Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WhatsApp Voicemail Virus Removal opened


  • This topic is locked This topic is locked
13 replies to this topic

#1 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 24 June 2015 - 10:55 PM

Hi, 

I did a no no and opened that derided Whatsapp email

since then computer has run slow, internet disconnects (At computer, not modem) and this Bleeping windows help pops up all over the screen when using Internet Explorer.

I have stopped using IE and now using Safari. ( has contained to one pop up window)

 

I was reading a post from someone that was having the same problem. 
I have downloaded your recommended programs. ADWCleaner and Rogue-Killer..

Here is the Log Report you asked her for. 

 

Attached File  AdwCleanerR0.txt   1.73KB   3 downloads

 

Attached File  RKreport_SCN_06252015_134854.log   3.4KB   3 downloads

 

Hope this helps and you can help.

 

I'm not 100% in what I'm doing and heeded your warnings about not deleting anything.. 
This is why I have sent you this info.

 

Thanks

Scottty

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 28 June 2015 - 08:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run the AdwCleaner tool and clean everything that was found.

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?

#3 Scottty

Scottty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 30 June 2015 - 12:00 AM

Hi Nasdaq,

I have sent the computer off to the doctor to be wiped clean and start fresh. 

I hope this and you can help out may others with the same Problem..

 

Thanks

Scottty



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 30 June 2015 - 07:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 05 August 2015 - 07:46 AM

This topic has been re-opened at the request of the person who originally posted.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 05 August 2015 - 07:51 AM

Quoted from a PM message.

Hi Nasdaq,
ok so I got the computer back after having it wiped and re-installed with windows.. (Problem is still here)

Recap on the problem..
When ever you open a programme IE: Internet Explorer you get a help window pop up.. About 20 of them..
It seems to be a F1 help key virus.

Where I'm at now

I was reading on another page on you site and the mentor said to your member to look for the helppane.exe file name. Now mine reads ( HelpPane.exe ) would the Capitals be the problem??


If the problem is the helppane then execute this.

Open up a run command (windows key + R) and type "msconfig" this will list all services and applications that start with windows. CHeck for helppane.exe under the startup tab and disable.

Trust the filename listed by msconfig.

#7 Scottty

Scottty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 05 August 2015 - 08:02 AM

Nope can't see it there.

 

Here are the files you asked for before..

Attached Files


Edited by Scottty, 05 August 2015 - 08:20 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 05 August 2015 - 09:38 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

EmptyTemp:
CloseProcesses:

(Microsoft Corporation) C:\Windows\System32\msconfig.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
AlternateDataStreams: C:\Users\Cathi\Documents\invoice 14.08 Parks and Places 05.03.14.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathi\Documents\quote to ACTEW - Chifley 05.03.14.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathi\Documents\quote to ACTEW - Googong 05.03.14.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathi\Documents\[lousbobcathire]Quote as Requested ian atkinson.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathi\Documents\[Simon Cassidy]RE Machine Available from Lou Jenal.eml:OECustomProperty

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#9 Scottty

Scottty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 06 August 2015 - 02:34 AM

Ok I have done that.. I opened IE and typed the letter B and this is what I got. ( See Picture) 
Also here is the file you requested.

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 06 August 2015 - 07:45 AM

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

If the problem persists continue.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

Keep me posted.

#11 Scottty

Scottty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 06 August 2015 - 06:56 PM

No worries. I give it ago..

It seems almost like the computer has been reconfigered to whenever you open any programme including search bar in start menu that it will actavate the F1 help key hold it down so the window pops up 20 - 30+ times.

I dont belive its a Internet Explorer issue as it will happen in 'All' Programmes when ever you type your 1st letter and if you have not typed any keys for about 15min (your reading a web page) then you press anykey and it will set help window off again.

I hope this will help in finding the solution.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 07 August 2015 - 06:50 AM



I found this article where by editing the BIOS you can disable the Fn key to use the F1 to f10 keys.

This example if for a HP computer.

http://support.hp.com/us-en/document/c02035108

If you do any change to the BIOS I suggest you write down everything that you change. If something goes wrong then you can reset the setting to it's original value.

If the Fn key is disable the all you need to do is press the fx key to activate it.

===

You can also check for a BIOS update from the manufacturer of your computer.

Google this string BIOS update see if your manufacturer as issue an update.

==

If you are not confident in doing any of this I suggest you start a new topic in the Internal Hardware.

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

An expert in that field will be able to help you better than I can.

#13 Scottty

Scottty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 07 August 2015 - 08:59 PM

I have ran Zoek and here is the report.
As soon as I opened Google Chrome the help window popped up again.

 I will now try the BIOS update and try a new topic as you have requested.

 

I will keep you up to date with what happens.

If you have any more ideas please let me know.. 

Thank you for your time a patience with this matter.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 13 August 2015 - 10:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users