Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't Remove Persistent Pop Ups [Solved]

Pop Ups

  • This topic is locked This topic is locked
25 replies to this topic

#16 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 03 November 2014 - 02:24 AM

Sorry for the delay Belinda.

It seems that your daughter’s computer is OK but before we tidy up, just a couple more scans.


Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.
 


CMD: ipconfig /flushdns
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Satchfan

 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#17 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 03 November 2014 - 04:48 AM

Thank you!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014
Ran by Rachael at 2014-11-03 20:39:27 Run:2
Running from E:\User Data\Rachael\Downloads
Loaded Profiles: UpdatusUser & Rachael (Available profiles: UpdatusUser & Rachael & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 3.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 

Results of screen317's Security Check version 0.99.89  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 2% 
````````````````````End of Log`````````````````````` 
 


#18 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 03 November 2014 - 09:24 AM

Hi Belinda

 

I am leaving to drive to Cornwall, (UK), and it will take a couple of hours so will send the clean-up instructions etc later.

 

Sorry for the delay but family birthday!!!

 

Thanks

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#19 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 03 November 2014 - 12:33 PM

Hi Belinda; your daughter’s computer appears to be clean.

Now that it’s free from malware, as long as the computer seems to be running well, please follow these simple steps to tidy up and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore


  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete. Eset can be uninstalled through Add and Remove Programs in the Control Panel.

===================================================

Firewall

You're using the Windows Firewall which is not adequate protection. The main reason you should use a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signals (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks. That means if malware happens to compromise your PC again, it will be able to SEND OUT your credit card data and any other personal information.

I suggest you install a more robust third party firewall that filters both incoming and outgoing traffic.

Download and install one of the following freeware firewalls from below:

Sygate Personal Firewall Free Edition:
Comodo Personal Firewall:

NOTE only install one firewall. Having more than one could cause many programs to stop working altogether. Also, the firewalls may get in each others' way and cause some security holes that would not be there with just one firewall.

When you have done that:

Disable Windows firewall:

  • Click on Start, Settings and then Control Panel
  • click on the Security Center icon.
  • click on the Windows Firewall icon
  • click Off (not recommended) and then click OK.

You should take the time to read Understanding and Using Firewalls

===================================================

Update installed programs

Your versions of Internet Explorer is out-of-date. Version 8 is the latest that is compatible with Windows XP and is faster, more private, and more secure.

Download it here.

When you have installed it, you can download the Update for Internet Explorer 8 for Windows XP

===================================================

Recommended programs

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

 

===================================================

IMPORTANT

Please be aware that Microsoft stopped supporting Windows XP/SP3 on April 8, 2014.

That means your operating system will no longer have updates and patches to prevent infections.

Any XP machine that accesses the Internet after that date can expect to become infected repeatedly and any information on is capable of being stolen.

If/when that happens there will be no real remedy. Criminals were reportedly making extra preparations for the date that XP support ended.

See this link from ESET :

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#20 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 03 November 2014 - 09:15 PM

Hope you enjoyed the birthday get-together! :) Rach has been able to use the computer so there has been no rush to fix it but thanks for your concern. Anyway, I'll complete the latest steps and get back to you.



#21 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 03 November 2014 - 09:50 PM

Hi Satchfan

 

I couldn't install the IE update...says incompatible with the system.  Here is the last log created.

 

 
# DelFix v10.8 - Logfile created 04/11/2014 at 13:21:31
# Updated 29/07/2014 by Xplode
# Username : Rachael - RACHAEL-PC
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\avenger.txt
Deleted : C:\Documents and Settings\Rachael\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Rachael\Desktop\AdwCleaner[S0].txt
Deleted : C:\Documents and Settings\Rachael\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Rachael\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Rachael\Desktop\hijackthis.log
Deleted : E:\User Data\Rachael\Downloads\Addition.txt
Deleted : E:\User Data\Rachael\Downloads\esetsmartinstaller_enu.exe
Deleted : E:\User Data\Rachael\Downloads\Fixlog.txt
Deleted : E:\User Data\Rachael\Downloads\FRST (1).exe
Deleted : E:\User Data\Rachael\Downloads\FRST (2).exe
Deleted : E:\User Data\Rachael\Downloads\FRST (3).exe
Deleted : E:\User Data\Rachael\Downloads\FRST (4).exe
Deleted : E:\User Data\Rachael\Downloads\FRST (5).exe
Deleted : E:\User Data\Rachael\Downloads\FRST (6).exe
Deleted : E:\User Data\Rachael\Downloads\FRST (7).exe
Deleted : E:\User Data\Rachael\Downloads\FRST.exe
Deleted : E:\User Data\Rachael\Downloads\FRST.txt
Deleted : E:\User Data\Rachael\Downloads\JRT.exe
Deleted : E:\User Data\Rachael\Downloads\HiJackThis.exe
Deleted : E:\User Data\Rachael\Downloads\hijackthis.log
Deleted : E:\User Data\Rachael\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Creating registry backup ... OK
 
Thank you!


#22 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 04 November 2014 - 02:43 AM

Hope you enjoyed the birthday get-together!

 

 

Thank you Belinda. The birthday is today and we're off for lunch soon then returning back home, (to Devon!), later.

 

 

I see that amongst those deleted was Avenger.txt. I hope that this was on there from previous expert help as that tool should only ever be used with the guided help of an expert; otherwise it could wreck your computer. It is a very dangerous program to run without instruction from someone who knows what they are doing.

That said, see this page to see if it helps with installing Internet Explorer 8.
 

It may be easier to ask in our Browsers, Internet and email forum where they will know more about this than I do.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#23 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 05 November 2014 - 07:30 AM

Hi Satchfan
Yes I imagine the Avenger.txt would have been the result of a shop fix some time ago (which actually caused additional problems) so it was never used by us. I'll get onto the IE problem and report back to you regarding the results. Thanks again and obviously you have arrived home safely to Devon :)

#24 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 06 November 2014 - 02:06 AM

Hi

I am going to have to move to the forum regards the IE 8 issue. Thanks for all your help with our computer problems Satchfan :)

All the best

Belinda



#25 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 06 November 2014 - 04:10 AM

You're welcome.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#26 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 06 November 2014 - 04:10 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics




Also tagged with one or more of these keywords: Pop Ups

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users