Infected?

[cathylm]

When I am using the browser a secondary browser page pops up behind the page I am on. I am about 99% sure I have been hijacked. I recently got a blue screen and my computer has been freezing up, etc.

I read through the before you post and I am submitting the required information. Any help would be great appreciated.

 

[Blade81]

Hi,

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• Please post contents of that file in your next reply.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.

 

[cathylm]

Thank you for your help. As requested I have included the two logs.

 

[Blade81]

Hi,

Does the browser issue still happen? If so, does it happen with both Firefox and Internet Explorer?

 

[cathylm]

Hello Blade81, to answer your question, I am still getting a second window pop up usually to an unsafe website. I use Web of Trust. At first it starts with google analytical. I don't know if that it useful. As for IE I honestly never use it. However, I did pull up IE and found the attached information. It wasn't set on Yahoo like I had it set up originally, it was a blank Ashampoo google page??? I hope some of this is useful.

 

[Blade81]

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

[cathylm]

Requested Logs

Here are the latest logs you requested. I wish to thank you for helping. You guys and gals help a lot of people. So thank you from Tennessee.

 

[Blade81]

Hi,

ComboFix item was some shortcut. Please copy-paste contents of c:\ComboFix.txt file back in your reply.

 

[cathylm]

combofix

I apologize, here is combofix.

 

[Blade81]

Hi,

Does it still redirect? Is the system behind a router? If it is, does it have other systems plugged in?

 

[cathylm]

Yes it still pulls up and redirects a second window to another website, usually ones that Web Of Trust deems dangerous. I'm not sure about the router thing. My computer's internet is where you get a bundle deal like phone, internet and TV. I also have an additional line hooked up by a router I expect. I very seldom us that computer. It's usually turned completely off.

 

[Blade81]

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

I also have an additional line hooked up by a router I expect. I very seldom us that computer. It's usually turned completely off.

Could you test how that other system works?

 

[cathylm]

Requested Info

I am including the zipfile for the TTDSSKiller.

The second line has a USB Netgear stick and is connected by Netgear router to the bundled telephone touchtone modem. I hope this info helps.

 

[Blade81]

Did you check if the other system has any of those redirect issues?

 

[cathylm]

Redirects

I'm sorry I did not get back with you yesterday, a migraine.

I turned on the older computer and checked to see if it redirects and it does not. The computer I use does not redirect with Internet Explorer, but it does with Mozilla Firefox which is what I always use.

 

[Blade81]

Hi,

Please try to reinstall Firefox by doing complete uninstall first (remember to select "Remove my Firefox personal data and customizations" option).

 

[cathylm]

Progress

I uninstalled firefox and lost most of my passwords. I have the more important ones though. It didn't do any good to unintall it. I still continued to have a secondary page pop of under the web of trust red sites. And trying use internet explorer was a nightmare. However, good news, I did find a way to stop the problem. It has to do with scripts. I only enabled some of the ones I had to have. It seems to work for now. If I run into a problem may I possibly contact you again? Thank you for your help Blade81.

 

[Blade81]

Hi,

Let's ensure Firefox is completely removed. Please uninstall it as instructed above (don't reinstall yet). Create fresh dds logs when ready.

 

[cathylm]

Re-test

I haven't had a chance to sit down and uninstall firefox. Hopefully I can get to it tomorrow after work. I'm still freezing up, etc.

 

[Blade81]

Ok, thanks for the heads up.