Infected,
I seem to have picked up a virus and can't boot in safe mode using f8 and am getting unwanted popups. Can someone help me?
Posted 20 December 2013 - 02:14 PM
Infected,
I seem to have picked up a virus and can't boot in safe mode using f8 and am getting unwanted popups. Can someone help me?
Register to Remove
Posted 22 December 2013 - 01:58 PM
Hi and Welcome!!
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
Having said that.... Let's get going!!
----------
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt
----------
Please download TDSSKiller
----------
AdwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.
----------
Posted 26 December 2013 - 07:10 AM
Still need help?
Posted 26 December 2013 - 11:27 AM
Sorry this is my first time on What the tech. I replied with the logs via my email and didnt realize I needed to reply here...
Any way here are the logs.
Posted 26 December 2013 - 12:46 PM
ComboFix
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
Posted 26 December 2013 - 08:14 PM
attached is the comboFix log file.
Posted 26 December 2013 - 08:28 PM
Hi,
ComboFix
ClearJavaCache::
DDS::
uStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_term=c9d37164-d801-448f-9f50-af21bbcd3889
uDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_term=c9d37164-d801-448f-9f50-af21bbcd3889
mStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_term=c9d37164-d801-448f-9f50-af21bbcd3889
mDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_term=c9d37164-d801-448f-9f50-af21bbcd3889
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: SafeSearch: {e27d5867-80de-4449-9c03-71707c0db05b} - c:\program files\safesearch\ie\adxloader.dll
BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: SafeSearch Toolbar: {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - c:\program files\safesearch\ie\adxloader.dll
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
Folder::
c:\users\HP USER\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
c:\users\HP USER\AppData\Roaming\mysearchdial
c:\program files\Mysearchdial
c:\programdata\WeCareReminder
c:\program files\SafeSearch
c:\programdata\blekko toolbars
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
AdwCleaner
Double click on AdwCleaner.exe to run the tool again.
------------
Post the new ComboFix and AdwCleaner logs and let me know how your system is running.
Posted 27 December 2013 - 08:20 AM
Quick question do I need to run this under both my and my wife's login or should this take care of the whole computer.
Posted 27 December 2013 - 09:03 AM
It should take care of everything.
Posted 28 December 2013 - 10:09 AM
Jeff, I am at the final phase of this process but cant seem to get Norton completely shutdown. I follow all instruction of how to close it but still get the warning message from combofix saying:
antispyware: Norton Security Suite
The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note this is at your own risk.
I had a message before this one warning about such software and went and turn off auto update and everything else norton possible i could find but still got this message. can/should I somehow abort combofix process at this point?
Register to Remove
Posted 28 December 2013 - 10:12 AM
No just let it run. It should be ok. When the log is made be sure to post it.
Posted 28 December 2013 - 10:55 AM
combofix & AdwCleaner logs attached.
So far everything seems to be running smoothly on my pc now. Thank you very much for your help.
I will try to keep it more clean. I use Norton constant guard and Avast are these ok for protection or do you recommend others.
Thanks again!
Edited by wpyles1@yahoo.co, 28 December 2013 - 11:20 AM.
Posted 28 December 2013 - 03:03 PM
I use Norton constant guard and Avast are these ok for protection or do you recommend others.
Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either Norton or Avast (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
Java
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
http://java.com/en/download/index.jsp
----------
See this page for instructions on how to clear java's cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
----------
Malwarebytes
Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------
ESET Online Scanner
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
----------
Posted 29 December 2013 - 10:33 AM
I had to download and install malwarebytes since I did not have it...
Log attached, I did not remove what it found, should I?
I have not run the ESET scan yet.
Posted 29 December 2013 - 12:16 PM
Sorry about the instructions for Malwarebytes.....for some reason I saw it on your system already. Please run Malwarebytes again and remove whatever is found and then post the new log and also the log from ESET when you get it.
0 members, 0 guests, 0 anonymous users