Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads By NAME


  • Please log in to reply
37 replies to this topic

#1 dark-wisper

dark-wisper

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 01 April 2015 - 06:29 PM

Hello,
I have recently been hit and i have NO idea how this got in my computer, by a malware that infects browsers.
I have both Firefox and Chrome, both with ADBLOCK and ADBLOCK plus, but i am getting hardly spammed by ads, and the pages barely move.
Literaly, the browser is hanging, non responsive, it will barely open a page, and when it dose, it is hell.
Popups, banners, ads, they fill my screen and my harddrive is working nonstop when the browser is on, so something is messing with my browser and PC.
I ran a scan with adw remover, found 3 infections, removed, and not even a change.
 
I have to mention that i use the browser alot, and 24h ago i know i did not install anything, click on any ad, open any ad, because i use adblock.
 
I am currently running Dr. Web Cureit, and scanning for potential infections.
Some images will be posted below on the browser page with ads.
 
What i did so far:
-Adw cleaner scan, removed what it found
-Removed 2 plugins from Firefox which i don't remember the names
-Googled the page that keeps flooding me which is: "http://luu.lightquartrate.com"
-Googled a way to remove this, found only tools that ask for moneyarrow-10x10.png.
-Went in add/remove programs, found nothing installed recently.
-Task manager, removed the entyty that was running and deleted it from program files.
-Rolled back my browsers.(will not uninstall the browser because of history and personal data loss)
 
Any ideas?
Please help, i hate ads, and no idea how this got in.
 
System specs:
Intel i5 3350P @ 3.3 ghz.
Ram: Corsair Vengeance 2x 4 gb, 8 gb in total.
Motherboard: Asus z77-a
Storage: Seagate SSHD 2tb.
Internet: Skynet dl/ul 100/100 mb/sec Bandwidth.
Average ping 1ms
 
OS: Windows 7 x64 ultimate, Up to date.

 

2zho8yd.png

 

33xcz08.png



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:17 AM

Posted 01 April 2015 - 07:00 PM

Hello. I suggest you remove all add ons/plugins in FF and Chrome and close /open the browsers. Or you can do them one at a time.

Now run these.....

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
If you want to run this agai
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.
>>>

51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dark-wisper

dark-wisper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 01 April 2015 - 08:48 PM

Eset is still scannin gut there is the reports for all other.

https://www.dropbox.com/s/djt8ooibnb2k40n/AdwCleaner%5BR3%5D.txt?dl=0

https://www.dropbox.com/s/8oz17cs7mql8dae/scanlog.txt?dl=0

https://www.dropbox.com/s/9umpcpve89jd14h/Result.txt?dl=0

https://www.dropbox.com/s/619bpd8q0ni0nc7/JRT.txt?dl=0



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:17 AM

Posted 01 April 2015 - 09:08 PM

OK, ESET can be very long at times.

I did not see this entry in Minitoolbox..◦List Winsock Entries

Also you have no antivirus?

Was TDSSKiller clean?

Appears you downloaded some keygen or crack tools. This is what is bringing malware in,especially with no AV.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dark-wisper

dark-wisper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 01 April 2015 - 09:44 PM

I did have some cracks but they are from 2013.

Also, i use cheat engine for tinkering with speeds on browsers or some games that get annoying.

And, yes, i do not use AV, and i had no problems for 2 years, except adware from free crap that's floating on the internet.

Nothing i couldn't handle.

 

UPDATE:

I managed to remove the ads by removing Firefox completely from the system, and making a backup of the profile.

it is still a pain as i am still working on customising Firefox. (i used firefox 28, newer versions look bad and need a bleepload of plugins to make it flexible)



#6 KeillRandor

KeillRandor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 01 April 2015 - 10:21 PM

I am also suffering from this problem, but dark-whisper's cure for it has never worked for me.

 

One of the reasons for that, is the this problem has never existed in isolation until it remained the last problem I now have:

 

I got hit with a globalupdate malware bomb that spoofed googleupdate earlier yesterday, (source unknown), and although I removed a lot of the problems, using a large variety of removal tools, this one still remains, and nothing I do manages to fix it, affecting all my browsers, even after wiping the off and reinstalling them, with fresh profiles.

 

I can't see any obvious source of this problem, from extensions/plug-ins/files or programs installed anywhere noticeable - which makes me think there might still be something in the registry - some globalupdate files were there and found, but maybe not all?  Is there any way this can be further checked?  (Anything specific just for the registry?)

 

I could attach log files (after re-running the scans) but am not sure what it will show?


Edited by KeillRandor, 01 April 2015 - 10:22 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:17 AM

Posted 02 April 2015 - 09:57 AM

I would recommend a deeper look if the issues persist..

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 heroesagustín

heroesagustín

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 02 April 2015 - 01:54 PM

The same as you is happening to me. I passed almoust all the anti-malware softwares and nothing. I also have Norton Internet Security paid and nothing. I refresh Firefox, cleaned cookies,,,.

 

Strange is, because i didnt download anithing so i guest the adware was auto-downloaded when i visited some page. I restored windows to the last save point and i skip this crappy problem but a few hours later when i thought everything was ok and surfing internet: CATAPLASH! Firefox refresh automatically with the adware again like if it were programmed for launch at "x" time.



#9 Wchsam92

Wchsam92

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 02 April 2015 - 02:08 PM

I have the exact same problem as well, was using adblock, surfing the web, suddenly noticed bunch of empty ad windows popping up, so far i had ran adwcleaner and malwarebytes, reinstalled firefox twice, refreshed firefox countless of times, and the ads are still here, and pop ups that lead to some warmportrait.com.

Update, removed 2 suspicious exes with long meaningless names that is hiding in appdata as well as removing them in scheduled task in ccleaner.

Edited by Wchsam92, 02 April 2015 - 02:11 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:17 AM

Posted 02 April 2015 - 02:26 PM

There is something deeper these tools are not seeing.. That is why we need to do post 7.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 a9j5

a9j5

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 02 April 2015 - 02:43 PM

I also have this problem. I've tried everything from previous posts, but I just can't get rid of these annoying ads(it also slows browser speed). I hope there is a way to solve this, since I don't know how my PC got infected.



#12 Wchsam92

Wchsam92

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 02 April 2015 - 02:52 PM

I also have this problem. I've tried everything from previous posts, but I just can't get rid of these annoying ads(it also slows browser speed). I hope there is a way to solve this, since I don't know how my PC got infected.


Is this some sort of new virus? Suddenly quite a few of us got this

#13 a9j5

a9j5

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 02 April 2015 - 03:01 PM

 

I also have this problem. I've tried everything from previous posts, but I just can't get rid of these annoying ads(it also slows browser speed). I hope there is a way to solve this, since I don't know how my PC got infected.


Is this some sort of new virus? Suddenly quite a few of us got this

 

Could be, but what's interesting is how it stays hidden from all these programs. Not a single one of them managed to find it and remove it.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:17 AM

Posted 02 April 2015 - 03:03 PM

Ok, yes there is something Different here and we need a deeper look.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 dark-wisper

dark-wisper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 02 April 2015 - 04:03 PM

This is a rootkit as i suspect, and it runs deep in the registry.

Uninstall Firefox/Chrome, etc, restart the PC in safe mode and scan.

It should NOT be a problem there.

 

WARNING!

I found a rootkit deep lodged in my system32 an system folder, upon removing it, my WINDOWS STOPPED WORKING!

It stopped booting, all i got was windows was unable to launch, system repair is trying to fix....

Then error, could not repair. Send/Do not send error report.

 

The error message was that a file was corrupt or missing.

it infects a critical driver in windows as i saw.

 

 

Keep the thread active, we need to get to the bottom of this!

Also, a way to avoid getting this again and again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users