Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan - Ads Play in the background upon startup. Save me.


  • This topic is locked This topic is locked
5 replies to this topic

#1 sadguineapig

sadguineapig

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 02 January 2014 - 12:45 AM

Hi everyone,

 

So a few days ago, i think Monday, I found a virus on my computer. Not a great end to the year, and since I still have not been able to get rid of it, not a great start to the new year either.

 

I realized I had a virus when I heard sounds in the background even though there were no processes running and I tried a few different things.

 

I immediately went to safe mode scanned the computer with a few different programs, including tdsskiller, Malwarebytes anti-malware, rootkitremover, cureit (Doctor Web?) and ComboFix (probably shouldn't have). As you can imagine there was a lot of desperation involved. So the programs found some infected files and either deleted them or did whatever they wanted to do, but the problem has persisted.

 

I did a system restore, even though i was very skeptical to do it thinking it wouldn't do anything and may actually cause more harm than anything else. I did that before new year's eve, restarted the computer, and everything seemed fine, no ads etc, so I went out to celebrate relieved and without worries (yay), but then came back the next morning and found out that the problem was not gone, which made my headache even worse.

 

At one point when I was in safe mode with networking a message showed up that the computer will shut down in one minute. It did. This happened only once in that instance.

 

I am logged in from my laptop, and I changed all my passwords online soon after I found out how annoying this thing was. So probably tuesday. 

 

I just ran Malwarebytes antirootkit in safe mode and it has not found anything. I am actually logged into the other computer, but I'm disconnected from the internet. No audio ads yet, but since the system restore I ran multiple different scans and they did not find any infections after the initial scans, so I doubt the problem is solved. 

 

I'm going to reinstall the windows tomorrow, but only repairing it and not doing a full clean installation, I would rather avoid that if at all possible - as I'm sure anyone would in this situation.

 

By the way:

I have Windows 7 on the infected computer.

I use AVG 2012 as my main antivirus program.

 

So if I do that Windows installation what are the chances that would help?

 

And if I end up cleaning the whole system I would like to save some files, so what types of files are most likely to carry an infection and which are the least likely (.docs, .jpegs)? 

 

Also, this is hopefully unrelated, but the internet speed has drastically decreased on my (hopefully) healthy laptop at some point today, I have no idea if it was caused by something or if it just happened out of nowhere. This laptop is at about 0.5Mbps both download and upload speeds, while the infected pc is a lot faster, about 10 and 5Mbps.I have not had the time to look into it, but how could I find out if this is caused by a potential virus? Can a virus spread through a network? And I am not sharing anything with the other computer and never had. 

 

So far the infected machine seems to be alright, but I want to be a 100% sure.

 

This is the first virus I have not been able to deal with, or maybe I did and this is just paranoia. Doubtful.

 

Sorry for this little mess I wrote here, please ask me any questions if you want me to clear something up or if you want other information.

 

If anyone can help me, I will love you forever, I can also refrain from expressing that love if you so desire. 

 

I think depression is slowly starting to kick in now. 

 

Cheers,

A very, very sad guinea pig.

 



BC AdBot (Login to Remove)

 


#2 sadguineapig

sadguineapig
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 02 January 2014 - 12:15 PM

One more thing, Malwarebytes blocked some "outgoing" process when i started windows normally. I think this happened twice and did not happen when I started my computer last night. 



#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 03 January 2014 - 08:32 AM

Hello, my name is Elise and I'll assist you with this issue.

Please go to http://www.virustotal.com and upload the following file: c:\windows\system32\rpcss.dll

Just type the complete file path in the address bar, its unlikely you'll be able to see the file using the browse option.

Post the link to the scan results here in this topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 sadguineapig

sadguineapig
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 04 January 2014 - 03:31 PM

Thank you for the response.

 

I reinstalled the windows and everything seems fine. I'm not using the other computer for anything important anyway, so i'll get everything i want off of it and I'll do a clean system install within a week or so. 

 

Again, thanks,

Cheers



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 04 January 2014 - 03:51 PM

In the mean time we have narrowed down the case of the infection to an infected rpcss.dll file, which needs replacement. If you need any further assistance, or have any question please let me know, otherwise this topic will be closed.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 19 January 2014 - 04:39 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users