
Ran by The Greens (administrator) on 17-08-2012 at 08:41:05
Windows 7 (X64)
Running From: C:\Users\The Greens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZIHRET4
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 4056.36 MB
Available physical RAM: 3185.87 MB
Total Pagefile: 8110.87 MB
Available Pagefile: 7245.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.06 GB) (Free:229.09 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB
Partition 4 Primary 10 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:57 PM

Posted 17 August 2012 - 09:52 AM

Partition 4 Primary 10 MB 465 GB

Rootkit partition

Edited by narenxp, 17 August 2012 - 11:30 AM.


#10 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 17 August 2012 - 11:29 AM

No. Sorry, it still didn't work. I was able to copy it to c: and tried to run it the way that you said. But... nothing. :(

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:57 PM

Posted 17 August 2012 - 11:33 AM

Yes,i guessed it

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#12 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 17 August 2012 - 07:07 PM

Gotcha... thanks for the help!

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:57 PM

Posted 17 August 2012 - 07:17 PM

You're welcome

You didnot post the logs in your new topic(http://www.bleepingcomputer.com/forums/topic465493.html)

PLEASE POST THE LOGS AS INSTRUCTED HERE

http://www.bleepingcomputer.com/forums/topic34773.html






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users