24 replies to this topic

[wpyles1]

Infected,

I seem to have picked up a virus and can't boot in safe mode using f8 and am getting unwanted popups. Can someone help me?

[jeffce]

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• The fixes are specific to your problem and should only be used for the issues on this machine.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.
• If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
• Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that....      Let's get going!!  
----------
 
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

• Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
• Double click dds to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------
 
Please download TDSSKiller

• Double click TDSSKiller.exe
• Press Start Scan but do nothing else as we are just looking for what is there.
• If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
• Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------

[jeffce]

Still need help?

[wpyles1]

Sorry this is my first time on What the tech. I replied with the logs via my email and didnt realize I needed to reply here...

 

Any way here are the logs.

Attached Files

•  AdwCleanerR0.txt   15.31KB   231 downloads
•  attach.txt   16.43KB   260 downloads
•  dds.txt   23.45KB   237 downloads
•  TDSSKiller.txt   206KB   198 downloads

[jeffce]

ComboFix

Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

[wpyles1]

attached is the comboFix log file.

Attached Files

•  comboFix log.txt   18KB   202 downloads

[jeffce]

Hi,
 
ComboFix

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

  ClearJavaCache::
   
  DDS::
  uStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_term=c9d37164-d801-448f-9f50-af21bbcd3889
  uDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_term=c9d37164-d801-448f-9f50-af21bbcd3889
  mStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_term=c9d37164-d801-448f-9f50-af21bbcd3889
  mDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_term=c9d37164-d801-448f-9f50-af21bbcd3889
  uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
  BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
  BHO: SafeSearch: {e27d5867-80de-4449-9c03-71707c0db05b} - c:\program files\safesearch\ie\adxloader.dll
  BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
  TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
  TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
  TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
  TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
  TB: SafeSearch Toolbar: {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - c:\program files\safesearch\ie\adxloader.dll
  mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
  mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
  
  Folder::
  c:\users\HP USER\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
  c:\users\HP USER\AppData\Roaming\mysearchdial
  c:\program files\Mysearchdial
  c:\programdata\WeCareReminder
  c:\program files\SafeSearch
  c:\programdata\blekko toolbars

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix may request an update; please allow it.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Post the new ComboFix and AdwCleaner logs and let me know how your system is running. 

[wpyles1]

Quick question do I need to run this under both my and my wife's login or should this take care of the whole computer.

[jeffce]

It should take care of everything. 

[wpyles1]

Jeff, I am at the final phase of this process but cant seem to get Norton completely shutdown. I follow all instruction of how to close it but still get the warning message from combofix saying:

 

antispyware: Norton Security Suite

 

The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note this is at your own risk.

 

I had a message before this one warning about such software and went and turn off auto update and everything else norton possible i could find but  still got this message. can/should I somehow abort combofix process at this point?

[jeffce]

No just let it run.  It should be ok.    When the log is made be sure to post it. 

[wpyles1]

combofix & AdwCleaner logs attached.

 

So far everything seems to be running smoothly on my pc now. Thank you very much for your help.

I will try to keep it more clean. I use Norton constant guard and Avast are these ok for protection or do you recommend others.

 

Thanks again!

 

 

 

 

 

Attached Files

•  ComboFix.txt   16.67KB   251 downloads
•  AdwCleanerS0.txt   9.68KB   328 downloads

Edited by wpyles1@yahoo.co, 28 December 2013 - 11:20 AM.

[jeffce]

I use Norton constant guard and Avast are these ok for protection or do you recommend others.

Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either Norton or Avast (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel).  As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
 
 
Java

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

http://java.com/en/download/index.jsp
----------

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  • 
    
  • Downloaded Applets
    Downloaded Applications
    Installed Applications and Applets
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

----------
 
Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan, and let me know how things are now.

----------

[wpyles1]

I had to download and install malwarebytes since I did not have it...

 

Log attached, I did not remove what it found, should I?

 

I have not run the ESET scan yet.

 

 

Attached Files

•  MBAM-log-2013-12-29 (10-29-40).txt   2.37KB   194 downloads

[jeffce]

Sorry about the instructions for Malwarebytes.....for some reason I saw it on your system already.  Please run Malwarebytes again and remove whatever is found and then post the new log and also the log from ESET when you get it.