Noisy Infection

[Gargamel360]

Had audio ads, 2 explorers, chats popping up all over.  All symptoms except IE redirect and disabled Windows security center gone after running MBAM.

[Gargamel360]

part 2

[com155]

wht......what sort of infection is that try boot cd such as dr.web rescue disk if u think that this a extreme condition to deal with?

[essexboy]

That is sometimes a sign of a whistler type infection, although I do not feel it is in this case but we will check it out anyway

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]


[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  PCDr -> C:\Users\Blake\AppData\Roaming\PCDr
[Files/Folders - Modified Within 30 Days]
NY ->  Vbvpo.job -> C:\Windows\tasks\Vbvpo.job
NY ->  pautoenr8.dll -> C:\Windows\SysWow64\pautoenr8.dll
[Empty Temp Folders]
[CreateRestorePoint]
 
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

THEN

Please read carefully and follow these steps. 

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
   
  
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
   
  
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
   
  
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
   
  
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[Gargamel360]

Well, this ended tragically.  I told him to wait, but by the time I got back over there, he had someone else looking at it.  Reformat was suggested,  I said fine, ok.  But he has a OEM, and they couldn't figure out how to factory reset it, so this other guy brings his Win7 disc over, thinking that the machines activation code would work for the disc.  I tried to explain why not,  but.....well, they tried anyway, and now he has a nice pc that says something like "welcome to Win7, please insert your activation code".

The owner is on the phone with Dell, trying to sort it out with them.  Felt kind of bad, it was some fool guest who infected the owners pc to begin with.  Anyway, sorry for the time waste, dead end.

[DavidR]

Hopefully they will have learnt a valuable lesson here. The recommendation when it is eventually resolved is to get drive imaging software and religiously make a backup image of your system partitions every week, save it to a second hard drive or DVD. So if the dark brown stuff ever hits the fan in the future, restore the last weekly backup image.

At worst you may have lost 6 days of new program installations/updates, etc. and that is a breeze compared to what has happened. There are also backup programs that will backup your data files, etc. and that should be used at least once a day, for your data files that change regularly. Make a backup and recovery plan, what to backup, when and how to recover.

If you don't want to lose it, back it up; if you fail to plan, then you plan to fail.

Back & Recovery Strategy:
If you have a back-up and recovery plan, you can recover from anything in minutes, not hours or days.

1. back-up all the things that you don't want to lose, data files, like documents, spreadsheets, emails, email account details, registration keys, address book, favourites/bookmarks, downloaded files/programs, etc. the list goes on and on but if you don't want to lose it back it up. There are many back-up programs that can simplify this task and run it every day.

2. Recovery - re-installing your system really is a poor choice and one of last resort. There are tools (Drive Imaging software) that take exact images of your Partitions or Hard Disks and these images can be restored in minutes if you suffer a major catastrophe and that doesn't have to be a virus attack.

I do a weekly image of my partitions and save them to my 2nd hard disk, they can also be saved to off-line storage, DVD, USB external hard disk, etc. as part of my weekly system maintenance.

So if the worst comes to the worst at most I lose:

• 6 days worth of program updates or new installations, but with my daily back-up I can recover most of that.
• less than one days data files, emails, etc.

None of these is a problem and much quicker than a system reinstall and I don't have to go on-line to download the myriad of security updates needed to secure my system where there is a chance to get reinfected whilst my system has vulnerabilities because of these missing patches. Not to mention all my system tweaks and program settings are retained and I will have saved myself many hours of work and a huge amount of stress.

[essexboy]

Shame really as I reckon the removal of the .job file would have resolved it