No idea where to go from here?

cherokee rose · Jul 21, 2012

I was on my pc last night and my firewall suddenly turned itself off. I turned it on again and did a scan, I have avg 2012.

Got up this morning and my computer has been giving me problems ever since.

I keep getting random pop ups everywhere telling me I have won an iphone 4 etc, my avg is telling me I have a trojan, but it could not remove it.

Decided to download malwarebytes, did a full scan, mentioned something about a rootkit, at the end of the scan I had 71 threats, malwarebytes said it removed one of them, restarted my computer, just done another scan it said zero threats, but I am still getting the pop ups.

Also, everytime I go online i get a notification bubble from malwarebytes saying successfully blocked access to malicious website: 91.218.121.57, type: outgoing.

Does anyone know what I could do to fix this? also, should I change my passwords etc or is that side of things ok?

Thanks.

vger · Jul 21, 2012

Hello cherokee rose and welcome to the PCHF..

Please go to my red prework link in my sig click it,once there just follow the instructions..

Crush · Jul 21, 2012

In addition to the Prework logs please attach the Malwarebytes Anti-Malware log

cherokee rose · Jul 21, 2012

I am doing what vger said to do now and will post when its finished, the malware log do i just paste it all here?

Crush · Jul 21, 2012

Attach them all to your post via Upload A File when done

cherokee rose · Jul 21, 2012

I hope I have done this right, never done anything like this before. Thank you for your time.

Crush · Jul 21, 2012

Hi,

Have you rebooted your machine to complete the disinfection? Did you run aswMBR as well? I will need that log

cherokee rose · Jul 21, 2012

I have rebooted my pc and still have the same problems, here is the other file you needed.

Crush · Jul 21, 2012

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click PCHelpForum.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

cherokee rose · Jul 21, 2012

thank you, one question before i do this, will it wipe my computer? I only have the one computer in the house at the moment so cannot backup anything, if i have to lose my stuff then so be it but just wanted to check first so i know what to expect?

Crush · Jul 21, 2012

No, it will not wipe the data from your PC

cherokee rose · Jul 21, 2012

think this is right.

Crush · Jul 21, 2012

Looks good. How is the machine running?

cherokee rose · Jul 21, 2012

I am still getting the pop ups, it only seems to happen if I go onto a search engine, other websites seem ok.

Crush · Jul 21, 2012

Can you re-run OTL please?

Log in or Join Us

No idea where to go from here?

cherokee rose Bronze Member

vger STAFF

Crush Administrator & Security Team Leader

Google Advertisement

cherokee rose Bronze Member

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Attached Files:

OTL.Txt

Extras.Txt

Malwarebytes log.txt

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Attached Files:

aswMBR.txt

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Attached Files:

ComboFix.txt

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Crush Administrator & Security Team Leader

No idea where to go from here?

Log in or Join Us

No idea where to go from here?

cherokee rose Bronze Member

vger STAFF

Crush Administrator & Security Team Leader

Google Advertisement

cherokee rose Bronze Member

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Attached Files:

OTL.Txt

Extras.Txt

Malwarebytes log.txt

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Attached Files:

aswMBR.txt

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Attached Files:

ComboFix.txt

Crush Administrator & Security Team Leader

cherokee rose Bronze Member

Crush Administrator & Security Team Leader

No idea where to go from here?

Useful Searches