GolfGTIforum.co.uk
General => General discussion => Topic started by: Wazzzer on 01 May 2011, 20:03
-
I'm at the end of my tether with the prob I've got with the PC at the mo.
Basically I get either redirected or another page opens up about 20% of the time while I'm browsing the net, especially while clicking google links. IE9 is affected as well as Firefox 4. Also clicksor ads are everywhere now
I've run various spyware programs (AVG, Spybot S&D, Malwarebytes) and nothing is found
Any help is massively appreciated as it's driving me nuts!! :cry:
To add, just clicked on here and it opened another page with google analytics :angry:
-
As viruses update almost hourly it's almost impossible for AV companies to keep up. Install Microsoft security essentials , it's free and has removed viruses others couldn't detect. Leave your PC off for a few days and scan again or reinstall after backing up your data.
-
I had something like this about a year ago. No matter what I did OT would always redirect my browser to some fecking website.
System restore, virus scans, malware scans, registry edits; none of them worked.
The only solution was to reinstall the OS (win XP) in safe mode.
-
yep that's what it's looking like at the mo :cry:
-
Is there any way you can get the hard drive out and use it as an external drive in another computer?
Or even use it as a secondary internal drive?
Best thing is always to do the scan on another computer - run everything like adaware, spybot, antivirus etc.
Failing that, boot into safe mode and run all of your software in safe mode.
If you can get HiJackThis and post up the log, we can have a look and see what's there.
-
Avast updates twice a day its fantastic and also free get it downloaded as well as microsoft essentials
-
trying to save the log file but it doesn't do anything for some reason, something I'm doing wrong?
-
Can't remember the technical details, but IIRC there's a version of Linux designed for this purpose, you boot from a USB stick and scan the main disc running from the stick. Let me know if you need any further help - I'm only in hospital tonight.
-
You tried Microsoft Security Essentials? It's surprisingly good :smiley:
Should save to your hard drive, then you can open it in a notepad copy and paste it here or on Bleeping Computer (the logs are VERY long).
-
Ok. I'll bite.
Why are you in Hospital Thomas?
-
you need to run hijack this and find the registry, basically something is messing with the IP. run hijack this and post the result.
http://free.antivirus.com/hijackthis/
-
Why are you in Hospital Thomas?
Smallest person tripped over last Monday, broke femur. I'm doing a couple of nights to let Mrs Hell out. No great drama, quite dull. Wazzzer already knew, as I bumped into him in Sainsburys on Saturday, or I wouldn't have mentioned it
-
right security scanner has picked up 2 things, a hacktool and also a trojan downloader. Both are now gone (hopefully)
Just reinstalled hijackthis as it still won't save a log file, will give some results in a mo
-
Did you run hijackthis in safe mode?
-
no should I be?
-
Here we go...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:09:59, on 02/05/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files (x86)\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files (x86)\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\Wes&Carrie\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor.gadget\GPUMonitor.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XmarksThumbnailsDLLBHO - {1BD0BEFE-F697-4eee-B7E1-76B849A5CB84} - C:\Program Files (x86)\Xmarks\Thumbnails for IE\xmarksthumbnails.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
-
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus S20 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEAE.EXE /FU "C:\Windows\TEMP\E_S90CB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Startup: GPU-Z.0.4.6.exe
O4 - Startup: Windows Live Mail Beta (2).lnk = C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files (x86)\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files (x86)\Wireless Device\Wireless Mouse\MouseAp.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: *.tvcatchup.com
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
-
O23 - Service: TunerFreeMCEService - MillieSoft - C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15476 bytes
Stupid character limit :grin:
-
what i had is not in that list so i dont know, your looking for something thats changing your IP address.
if you got into network connections then properties it should be on automatic id guess, youll find youve got an IP in there, it shouldnt be..
got to a computer forum and post your hijack this log, they will sort it out in no time.
-
no should I be?
In safe mode you won't have internet connectivity, disabling the virus from updating and getting round the scanner. So I've heard.
Mum's laptop had a big trojan a few months ago. Ran all sorts of scanners but found nothing. I kept getting popups from the "windows scanner" which was the virus. I researched online about this virus and it gave advice on removing it and what programs to use. Try and do a search on google to find more info, usually loads about :smiley:
-
Brief look and there's nothing spectacular there.
-
did you sort this mate? think i have the same malware and nothing picks it up
-
XP security 2011?
I found a way to remove it manually.
I've found if you turn your machine off for a day or two, turn it on and update AV asap and scan again (this method works well with Microsoft security essentials)
Post a list of processes running and I'll have a look, the last one I sorted manually. Was controlled by FAQ.executive found in the user profile \ local settings \ application data and was hidden and set as a system file.
If you log on as another user is the virus still 'working '?
-
did you sort this mate? think i have the same malware and nothing picks it up
Go here http://support.kaspersky.com/viruses/solutions?qid=208280684 and download TDSSkiller.
It might be a TDSS type, which is now in it's third generation. They hide amongst the system by apearing to be legacy drivers or system files. (so Antivirus progs won't find them)
Backup important files/documents before you run it, as it might want to restart your pc if it finds anything.
Theres a decent howto here http://www.youtube.com/watch?v=TLVifFbLIso but his voice is fricking anoying, lol. But he shows how to clean the system easily with a few progs.
-
jay, its still active in the guest account. i installed security essentials (was using free avg previously), it picked up 8 trojan files relating to java, but the google analytic pop ups still remain. Cant get onto google now either!
I'll make a picture of the processes running with screen print, don't think its possible to copy the text?
bomp, tdsskiller didn't pick up anything, i started following the youtube vid but i have windows 7 so got lost!
-
A list of the running processes would be good ( use http://free.antivirus.com/hijackthis/ ).
Alternatively, backup your sh!t & reinstall Windows - it's much quicker with Win7 30min~ :grin:
-
My dad (the dirty old porn surfing b@stard that he is) got this Vista security malware thing on his laptop and I spent most of my Sunday trying to get it off to no effect. Without trying to scare you the only way to get it off was to upgrade his laptop to Windows 7 (I just used the upgrade CD I had and it worked) with a clean install.
-
im pretty sure it started when my external harddrive went tits up last year, so i downloaded a recovery program, then downloaded a keygen for it which turned out to be a virus! It all got removed but seems to have popped up again a few times but the latest pop ups have been on my laptop for ages now.
might get another copy of windows 7 then, im even struggling to get a log file from the program jay put up above, f**king computers!
-
You dont have to buy Windows 7, do you have a CD for the current operating system you are running? Just back up everything you need and reinstall that OS.
-
nope, the laptop only came with a cd of drivers and utilities (dell)
maybe i can get the serial number from the copy on it at the moment and use it with another copy?
-
Are you running XP ?
-
windows 7 64 bit home premium with dell sh!t on it
-
If you can borrow someones Windows 7 CD give this a try - http://pcsupport.about.com/od/osproductkeys/f/windows-7-serial-key.htm
Just use your serial when you reinstall. Like I said I did it on my dads laptop the other week and it was a piece of piss.
-
ok, i'll give it a go on an old laptop first. I guess it has to be a like for like copy, eg 64 bit and not 32 bit and the correct version eg home/professional?
cheers for the help y'all
-
The copy of Windows 7 Home that I have came with both 32 and 64 bit if that helps.
-
ok i'll see what i can get hold of
will try the leaving it off for 2 days then updating the anti virus first though
-
i have windows 7 32/64 bit oem versions with legit keys going for a song. pm me if anyones interested :lipsrsealed:
-
No this is still ongoing for me, just come back from a week away and it's still playing up. Looks like I'll have to live with it as I can't be arsed to reinstall everything on here again
-
I've got a Dell Win7 64 CD / ISO I could get you, doesn't have all the crapware installed by default either - it's just a vanilla Dell Win7 CD. Just backup your shizzle to a USB drive, reinstall et voila done. Better than having someone getting your private info/bank details/porn :wink:
The CD key in the machine will be Dell's factory one and after a few months may want it's own putting in, you should have one under the laptop, or under the battery as it's a Dell. I use ProduKey from Nirsoft for extracting Windows/Office Keys.
-
yeah that would be great, pm sent mate
-
glad somebody is getting sorted with this
just done a reinstall on my netbook from the recovery partition and it's still on here...
-
What kind of reinstall was it? Some only do a repair install, some have an option to do a complete wipe of your Windows partition (what you want ideally), have a look at the options again.
-
further to this, I have trawled the internet and finally found someone who is experiencing the same problems as me...
http://www.bleepingcomputer.com/forums/topic395372.html
So far the problem hasn't been soled but it saves me having to try things if they don't work lol
The new window pop up has now manifested itself on my phone so I'm wondering if they are heading in the right direction with looking at the router itself. I will be taking my netbook (which is also suffering from this) to my parents on Weds so I can hop on their router and see if anything happens as I had no problems at the weekend on my phone while using their internet.
-
go to your network connection
click on it.
Highlight Internet Protocol (TCP/IP)
Click properties.
The IP and DNS should be automatic? if youve got numbers in there, that maybe your problem.
I may be talking out my ass but that what happened to me, i found the file in a hijack this log, it was actually called DNS something with an address after it which was handy. it can be disguised as a legit file though.
-
have you scanned with malware bytes in safemode?
Turn off your restore point, restart in safe mode with networking (allows you online)
Install and run ccleaner....Update malware bytes and scan....
Would be surprised if it ran clean at the latest database in safemode...
I got a virus on my laptop yesterday.....and this process fixed it
Hope you get sorted....
Brian
-
Will give that a go in a mo cheers mate
-
MBAM should be run in normal mode as it operates 'better' and has a higher rate of detection, unless the malware infection is stopping it from running :nerd:
Repair Internet Explorer (http://iefaq.info/index.php?action=artikel&;cat=42&id=133&artlang=en)
Then SmitFraudFix (http://www.bleepingcomputer.com/virus-removal/how-to-use-smitfraudfix)
Then SAS the f@cker (http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE&rid=3324)
Remove MBAM, reinstall, update the database and rescan again.
If you still get sh!t happening:
Use ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) get the log from C:\Comofix.txt and paste it here
-
I'm not trying to be funny, but theirs lots of these types of threads on this Forum, and many other Forums where people are tearing their hair out, trying to deal with these futile issues, I've been there too many times before, learnt my lesson. and vowed never to buy Microsoft based products ever again, I hope you get it sorted asap... I would have put it in the bin by now :angry:
Thom
-
I've been there too many times before, learnt my lesson. and vowed never to buy Microsoft based products ever again, I hope you get it sorted asap... I would have put it in the bin by now :angry:
Sometimes it's best to keep quiet and just realise there are people out there who view far, far nastier p0rn than you.
-
I've been there too many times before, learnt my lesson. and vowed never to buy Microsoft based products ever again, I hope you get it sorted asap... I would have put it in the bin by now :angry:
Sometimes it's best to keep quiet and just realise there are people out there who view far, far nastier p0rn than you.
Either that or viewing Mk3s :lipsrsealed: :rolleyes:
Thom
-
The next time I get a call from Microsoft in India, i'll pass them your details.
-
I'm not trying to be funny, but theirs lots of these types of threads on this Forum, and many other Forums where people are tearing their hair out, trying to deal with these futile issues, I've been there too many times before, learnt my lesson. and vowed never to buy Microsoft based products ever again, I hope you get it sorted asap... I would have put it in the bin by now :angry:
Thom
:laugh:
You've not seen the thread about the Mac malware, have you?
-
I'm not trying to be funny, but theirs lots of these types of threads on this Forum, and many other Forums where people are tearing their hair out, trying to deal with these futile issues, I've been there too many times before, learnt my lesson. and vowed never to buy Microsoft based products ever again, I hope you get it sorted asap... I would have put it in the bin by now :angry:
Thom
Oh dear
(http://emailfwds.com/wp-content/uploads/2010/08/mac_users.jpg)
-
I'm not trying to be funny, but theirs lots of these types of threads on this Forum, and many other Forums where people are tearing their hair out, trying to deal with these futile issues, I've been there too many times before, learnt my lesson. and vowed never to buy Microsoft based products ever again, I hope you get it sorted asap... I would have put it in the bin by now :angry:
Thom
:laugh:
You've not seen the thread about the Mac malware, have you?
My Mbp is about is just over 2 years old, my sons Mbp is nearly 3 years old, neither of us have had one single software issue.... Nothing! Why would I want to start re beating myself over the head again with anything else?
Fair enough, yes I'm sure the malware issue is looming, but I'm not bothered, I'd just take it back to the shop and get it fixed if that's what it took, and set the repair bill against expenses, I'm all done with unecessary stress, makes no sense to me!
Thom
-
Except Apple are telling their Support personal (under threat of their job) NOT to remove the Malware :laugh: :laugh: :laugh: :laugh: :laugh:
-
Still not bothered :grin: :grin: :grin:
Thom
-
I read that in my head to the tune of this "yeah . . but am I bothered?" :D :D
(http://27.media.tumblr.com/tumblr_lhrbooh5SQ1qhhpsyo1_400.jpg)
-
I read that in my head to the tune of this "yeah . . but am I bothered?" :D :D
(http://27.media.tumblr.com/tumblr_lhrbooh5SQ1qhhpsyo1_400.jpg)
That how Felt when I wrote it Alan :grin: :grin:
Thom
-
I read that in my head to the tune of this "yeah . . but am I bothered?" :D :D
(http://27.media.tumblr.com/tumblr_lhrbooh5SQ1qhhpsyo1_400.jpg)
That how Felt when I wrote it Alan :grin: :grin:
Thom
like a dumb, teenage ginger cockney? :grin: :grin: :grin:
-
Well here I am on another router and... no redirect, clicksor ads or problems what so ever. So my router will be completely reset and taken back to factory settings when I'm home tomorrow evening. DNS will be flushed also. Hopefully will report back with some good news
-
Well here I am on another router and... no redirect, clicksor ads or problems what so ever. So my router will be completely reset and taken back to factory settings when I'm home tomorrow evening. DNS will be flushed also. Hopefully will report back with some good news
Nice one, great you got it sorted :cool: :cool:
Thom
-
Sorted! Just done a full reset on the router and flushed the DNS out and no more clicksor ads :smiley:
-
And how ironic after all the Mac-based chest-beating that the vector for the problem was the (probably Linux-based) router firmware.
Something about upgrading to the latest version of the firmware as well, Wez? :lipsrsealed: