Author Topic: static virus or whatever  (Read 545 times)

Offline XK

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
static virus or whatever
« on: October 16, 2013, 05:02:11 PM »
Not sure if I have done this correctly. I used to know a lot about computers, now, not.so.much.

I have random popups that open in chrome and I imagine in other browsers as well, but I rarely use anything else. The pop ups typically occur only once a day and I have blocked the site from doing much more than opening a completely blank page. If I'm online they pop up will occur around 1:30 AM or if the machine is off (a rarity) the popup will occur around 10:30 am or 1:30 pm. Don't know if that is helpful or not.

So, what happens now? I think I followed all the directions correctly except I saved the malwarebytes and adwcleaner in one file.

Please excuse my lack of knowledge.

Offline mikaelrask

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1299
  • Gender: Male
    • Personal Message (Offline)
Re: static virus or whatever
« Reply #1 on: October 16, 2013, 05:48:22 PM »
Hey and welcome to the avast forum. you have attach the needed log.
now you wait for a malware expert to guide you from here.

could you provide a pic of that popup also.
It gives the malware expert some more information to go on.
new computer
windows 8 Intel core I-3 64 bit
6 gb ram 500 gb hardrive. avast 9 MBAM

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: static virus or whatever
« Reply #2 on: October 16, 2013, 05:49:26 PM »
Hi,



Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Offline XK

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: static virus or whatever
« Reply #3 on: October 16, 2013, 06:23:38 PM »
    Hi,



    [...]

    • Save notepad to your Desktop and attach here zoek-results.log
      Note: It will also create a log in the C:\ directory named "zoek-results.log"

    zoek-results log is attached

    Offline magna86

    • Anti Malware Fighter
    • avast! Evangelist
    • Massive Poster
    • ***
    • Posts: 3245
    • Gender: Male
      • Ambulanta MyCity Forum - ASAP Member
      • Personal Message (Offline)
    Re: static virus or whatever
    « Reply #4 on: October 16, 2013, 06:57:41 PM »
    Hi,
    Not the first time I've seen some user to seek help in avast forum and yet uses another AV product. I never asked...you are the first one. I'm interested in why's that?  :)


    Re-run zoek.exe as you did before but with this script:

    Code: [Select]
    emptyclsid;
    C:\Windows\*.tmp;f
    C:\Users\Rebecca\AppData\Local\Temp\UNINSTALL.EXE;f
    C:\Users\Rebecca\AppData\Local\Temp\oi_{C0F19D17-73CD-4E29-970F-CF038F8289AA}.exe;f
    C:\Users\Rebecca\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe;f
    C:\Windows\SysNative\tasks\DSite;f
    C:\Users\Rebecca\AppData\Roaming\DSite;fs
    C:\Windows\SysNative\tasks\RunAsStdUser Task;f
    C:\Program Files (x86)\Pogo Games;fs
    {98e34367-8df7-42b4-837b-20b892ff0849};c
    C:\ProgramData\PogoDGC;fs
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r
    "{98e34367-8df7-42b4-837b-20b892ff0849}"=-;r
    Fast Discountz;ff
    BargainJoy;ff
    FFdefaults;
    nmmhkkegccagdldgiimedpiccmgmieda;chr
    {8CA5ED52-F3FB-4414-A105-2E3491156990};c
    chrdefaults;
    ipconfig /flushdns >> %temp%\log.txt;b
    emptyalltemp;
    autoclean;

    Press RunScript, wait for zoek to finish his fix and reboot system. Please post fresh created zoek log.



    => How's your computer running now?

    Offline XK

    • Newbie
    • *
    • Posts: 5
      • Personal Message (Offline)
    Re: static virus or whatever
    « Reply #5 on: October 16, 2013, 07:25:38 PM »
    OK, that's all done. File attached.

    I came to this forum after I did a search for static virus because I didn't really know what it was called or even what it was really. I got a number of hits and read a few but decided that this was the most reputable place as I had a dear friend who recommended avast. I know avast is a good product and I may switch but I'm one of those crotched-y old people who do not adapt well to change. I still long for window 3.1.

    I've been on the internet for a very long time and bb's before that and I can say that I have never had a virus. I think my av alerted me to a trojan a year or so ago but I'm not sure if it was real or not. I did what I was told to do and never felt any repercussions.

    Not sure if this thing I had was related to that or not -- what was it that we fixed?

    I won't know how things are running until I come home from work tomorrow morning. If I see the static blank page up, I'll know whatever we did, didn't work. If I don't see it, I'll know it did. Or maybe you'll know when you look at this log.

    This was fairly painless and I really appreciate the help. Not sure what all I was sharing with these logs -- I hope it wasn't like telling my dreams to complete strangers who go on to psychoanalyze me. LOL

    Offline magna86

    • Anti Malware Fighter
    • avast! Evangelist
    • Massive Poster
    • ***
    • Posts: 3245
    • Gender: Male
      • Ambulanta MyCity Forum - ASAP Member
      • Personal Message (Offline)
    Re: static virus or whatever
    « Reply #6 on: October 16, 2013, 07:37:10 PM »
    Hehe...no, these tools just scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer.
    This program is used varius security forums to provide a detailed overview of what programs/sofware are automatically starting when you start Windows and that will allow us to quickly ascertain whether or not malware may be running on your computer.


    These logs looks good now. Is your computer behavior better after running this zoek script? Any pop-ups alert?

    Offline XK

    • Newbie
    • *
    • Posts: 5
      • Personal Message (Offline)
    Re: static virus or whatever
    « Reply #7 on: October 16, 2013, 07:49:11 PM »
    The pop ups have only occurred at kind of specific times -- usually around 1:39 am (central time) and if my computer was off, the pop up would come on at 10:39 am or at 1:39 pm.  Or very, very close to those times. That's been my experience.

    Computer seems to be running fine but I'll have to let you know tomorrow about the pop ups. I didn't mention it but this started a couple of months ago and it started with a pop up to web.longfintuna.net and I blocked that site then it switched to milesandkms.com which turned to static.forumdusein.com which turned into static.salesresourcepartners.com. After each blocking a new address would eventually appear.

    I really do appreciate the help. A lot. Thanks and I will let you know what happens tomorrow.

    Offline magna86

    • Anti Malware Fighter
    • avast! Evangelist
    • Massive Poster
    • ***
    • Posts: 3245
    • Gender: Male
      • Ambulanta MyCity Forum - ASAP Member
      • Personal Message (Offline)
    Re: static virus or whatever
    « Reply #8 on: October 17, 2013, 11:15:48 AM »
    If all is good, I shall remove my tools:

    Please download DelFix by "Xplode" to your Desktop.

    Run the tool and check the following boxes below;
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore

    Now click on "Run" button. Wait for the programme completes his work.
    All the tools we used should be gone.
    Tool will create and open an log report (DelFix.txt)
    Note: The report will also be stored on C:\DelFix.txt


    > I don't need DelFix log report.




    I recommended to use MCShield if you will.
    You may download MCShield from one of the following links:

    MyCity -  Official download link
    Softpedija - Mirror download link

    It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
    And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

    Offline XK

    • Newbie
    • *
    • Posts: 5
      • Personal Message (Offline)
    Re: static virus or whatever
    « Reply #9 on: October 17, 2013, 01:22:39 PM »
    Thanks Magna. I just got home from work and I see everything is regular normal. No static pop up.

    I will keep the MC Shield thing in mind, but I really don't use USB flash drives and I don't plug my phone in to the computer or use memory sticks. I'm pretty damn boring. I think I used a USB when I got this computer new which was like 2 or 3 years ago. Boring, I know.

    But in a couple of weeks I will seriously look into upgrading to avast. I appreciate the help -- you've been great.

     

    Google Chrome

    AVAST recommends using the FREE Google Chrome™ browser.

    Download Google Chrome Now