The Letting Off Steam Thread

[el badman]

Goddamn it, I got some sort of spyware of malware that I can't seem to get rid of. I usually do that kind of stuff all the time for friends' and family's computers, but I just can't identify what's wrong here. It started yesterday, I get a random pop up tab in Firefox every once in a while, but mostly, I also get stupid commercial for black Friday at Target playing in the background, but there's no window for it, no process when I ctrl-alt-del it, nothing at all, I just can't see where that shit is coming from!
I scanned my PC a zillion times with Spybot, AVG, Microsoft's malicious software removal tool, and Malwarebyte, and they either can't find anything, or a just a tracking cookie called "Right Media", that gets deleted, but apparently keeps coming back...

[JaoSming]

when you do a google search, when you click on a result does it redirect you to virus websites?

and in your C:/Windows/Temp folder, do you have a bunch of folders or files called [4 random characters].tmp?

Cause I'm dealing with one hell of a trojan right now

[Lamrock]

buzzy, I know what you mean Buzzy. I went on what I thought was a date with a girl a few months ago, only to find her Facebook relationship status change to "In a relationship with some douche" a couple days later.

[el badman]

when you do a google search, when you click on a result does it redirect you to virus websites?

and in your C:/Windows/Temp folder, do you have a bunch of folders or files called [4 random characters].tmp?

Cause I'm dealing with one hell of a trojan right now

I does not redirect me to virus websites and my TEMP folder seems to be pretty much empty, yet I still get that random popup tab that's meant to be a Google news page or something, and I still hear that stupid commercial announcement every now and then. I installed AdBlocker, I reinstalled Firefox and the new AVG, I'm blocking all cookies, ran all my spyware/malware detectors...I just don't know what to do anymore.

[Andrew]

You might want to try this:
http://www.malwarebytes.org/forums/inde ... opic=12709

Usually it's only necessary when Malwarebytes won't run at all but it could solve your problem as well.

[Dee.]

Fuck my Internet Connection.
I Can't even watch youtube Video's at Day time.
Though at Night i got a 10MB/S speed.
Bullshit.

[el badman]

You might want to try this:
http://www.malwarebytes.org/forums/inde ... opic=12709

Usually it's only necessary when Malwarebytes won't run at all but it could solve your problem as well.

Thanks Andrew, although it did not seem to fix the issue. I ran AVG 9.0, Spybot and Malwarebytes many times, and now they do not even detect anything abnormal anymore, yet I'm still getting the same problem. As soon as I launch Firefox, some random tab pops up (right now it was set to a search for the nearest movie theater in my area on yellowpages.com, no idea why ), which keeps turning into a different page until I close that tab.
I can't believe this shit is not detected by any of the tools I've used, and that it keeps happening even though I've blocked all incoming cookies and installed AdBlocker for Firefox.
I think my last resort for now is to restore my PC to a couple of days ago, before this started happening. Hopefully it'll take care of it.

[Al Ka Pwn]

Have you tried hijack this?

[Lightning Strike]

I think my last resort for now is to restore my PC to a couple of days ago, before this started happening. Hopefully it'll take care of it.

Just out of curiosity, why is this your last resort? Wouldn't it be the easiest and quickest option rather than scanning your computer several times with everything?

[Andrew]

A system restore can cause issues of its own and doesn't always fix the problem. Scans usually knock problems out without having to go back and reinstall Windows updates and other programs that may be wiped upon a system restore.

[Lightning Strike]

Well of course you should run scans first to get the problem solved, but I don't really think having to re-download and install any Window's updates is a setback to having to deal with an annoying virus and hassling over it. It's not necessarily the best option, but it is the easiest and quickest option if the initial scans fail to work, at least that's how I choose to run things.

I understand what you mean though, educating yourself about the viruses and trying to find the right solution is a lot more sensible than just wiping the system.

[Andrew]

I think you've nailed it right there, perhaps unintentionally but accurately all the same: quick and easy isn't always the best. A system restore won't always remove infections and it certainly won't quarantine or delete them, so even though they're moved from the registry they're still there and able to reinfect the computer, possibly as soon as the next reboot. Generally speaking, running those scans is going to be much more effective, even if system restore is quicker and takes less effort. If nothing else, it should be the first port of call, system restore being another option and a complete reinstall being the absolute last resort.

[Patr1ck]

Sounds like Vundo.

http://answers.yahoo.com/question/index ... 756AA8PEFi

[NovU]

What kind of program??? hope I can help you but I didnt use Java for the last 3 years

We use BlueJ to make java programs. Thanks for the offer but the due date already passed.

[Lamrock]

I got Vundo about a year ago. Thought system restore fixed it, but then it came back a week later. Then I tried a shitload of different spyware programs, and one eventually worked: Malwarebytes.

[shadowgrin]

My Yahoo account just got hacked. Meh.
Nothing important there, but if that person/bot messed around with my fantasy leagues, there's hell to pay.

[el badman]

This is so fucked up.
I tried all the programs mentioned here and more, I went back to a restore point that I know shouldn't have been infected, and all of that failed. First thing I got when enabling the network connection is that stupid commercial playing in the background again, even though I hadn't even launched any Internet window yet...I've always had good luck using Malwarebytes on all the computers I've worked with, but this has to be the sneakiest fucking adware ever. All those programs detect the harmful cookies and delete them, but they do not manage to detect the root of the problem, which is probably an infected file in system32 or a similar system folder, so new harmful cookies keep appearing.

And Lighting Strike, the restore point system is the last resort for me because as mentioned by Andrew, it's never a perfect picture of what the system looked like at that exact moment, and not only it didn't work in this case, but because I had uninstalled and reinstalled a few programs (AVG, Firefox, Glary) after that restore point, now I can't even use them anymore. They're still showing in the "add/remove programs" window, but I cannot use or even uninstall them, I only get error messages now.

I think I'm gonna be left with reinstalling Windows, in which case I'll probably just go ahead and make the jump t Windows 7 instead...

[JaoSming]

I have a rootkit infection, and MBAM, SAS, and Avast all find it and "fix" it but it doesnt. Also, what is also fun, is that combofix finds it but then BSOD on me

[Patr1ck]

If you guys have access to another computer, or want to try using the same computer, you need to make some threads at one of these forums. Make sure you follow the rules, as some of them are strict and won't answer if you don't follow the process correctly, but they are pretty willing ot help.

http://www.bleepingcomputer.com/forums/
http://www.techsupportforum.com/
http://www.security-forums.com/viewforum.php?f=48
http://www.geekstogo.com/forum/forums.html
http://www.wilderssecurity.com/index.php
computing.net is also a good one and I used to go there all the time and just search any errors word for word which most of the time had already happened to someone else and they had the info on how to fix right there.
annoyances.org is good, too.

[JaoSming]

yep, I got a thread at bleeping I created Friday

as of right now it looks like they have a 8 day wait on responses though


as a temporary fix, since it likes to exploit the temp folder to make my computer crash/run slow I write protect my temp folder when I just want to use my computer and not try to fix it

[Andrew]

I think I'm gonna be left with reinstalling Windows, in which case I'll probably just go ahead and make the jump t Windows 7 instead...

That's the way I'd go at this point.

[JaoSming]

to add a strange note with my issue, it just hijacked my nvidia settings and made my screen go completely black and white

[Andrew]

nWo syndrome?

[JaoSming]

see? that's why you dont rip wrestling themes off youtube people

[el badman]

I actually just bought Windows 7 at Walmart.
Since it's the upgrade version, I will need to have the drive backed up and formatted, then have a full copy of XP or Vista installed on it, just so that it can be upgraded it to 7 afterwards. Fantastic...
I really don't feel like dealing with all f this, so I'll go to my regular PC store, but what a fucking waste of time and money overall. I especially can't believe that supposedly protected restore points can still be affected even if the virus happened after it was created.

Also, what is also fun, is that combofix finds it but then BSOD on me

I tried to launch it, and it got stuck on "attempting to create a restore point", nothing happened after that. All the other programs ran fine, but could not solve my issue. I've spent hours on forums and googling stuff, but nothing worked so far...

The only good thing is it only seems to affect me when I'm online, it doesn't seem to do much when I play offline or anything like that. Still annoying crap though, I'm having to use my 7 year old laptop right now...