Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New to W7 - weird things going on


  • Please log in to reply
8 replies to this topic

#1 faster

faster

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 September 2013 - 01:35 AM

I just bought a used PC, with W7. I used to use W98SE. It takes adjustment, I realize. But since when is it okay to make upgrades that I already HAVE made, or to make upgrades I never authorized, for programs that I can't find on my PC? Even when I denied access to some of those programs. It didn't stop anything.

 

What makes it possible for "vube.com" to launch their unwanted videos, even though I've put them on the restricted list? And MonsterMarketplace.com, which pops up ads over any highlighted text I mouse over? I've put them on the restricted list, too, and went to their "opt out" page, at a site called "Nav-Links" where I opted out. (Note that I never opted in in the first place.) Nothing changed. Both sites are on my restricted list, and I've removed all their cookies. No good; they're still being obnoxious. Haven't people reported them for this? Surely it can't be legal to invade someone's personal PC this way?

 

I have Zone Alarm, and the built in antivirus of W7. For what good they're worth. I forget how much memory, but I think it's in gigabytes. I just bought the thing. Seems I did better on W98 with only 268 MB of RAM.

 

This is invasion, and I don't know how it got itself into my PC, but I do know I want them OUT. Or is it just "one of those things" that people with W7 have learned to tolerate?

 

W98 NEVER made upgrades I hadn't asked for. Nor tried to make them a second time, after I'd already made them. In the process of trying the second time, they stopped my video, said that Google Chrome had a problem with memory, and then rebooted - all against my will. I have gobs of memory. No video is likely to run me dry.

 

I never had an operating system with a mind - and will - of its own. Or one as hideously vulnerable.

 

I got another popup that told me problems were slowing my PC down. Thinking it was from W7, I let it run the scan. It found over a thousand "problems," and offered to fix them. When I said okay, it took me to a site that wanted money to do it. And it never mentioned anything about the kinds of "problems" it supposedly had found. Yet another invasion.

 

I think I was better off with W98SE. I gradually lost access to many videos - but not all, which was one reason I was willing to switch to W7. But this is worse than anything I've ever experienced.

 

Can anyone offer me any hope? Any suggestions? I'm starting to feel my bacon burning here.


Edited by hamluis, 22 September 2013 - 05:45 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 September 2013 - 01:42 AM

New development. In the last 5 minutes, too.

 

Something printed some of my words above in red, with double underscores. I couldn't even right-click to see if they were spelling errors. Instead, I got that Monster thing.
 
Some words, it seems, trigger the Monster. Such as my use of:
 
adjustment
denied access
sites
Zone Alarm
operating system
 
in my above post.
 
Whoever is doing this are maggots. They can even pre-empt the right-click menu.
 
Somebody seems to even be snooping at what I wrote on YOUR website. Is this the new normal, now?


#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:30 AM

Posted 22 September 2013 - 04:22 AM

Hello faster -

Not sure what you mean > " the built in antivirus of W7" < There is no such thing .......

 

It seems that your "new" computer was very infected prior to you purchasing it, or you have visited several sites, in the last week or so, that have badly infected your computer ........

 

vube.com is a known infection carrier program, and MonsterMarketplace.com is a relatively new browser hijack virus. It enters your PC unnoticed, and it's actually not known precisely how it gets in there - it can infect without any opening of attachments or downloading .exes.
The MonsterMarketplace redirect happens, regardless of the web browser or search engine, and if you are seeing ads from MonsterMarketplace.com whenever you are doing a Google search or visiting a website, then your computer may be infected with Pihar, Tracur, ZeroAccess/Sirefef rootkit, adware or a potentially unwanted program.
 

Start with this - Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following checkboxes:
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List content of Hosts
* List IP configuration
* List Winsock Entries
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (Only Problems)
* List Users, Partitions and Memory size.
* List Minidump Files
* List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click GO and Copy / Paste the result, (Result.txt) from your desktop

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
*  Do not reboot your computer after running RKill as the malware programs will start again.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

 

Please download Malwarebytes Anti-Malware Free (aka MBAM)
* Double-click MBAM -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be so it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Scan, then click Quick Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* NOTE : You may be asked to Reboot to fully remove any found infections.
* When completed, a log will open in Notepad.
* Post the log back here.
* If you are not sure of any items, post the log and ask if it should be removed.

 

Please download Junkware Removal Tool to your desktop.
* Shut down your protection software now to avoid potential conflicts.
* If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

* Post the contents of JRT.txt into your next message.

 

Thank You -



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:30 PM

Posted 22 September 2013 - 05:39 AM

Hello faster -

Not sure what you mean > " the built in antivirus of W7" < There is no such thing .......

I imagine the user probably refers to Windows Defender, even though that's not an anti-virus.

 

I got another popup that told me problems were slowing my PC down. Thinking it was from W7, I let it run the scan. It found over a thousand "problems," and offered to fix them. When I said okay, it took me to a site that wanted money to do it. And it never mentioned anything about the kinds of "problems" it supposedly had found. Yet another invasion.

Definately infected, sounds like a rogue anti-virus/spyware/e.c.t. to me. Do not pay them money, it's a fake, and they just want your details.

 

I've reported this topic so that it can be hopefully be moved to the logs forum. I'll leave the helping down to noknojon.

 

xXToffeeXx~


Edited by xXToffeeXx, 22 September 2013 - 05:39 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 September 2013 - 04:01 PM

You guys are great! I may be new to W7, but I've contacted you several times when I had W98SE, and you're the only site that helped and didn't sneer.
 
I will always remember that. EARNING goodwill is always the best way, and as long as you do, you'll thrive.
 
I will be trying the suggestions. It'll take some time, but I'll be back with results.
 
BTW, something must have confused me into thinking there was an antivirus in W7. When everything you encounter is new, you do tend to get a flooded brain, with all the extra input.
 
Be back...

 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:30 AM

Posted 22 September 2013 - 04:32 PM

If you have no Antivirus installed then please Install M.S.E Microsoft Security Essentials
 

Open Settings > Realtime Protection > and tick the box (top left) so you have some protection -

 

Thanks -



#7 anthonycuk

anthonycuk

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 23 September 2013 - 03:09 AM

You have malicious add-ons and plug-ins on your browser. What you need to do is to rectify back your browser setting.

I've found some threads onine have solved the similar problem: http://forums.malwarebytes.org/index.php?showtopic=111477

http://forums.majorgeeks.com/showthread.php?t=278883

and the detailed steps with pix are here: http://blog.vilmatech.com/get-rid-of-dosearches-com-search-redirect-virus-removal-guideline/,

 

 

But I do have easier steps for you to follow up:

 

1. reset your browser

 

- firefox

  • Click on the Firefox button > Help > Troubleshooting information.
  • A new window pops up with a box containing ‘Reset Firefox’ button on the left uppers corner of the web page
  • A box pops up for confirmation, please click ‘Reset Firefox

- Google Chrome

  • Choose ‘Customize and Control Google Chrome’ menu.
  • Select ‘Options’.
  • Click ‘Under the Hood’ tab on ‘Options’ window.
  • Click ‘Reset to Defaults’ button.

- IE

  • Open Internet Explorer
  • Click on the Tools menu
  • Select Internet Options
  • Click on the Advanced tab
  • Locate 'Reset Internet Explorer settings' section
  • Hit Reset button > press 'Apply'.

 

2. manually change browser settings

 

- firefox

At the top of the Firefox window, click on the Tools menu -> manage Add-ons -> modification should be made under Extensions tab and Plugins tab respectively.

 

- Google Chrome

Click on ‘Customize and control’ Google Chrome icon -> select ‘Settings’ -> manage ‘Extension’ -> ‘manage search engine’

 

- IE

Go to Tools -> ‘Manage Add-ons’ > find and click on beesq.net in ‘Toolbars and Extensions’, ‘Search Providers’ respectively -> click ‘Disable’/ ‘Remove’ to remove MonsterMarketplace.com and other unwanted items.

 

 

3.disable startup item related to MonsterMarketplace.com and other unwanted items.

 

 

- Windows 7/XP/Vista

Start Menu -> Select ‘Run’ -> type ‘MSCONFIG’ -> find beesq.net extension > press ‘Disable all’.

 

 

- Windows 8

Start screen -> type 'Task' > hit Startup tab > find beesq.net’s startup item and disable it.

 

 

You may regain a clean browser again :guitar:



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:30 AM

Posted 23 September 2013 - 04:27 PM

Hi faster -

 

The post above from anthonycuk  will only fix a few of your problems, while I am trying to fully clean and fix all of your listed problems and help you with setting up Windows 7.

 

Then we can remove and repair any faulty installed programs -

 

Thanks -



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:30 AM

Posted 04 October 2013 - 12:21 AM

Hello -

Its been 2 weeks since you last replied, do you still want any help ?

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users