Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads running in the background


  • This topic is locked This topic is locked
18 replies to this topic

#1 ShadowofElements

ShadowofElements

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 01:58 PM

Very recently audio ads started running in the background of my computer at random intervals. I have run CCleaner and nothing helpful occurred. I can't get them to stop and I am worried that it is a virus. I ran DDS and here is the log:

Spoiler

ALL HELP IS APPRECIATED!


Edited by ShadowofElements, 04 January 2014 - 06:12 PM.
post moved from Windows 7 to Malware Removal Logs which is the place DDS are allowed. Also removed spoiler which was used for DDS log.


BC AdBot (Login to Remove)

 


#2 MilesAhead

MilesAhead

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 03:24 PM

I would try scanning with Malwarebytes anti-malware.  If it finds something it's easier to know what to do about it.


"I don't want to belong to any club that would have me as a member."
- Groucho Marx


#3 Nano2169

Nano2169

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 04 January 2014 - 03:42 PM

I am having this same issue. I ran all the anti-virus software, Combofix. Everything and it's not getting rid of it.



#4 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 04:57 PM

 

I am having this same issue. I ran all the anti-virus software, Combofix. Everything and it's not getting rid of it.

 

I'm glad to see someone else has the same issue.

 

Malwarebytes Anti-Malware did not find any issues. I have tried almost all of the free anti-virus and malware programs. In fact, almost all security programs and nothing works.

 

My computer also has to restart every 40 minutes because an error message pops up that explains why it is forced to restart. I will screenshot the message the next time it comes up.

 

The ads also appear in the volume mixer as "Name Not Available". When I turn the volume off for that, the ads are silenced but still run.

 

CAN SOMEONE PLEASE HELP

I'M ABOUT TO COMPLETELY RESET MY LAPTOP


Edited by ShadowofElements, 04 January 2014 - 04:59 PM.


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:20 AM

Posted 04 January 2014 - 05:05 PM

Hi,

 

You posted in the wrong section. This is malware and should be removed from the system.

I'll report this topic to be moved by mods.

 

@Nano2169 open your own topic and don't hijack other members topics.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 05:09 PM

Hi,

 

You posted in the wrong section. This is malware and should be removed from the system.

I'll report this topic to be moved by mods.

 

@Nano2169 open your own topic and don't hijack other members topics.

 

 

Regards,

Georgi

Thank you for fixing my ignorance.

 

When my computer is about to restart it states, "Windows must now restart because the plug and play service terminated unexpectedly."



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:20 AM

Posted 04 January 2014 - 05:18 PM

Hello,

 

Yeah, we are aware of that. There is a new malware which is the reason for these issues and we are aware on how to cure it.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 January 2014 - 05:19 PM.

cXfZ4wS.png


#8 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 06:08 PM

Hello,

 

Yeah, we are aware of that. There is a new malware which is the reason for these issues and we are aware on how to cure it.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

Regards,

Georgi

Thank you so much! Here are the three files: 

Search: http://pastebin.com/3fN32gqP

FRST: http://pastebin.com/Xz7xA5Km

Addition: http://pastebin.com/0q9s2VHa



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:20 AM

Posted 04 January 2014 - 06:23 PM

Hi,

 

 

 
Please download the following file => [attachment=145566:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 

Regards,

Georgi


cXfZ4wS.png


#10 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 06:30 PM

Here is fixlog.txt

Spoiler


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:20 AM

Posted 04 January 2014 - 06:32 PM

Do you have any problems now?

 

 

Regards,

Georgi


cXfZ4wS.png


#12 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 06:35 PM

I didn't realize it, but everything is fixed as far as I can tell.

I can't thank you enough!



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:20 AM

Posted 04 January 2014 - 07:37 PM

Hi,

 

 

Nice to hear there is an improvement but I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

Please download Malwarebytes Anti-Rootkit mbamicontw5.gif and save it to your desktop.

  • Be sure to print out and follow these instructions for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

 

 

STEP 4

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 5

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 January 2014 - 07:38 PM.

cXfZ4wS.png


#14 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 09:33 PM

Working on all the steps currently. I have a pretty bad laptop.



#15 ShadowofElements

ShadowofElements
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 January 2014 - 10:10 PM

RKReport: http://pastebin.com/g58S5JBS

TDSSKiller.3.0.0.19_04.01.2014_20.51.10_log: http://pastebin.com/b4JKqNs4

mbar-log-2014-01-04 (21-03-57).txt: http://pastebin.com/eu1xgFbc

system-log.txt: http://pastebin.com/39Che8wy

HitmanPro_20140104_2200: http://pastebin.com/sNgWnrEq

checkup.txt: http://pastebin.com/DmM3a27K


Edited by ShadowofElements, 04 January 2014 - 10:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users