Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

View + Track Downloads PopUps W/ Virus infection


  • This topic is locked This topic is locked
6 replies to this topic

#1 theblackyak

theblackyak

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 29 May 2013 - 09:12 PM

Hello:

My neighbor fell for one of those dandy fake security sweeps and has PC Mighty Max 2012 File Extension Repair popups when he logs on.  I COULD get rid of it if I could get anywhere, however, these View Download Manager and View and Track Your Downloads popups arrive for every single thing I try to do.  Everything.  The Control Panel, the C Prompt, everything asks if I want to run or save the program.  Any key you touch brings up the pop up.  Safe Mode doesn't help.  What do I do?

 

It is connected to IE, it seems, but even Safe Mode without Networking yields the same results.

Any ideas?

 

Thank you so much,

S.


Edited by hamluis, 30 May 2013 - 12:16 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 theblackyak

theblackyak
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 30 May 2013 - 12:32 PM

I played with it more today.  Here are more specifics:

 

It is polluted with fake antivirus, that much I can see. I found PC Mighty Max and Win 7 Security 2013 right off. He also legitimately has McAfee and MS Security Essentials, and has had for some time by the looks of things. However, I can't get rid of anything.

All of his shortcuts now feature the Internet Explorer Icon. Everything. Any attempt to open a working program, even the regedit, results in the View Download Manager pop up (by popup, I mean the full square manager, not the little yellow bar at the bottom), at which point you have to select run or save. Regardless of which selection you choose, or cancelling out of it, nothing works. I can't download any help, I can't access the Net from his PC to locate help (it will actually ask if you want to run or save iexplorer) and I can't put any new files on his PC or run them from a flash. Same thing. The pop up.

Starting in Safe Mode does not help and I can't do a system restore because it asks if I want to run or save that, also.

The best I can tell, this began following some automatic updates to IE on Tuesday night. Getting rid of the updates did not help. There were also two add-ons running without permission that were acquired at the same time as the update. I disabled those. Nothing.

Suspicious entries in the task manager include IGFXTray Module and CTFmon.exe, as well as OpenWithMonitor from PC Mighty Max. Ending those processes also does not help.

I would love to tell you exactly what he was doing when all of this began, but he has a raft of little grandkids under ten and it was messed up when he got home, so it's hard to tell. I can concretely say that his wife logged on between 5:30 and 6 and that the automatic updates were at 5:41. She had all of these issues immediately.

Any advice? I am no tech genius, but I can usually figure out a virus. This one, though, is beyond me. Thank you so much in advance.



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:22 AM

Posted 30 May 2013 - 06:48 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:22 AM

Posted 30 May 2013 - 09:48 PM

Hi theblackyak,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 
FRST

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    - OR -

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited by Orange Blossom, 30 May 2013 - 10:26 PM.
Moved to log forum. ~ OB

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 theblackyak

theblackyak
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 31 May 2013 - 01:27 PM

Thanks Jason! I was actually able to get into the beast very late last night and I think I got it fixed.  I had to use a registry fix since the virus changed all the exe names.  Also, when I changed the names of my assassins, it allowed them to run.  I think it is going to be ok.  I was able to get into the registry and delete the renegade files.  There were four fake virus sweeps and a bunch of other problems.  A bunch.

 

Hopefully it will function normally for him at this point.  Thanks so much again.



#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:22 AM

Posted 31 May 2013 - 01:29 PM

You're welcome. :)


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:22 AM

Posted 31 May 2013 - 01:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users