Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System is hosed, I believe I have Malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 KHardwick

KHardwick

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 15 April 2015 - 06:41 PM

Hi all,

 

First time to pose a question but have had the privilege of following your forums for a while (made an account to post this question) and I believe I need your help before I try to "fix" this problem myself.  

 

Excuse any ignorance on my part, my husband who just recently passed handled this type of thing and while I do have an Engineering background, computers are not my strongest suit.

 

I noticed about a month ago that I started to get this box in the upper right-hand corner of my screen asking me to contact an 888# for PC Support/help as my system was running slow.  I knew it was bogus because my husband has the firewall set really high and we use mostly Opera as a browser as it controls better ad-blocks, etc. in our opinion.  I made the mistake of having to use Firefox for a web page that Opera was not compatible with and this is when this box started showing up.  At first it was just annoying but now the system seems bogged down continuously.  When I looked in the Task Manager to try and see what is eating the resources, I really only see one thing that truly sticks out : "Coupons_and_fun_notification_service.exe *32".  In the pop-up box, in small print, I see this same company logo.  So I know this is where it is coming from.  I can't kill it.  I have tried but do not want to damage anything on the system that may be irreversible.  It has to be from that web page in Firefox, which had a ton of pop-up ads even though the pop-up blocked was checked in the Firefox settings.  I find this tool in Firefox useless.

 

Also, when I look at the AMD device monitor that constantly runs, I never see any of the cores past 55% and the CPU usage around 35-60% even when gaming.  That is what is so frustrating, that it is bogging the system down but there is no clear-cut way for me to see anything to "kill" for lack of a better word.

 

Here are the computer stats:

Windows 7 Home Premium , service pack 1

64-bit operating system

AMD FX-4100 Quad-Core Processor 3.60 GHz

8 GB of installed RAM

AMD Radeon HD 6700 Series video card

Samsung HD160JJ ATA Device - hard drive (he has 2 other small ones in the pc)

 

I am awaiting your instructions as I do not want to run any diagnostics that I have seen in other threads before you tell me to :)

 

Thanking you in advance for your kind help,

Kristen

 

P.S.- I tried to attach an .odt file to show you a pic of the Processes/Task Manager and the ad pop-up itself but I got an error message saying that I was not permitted to upload this kind of file.  User error I am sure, sorry :P

 

 



BC AdBot (Login to Remove)

 


m

#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 16 April 2015 - 01:02 PM

Hello KHardwick,

 

I'm Stan and I will be helping you with this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not install any additional software on the system during our work here, unless instructed to do so.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

********************

 

First, I want to thank you for the detailed overview of the current situation. At the start, I want to see what is the system's condition and possibly, directly find out what we are dealing with. For this purpose, please, follow the steps from stage 6 in this topic and post the required logs. I will do my best to be back with further steps as soon as possible.

 

P.S.- I tried to attach an .odt file to show you a pic of the Processes/Task Manager and the ad pop-up itself but I got an error message saying that I was not permitted to upload this kind of file.  User error I am sure, sorry :P

 

In such cases, you may try to archive the file and then upload it. Alternatively, you can upload the file at other sources and provide a link for downloading it. :)


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 19 April 2015 - 11:40 PM

Hello KHardwick,

 

All you still here? Please, note, if you do not reply in 48 hours, the topic will be closed.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:26 AM

Posted 23 April 2015 - 10:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users