Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pum.Hijack.Startmenu Infection--Filled Harddrive


  • This topic is locked This topic is locked
6 replies to this topic

#1 climburr

climburr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 09 May 2013 - 02:46 AM

Hi, I noticed my harddrive was filling up uncontrollably yesterday. I ran Malware Bytes and it detected Pum.Hijack.Startmenu which I "fixed" in malwarebytes. As you know it doesn't fix it but I'm not sure where to go next. I ran Avast as well which came up with nothing. I am trying to download security check but my harddrive is so full I cannot even if I delete things. Not sure what to do. Thanks so much!

 

Edit: I am running Win XP Home SP3


Edited by climburr, 09 May 2013 - 02:52 AM.


BC AdBot (Login to Remove)

 


#2 climburr

climburr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 09 May 2013 - 01:59 PM

MBAM Log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.05.08.04
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ann Funkhouser :: BOBBY [administrator]
 
5/9/2013 4:05:11 AM
mbam-log-2013-05-09 (04-05-11).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302068
Time elapsed: 2 hour(s), 14 minute(s), 11 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:32 AM

Posted 09 May 2013 - 02:15 PM

Hello, please also do this, it doesn't need much space.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 climburr

climburr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 10 May 2013 - 12:22 PM

Hi,

I disabled my antivirus but am still faced with the "Can not get update. Is proxy configured?" When I try to install essetsmartinstaller_enu.exe. On IE the site doesn't recognize that I clicked Accept Terms. 

 

I managed to download both aswMBR and TDSKiller. I ran aswMBR and the log follows. Seems two things are suspicious. Thanks for your help. The amount of available space on my harddrive fluctuates from 500KB up to a few MBS up to about 18 at the HIGHEST. I got those two programs a few days ago while reading about PUM.Hijack.Startmenu on other threads. haven't run TDS yet. 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-10 03:58:29
-----------------------------
03:58:29.546    OS Version: Windows 5.1.2600 Service Pack 3
03:58:29.546    Number of processors: 2 586 0x1C02
03:58:29.546    ComputerName: BOBBY  UserName: 
03:58:46.828    Initialize success
03:59:33.859    AVAST engine defs: 13050702
04:07:55.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
04:07:55.859    Disk 0 Vendor: SAMSUNG_HS082HB NL100-04 Size: 76319MB BusType: 3
04:07:56.000    Disk 0 MBR read successfully
04:07:56.015    Disk 0 MBR scan
04:07:56.078    Disk 0 unknown MBR code
04:07:56.093    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63
04:07:56.125    Disk 0 scanning sectors +156280320
04:07:56.250    Disk 0 scanning C:\WINDOWS\system32\drivers
04:08:50.015    Service scanning
04:11:54.953    Modules scanning
04:13:17.421    Module: C:\WINDOWS\System32\drivers\dxgthk.sys  **SUSPICIOUS**
04:13:44.734    Module: C:\WINDOWS\system32\ntdll.dll  **SUSPICIOUS**
04:13:44.781    Disk 0 trace - called modules:
04:13:44.859    ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys ACPI.sys hal.dll atapi.sys pciide.sys 
04:13:44.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d0eab8]
04:13:44.921    3 CLASSPNP.SYS[f75e8fd7] -> nt!IofCallDriver -> [0x86d7cbb0]
04:13:44.953    5 SahdIa32.sys[f7609939] -> nt!IofCallDriver -> \Device\0000006b[0x86d0f9e8]
04:13:44.984    7 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d60940]
04:13:59.250    AVAST engine scan C:\WINDOWS
04:14:29.125    AVAST engine scan C:\WINDOWS\system32
04:17:50.906    AVAST engine scan C:\WINDOWS\system32\drivers
04:18:10.203    AVAST engine scan C:\Documents and Settings\Ann Funkhouser
04:44:20.609    AVAST engine scan C:\Documents and Settings\All Users
04:46:03.078    Scan finished successfully
13:04:28.859    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ann Funkhouser\Desktop\MBR.dat"
13:04:29.031    The log file has been saved successfully to "C:\Documents and Settings\Ann Funkhouser\Desktop\aswMBR.txt"


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:32 AM

Posted 10 May 2013 - 01:03 PM

Can you run DDS from this guide. Step 6

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

Then do step 7?

 

Include this link back here.

 

Let me know if that went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 climburr

climburr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 May 2013 - 02:15 PM

Did it and posted a new one. Thanks!

 

Link Here:

http://www.bleepingcomputer.com/forums/t/494335/pumhijackstartmenu-infection-filled-harddrive-maybe-more/



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:32 AM

Posted 13 May 2013 - 07:33 PM

Thank you!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users