Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sorry It appears you are using a browser that is not supported


  • This topic is locked This topic is locked
30 replies to this topic

#1 Mrs Beach

Mrs Beach

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina
  • Local time:04:35 AM

Posted 19 November 2013 - 08:59 PM

I posted in another forum and was directed to post here.

My problem is I clicked on a link and received a message from avast warning me of a threat. I scanned with avast and found nothing and then scanned with Malwarebytes and found two files infected and deleted them. Since then I have been having trouble loading pages .. even Yahoo will not load the first time I try it gives a connection issue page and there is no problem with my connection. Then I refresh or reload and it comes up fine. I go into Facebook and the page is all jumbled with no pictures just a white screen with the words .. if I refresh most of it comes up and only some pictures show .. refresh again and its fine .. I go into Words With Friends and get a message as follows;

Sorry It appears you are using a browser that is not currently supported. Please use one of the following

Chrome 8+

Firefox 3.6+

Safari 3.2+

Internet Explorer 7+

 

I am currently using Internet Explorer 11 and have had no issues until this. I tried loading with Chrome and the same result happens. In the last forum I was instructed to update my adobe .. I did .. then update Java and delete the old ones .. I did and no difference.

I do not know what kind of virus I have if in fact I have one at all .. was directed to start a topic here by a BC adviser Buddy215.

attached are the dds reports

Thank you,

Margie Beach

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 20 November 2013 - 03:33 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Ask Toolbar
Best Buy pc app
Deals Plugin Extension
Google Toolbar for Internet Explorer
ooVoo
Yahoo! Toolbar


Close the window.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Mrs Beach

Mrs Beach
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina
  • Local time:04:35 AM

Posted 20 November 2013 - 11:01 AM

Hello Marius and thank you

The Malware Logs you are requesting I found in Notepad and if you will tell me how to attach them I will be happy to .. one of the problems I noticed is that I no longer can copy and paste so doing that is out for now. I do not know if it is ok to start the TDSS Killer before you have the Malware reports so I will wait for you to instruct me to do.


Edited by Mrs Beach, 20 November 2013 - 11:02 AM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 21 November 2013 - 03:20 AM

Click the "more reply options" button on the bottom right - there you´ll find the option to attach files.

Run the tools as explained, attach all the logs when finished.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Mrs Beach

Mrs Beach
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina
  • Local time:04:35 AM

Posted 21 November 2013 - 09:08 AM

Ok there were no threats found .. and as far as my Malware report .. I know its in there in Notepad but when I search for it to attach it I cannot find it .. I find one from last April but cannot find the last one I did. I don't know why or what I am doing wrong. I cannot copy and paste it either. If you really need it I am willing to type it out .. would rather not because it is long but will do it if you need me to. Attached is the TDSSKiller report

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 21 November 2013 - 09:16 AM

which browser are you using?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Mrs Beach

Mrs Beach
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina
  • Local time:04:35 AM

Posted 21 November 2013 - 09:23 AM

Give me an example of a browser (sorry)  ........... Internet Explorer 11


Edited by Mrs Beach, 21 November 2013 - 09:26 AM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 21 November 2013 - 09:31 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Mrs Beach

Mrs Beach
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina
  • Local time:04:35 AM

Posted 21 November 2013 - 09:51 AM

Since this problem started I have not been able to copy and paste so I attached the file of the aswMBR report to this reply

Attached Files



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 21 November 2013 - 09:58 AM

Let´s have a closer look - proceed with combofix.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Mrs Beach

Mrs Beach
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina
  • Local time:04:35 AM

Posted 21 November 2013 - 11:42 AM

Combofix report attached

Attached Files



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 22 November 2013 - 03:17 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

When finished, run this tool from Microsoft: http://go.microsoft.com/?linkid=9646978

 

 

Tell me if that worked for you.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Mrs Beach

Mrs Beach
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina
  • Local time:04:35 AM

Posted 22 November 2013 - 03:56 PM

Ok I did all that and attached requested logs ... I am still getting the same browser message when going into words with friends from Facebook .. not seeing any OTHER problems at this point

(Adobe Flash player acting a little strange sometimes)

Attached Files


Edited by Mrs Beach, 23 November 2013 - 12:42 PM.


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 25 November 2013 - 03:09 AM

Uninstall IE 11 and reinstall it, please.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Mrs Beach

Mrs Beach
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina
  • Local time:04:35 AM

Posted 25 November 2013 - 10:12 AM

Ok I did that and having same problems .. don't know if it makes a difference but when I reinstalled it I unclicked the box that said "I would also like Bing and MSN defaults"  ... I went to you tube and watched videos with no problems after the reinstall and see no other problems except for two of my games (I'm not a freak I only play 3 games LOL)  Still getting the same browser message in Words with friends .. and flash player freezes up in another game makes me think its more of a problem with FB or the games. I can deal with that as all I have to do is close it and continue on with the games. Everything else that's important seems to be working fine now. What do you think?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users