Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something really bad is going on with my laptop...


  • This topic is locked This topic is locked
49 replies to this topic

#1 greenevansj

greenevansj

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 August 2012 - 07:09 PM

I was playing a Flash game with my son recently when I had about 30 little windows pop up as my Firefox closed. All of my icons were hidden and a fake Windows Virus Removal program began to run. I was able to delete the program, I think. But, my browser is hijacked. I can't use Firefox. I can't install programs. I have to paste every link into my IE address bar because of the hijacker. Without being able to install anything, I can't use Malware Bytes or anything to try to fix it.

Any help you guys could provide would be greatly appreciated. I tried to get help on the "Do I Have a Virus" board but, I was told this is a more advanced problems. I tried to run several programs that were recommended to fix it and wasn't able to run anything. Here is a link to my original post.

http://www.bleepingcomputer.com/forums/topic465493.html/page__gopid__2809400#entry2809400

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 18 August 2012 - 01:13 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 August 2012 - 11:23 AM

Gringo - Thanks for helping me. I am on my way to the stroe to get a USB drive. I will post the picture as soon as I can. It will definitely be today. Thanks again!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 18 August 2012 - 11:53 AM

I will be waiting for you
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 August 2012 - 02:23 PM

Gringo - I wasn't able to mount all of the drives. I have 4 SDA's and the SDB. SDA4 would not mount. I double clicked it, which didn't work. I also clicked the mount button once the program opened. It wouldn't work either. I got a red error message saying that it couldn't mount. Here is the screenshot your requested.

Attached File  screenshot1.jpg   124.89KB   10 downloads

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 18 August 2012 - 02:42 PM

Greetings

it is going to take aliitle bit of work but here is what i want you to do

I want you to boot back into GParted right click on the first partition (sda1) and select "Manage flages" then I want you to choose "boot"

Exit out of GParted saving as you leave

Report back to me

Note** If the computer does not boot into windows after you have changed the "Boot Flag" to SDA1 then do the same thing for SDA2

if it still will not boot after changing it to sda2 then do it for SDA3

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 August 2012 - 03:41 PM

Gringo - I really hope I'm not doing anything wrong but, when I right-clicked on all 3, I couldn't find anything that said "Manage Flages". Once I mounted the drives, I did see one folder in SDA2 that is named Boot... if that helps anything. Sorry. I hope I'm not making this harder on you than it needs to be. Here is a picture of the SDA2 folders.

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 18 August 2012 - 04:01 PM

For x64 bit systems please download Listparts64
and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 August 2012 - 05:54 PM

Sorry to make this even more complicated Gringo but, I just tried to do the Reapair Your Computer thing. It starts loading and just gets stuck there. I let it go for about an hour and it never went into the "Reapir Computer" mode.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 18 August 2012 - 06:20 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 August 2012 - 06:23 PM

I can't run much of anything that I download. Would it work if I downloaded it to my USB stick and then ran it?

#12 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 August 2012 - 06:24 PM

Nevermind... I tried it straight off of the USB Stick and it still didn't work.

#13 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 19 August 2012 - 02:20 PM

Bump. You there Gringo? :)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 19 August 2012 - 02:41 PM

Greetings


It has been less than 24 hours, you need to give me a little bit of a break, I have tried 4 different tools and can't get them to run for what ever reason.

I am researching what we can do but I have a job and need to sleep also I am working on it but it will take me a little time



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 greenevansj

greenevansj
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 19 August 2012 - 03:50 PM

That doesn't sound very good. It figures that I would be the one person to get some kind of crazy virus nobody can figure out. :) I'll be here waiting. Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users