Weird problem please help asap!

Borinto

Borinto

New Member
Hello everyone,

When i turn on my computer some weird rectangle pop up after i try to launch my browser Yandex the tab that was opened when the pop up showed up said "Choose a search engine" so i clicked on it but nothing happened i tried clicking on the rectangle but nothing happened,i also noticed that which ever folder or program i enter the stuff that was on the place where the rectangle was would leave a trace on it.Here is what i did before the rectangle started showing up:
Yesterday i installed Steam to my computer to download some games,after instolving i wanted to go to bed so today when i woke up i realized it was useless for me so i uninstolved it after that i saw that i had a steam icon in the bar in the right botom corner so i clicked on it and clicked exit.I brwsed the usual internet pages i bowse and then turned of my computer.After a few hours i turned on the computer on again i launched my borwser Yandex and i got a weird rectangle pop up and the "Choose a search engine" tab in my taskbar.

Please help me?..
 
You must have some sort of malware on your system. Do the following and post the logs.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
Sorry Adw Cleaner's file was accidentaly closed and i couldnt find it but here are the entries from
  1. JRT
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.0 (11.12.2015)
    Operating System: Microsoft Windows XP x86
    Ran by Ilic (Administrator) on uto 17.11.2015 at 21:07:04,57
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 12

    Successfully deleted: C:\Documents and Settings\Ilic\Application Data\Mozilla\Firefox\Profiles\zw6dr8gb.default\gm_scripts\AgarioMods_evergreen_script\mods.user.js (File)
    Successfully deleted: C:\Documents and Settings\Ilic\Application Data\Mozilla\Firefox\Profiles\zw6dr8gb.default\gm_scripts\DIO-TOOLS\DIO-TOOLS.user.js (File)
    Successfully deleted: C:\Documents and Settings\Ilic\Application Data\Mozilla\Firefox\Profiles\zw6dr8gb.default\gm_scripts\Grepolis_Report_Converter\GrepolisReportConverterV2.user.js (File)
    Successfully deleted: C:\Documents and Settings\Ilic\Application Data\Mozilla\Firefox\Profiles\zw6dr8gb.default\gm_scripts\mods\mods.user.js (File)
    Successfully deleted: C:\Documents and Settings\Ilic\Application Data\Mozilla\Firefox\Profiles\zw6dr8gb.default\gm_scripts\Quack_Toolsammlung\Quack_Toolsammlung.user.js (File)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0NMHUDH7 (Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3W9VF1DI (Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SM0MNBC7 (Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SRW7F6C5 (Folder)
    Successfully deleted: C:\Program Files\GUM6F.tmp (File)
    Successfully deleted: C:\Program Files\GUT1BC.tmp (File)
    Successfully deleted: C:\Program Files\GUT2D2.tmp (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on uto 17.11.2015 at 21:08:45,53
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  2. Rkill
    Rkill 2.8.2 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 11/17/2015 09:41:04 PM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * C:\WINDOWS\System32\sfcfiles.dll : 1.614.848 : 05/15/2013 12:14 AM : e17798e1e6ff1ca9c67b8576570e05ee [NoSig]

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 11/17/2015 09:42:29 PM
    Execution time: 0 hours(s), 1 minute(s), and 25 seconds(s)


It didn't do anything i am still having the weird rectangle on my screen is there anything else that i can do?
 
I didn't need the rkill log. The adwcleaner log is located here.

C:\AdwCleaner

Please continue with the malwarebytes and OTL scans.
 
You must log in or register to reply here.
Back
Top