Pop-up ads, slow browser, freezing malwarebyte, and more problems

A

Aznpincer1

New Member
So I run Windows XP.

I use Malwarebytes and Avast.

Just last night the following issues have started to occur.

1) Random Pop-Up Ads in Internet Explorer windows

2) Random sounds (that sound like commercials/ads) will occur randomly

3) Firefox (my primary browser) runs slower and on some pages it will just hang at "loading"

4) When I search google and click on a search result, I sometimes get redirected to a "StopZilla" page.

5) When I open firefox, this error comes up each time: You may not have the appropriate permission to access the item (error code, C:\Program Files\Java\jre6\lib\deploy\jqs\ff\...\bin\jsqnotify.exe)

6) When I try to run a scan with Malwarebytes, within 3-5 minutes my whole computer freezes. (and Avast picks up nothing after a full scan)

What can I do and where can I start to get my computer running smooth and error free again?
 
You're infected by the sound of it.

First thing is to go into Internet Options > Connection > LAN Settings and uncheck the proxy boxes. Many adwares use a proxy to load ads onto your browser.

Do the same in firefox. Tools > Options > Advanced > Network tab > Settings and select No proxy.

Once you've done that go here:

http://www.bleepingcomputer.com/download/anti-virus/rkill

Download Rkill.scr and iExplore.exe (it's Rkill renamed to fool the infection)

Save them but do not run them yet. Put them on to a FAT32 formatted thumbdrive, otherwise the infection will revoke your permissions to run the programs.

Once on the thumbdrive, run Rkill.scr and let it go. If it stops/freezes/hangs or closes without warning, try the iExplore.exe file instead.

Rkill will detect and kill any known malware processes running. Check your task manager for whatever Rkill finds, if it is still there after running Rkill, you are severely infected.

If Rkill succeeds however, try installing, updating and running Malwarebytes again. If it still hangs or closes abruptly without warning, Rkill was not successful.

Next thing to try is HijackThis, which can be downloaded here:

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Install the program, run it and select Scan System and Save a log file. HJT will run. When it completes, post the log here. Do not click fix or remove yet as many entries in there are harmless or essential.

If HJT closes abruptly when scanning, and won't run again afterwards, it's the same SOB virus my customer's computer had. I ended up restoring it to factory settings and going from there with updates and drivers and so on. I'd backup anything dear to you on the computer knowing that you might have to reformat and reinstall.

EDIT: I'd also recommend installing AdBlock Plus on all your browsers to block such ads (just subscribe to the easylist) that have drive by malware im them or are just plain annoying.
 
Last edited:
In addition to what Linkin suggested, since you run XP, it might be easier to boot to safe mode by pressing the F8 key on start up and choose safe mode from the list of options. Just make sure you download those files he mentioned to a flash drive first.

If running those programs don't work then you will be forced to run this program in safe mode as well. Download it to the flash drive and then transfer it to your desktop area once you are logged into safe mode.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Note that if it's the same kind of infection (DDS) that was on the computer I was working on, safe mode won't help you. I gave up and restored/reformatted after backing up what the customer wanted to keep
 
You must log in or register to reply here.
Back
Top