Avast WEBforum

Other => Viruses and worms => Topic started by: XK on October 16, 2013, 07:02:11 PM

Title: static virus or whatever
Post by: XK on October 16, 2013, 07:02:11 PM
Not sure if I have done this correctly. I used to know a lot about computers, now, not.so.much.

I have random popups that open in chrome and I imagine in other browsers as well, but I rarely use anything else. The pop ups typically occur only once a day and I have blocked the site from doing much more than opening a completely blank page. If I'm online they pop up will occur around 1:30 AM or if the machine is off (a rarity) the popup will occur around 10:30 am or 1:30 pm. Don't know if that is helpful or not.

So, what happens now? I think I followed all the directions correctly except I saved the malwarebytes and adwcleaner in one file.

Please excuse my lack of knowledge.
Title: Re: static virus or whatever
Post by: mikaelrask on October 16, 2013, 07:48:22 PM
Hey and welcome to the avast forum. you have attach the needed log.
now you wait for a malware expert to guide you from here.

could you provide a pic of that popup also.
It gives the malware expert some more information to go on.
Title: Re: static virus or whatever
Post by: magna86 on October 16, 2013, 07:49:26 PM
Hi,



Please download zoek.zip or zoek.rar by smeenk ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...
Code: [Select]
createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;
Title: Re: static virus or whatever
Post by: XK on October 16, 2013, 08:23:38 PM
Hi,



[...]

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

zoek-results log is attached
Title: Re: static virus or whatever
Post by: magna86 on October 16, 2013, 08:57:41 PM
Hi,
Not the first time I've seen some user to seek help in avast forum and yet uses another AV product. I never asked...you are the first one. I'm interested in why's that?  :)


Re-run zoek.exe as you did before but with this script:

Code: [Select]
emptyclsid;
C:\Windows\*.tmp;f
C:\Users\Rebecca\AppData\Local\Temp\UNINSTALL.EXE;f
C:\Users\Rebecca\AppData\Local\Temp\oi_{C0F19D17-73CD-4E29-970F-CF038F8289AA}.exe;f
C:\Users\Rebecca\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe;f
C:\Windows\SysNative\tasks\DSite;f
C:\Users\Rebecca\AppData\Roaming\DSite;fs
C:\Windows\SysNative\tasks\RunAsStdUser Task;f
C:\Program Files (x86)\Pogo Games;fs
{98e34367-8df7-42b4-837b-20b892ff0849};c
C:\ProgramData\PogoDGC;fs
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r
"{98e34367-8df7-42b4-837b-20b892ff0849}"=-;r
Fast Discountz;ff
BargainJoy;ff
FFdefaults;
nmmhkkegccagdldgiimedpiccmgmieda;chr
{8CA5ED52-F3FB-4414-A105-2E3491156990};c
chrdefaults;
ipconfig /flushdns >> %temp%\log.txt;b
emptyalltemp;
autoclean;

Press RunScript, wait for zoek to finish his fix and reboot system. Please post fresh created zoek log.



=> How's your computer running now?
Title: Re: static virus or whatever
Post by: XK on October 16, 2013, 09:25:38 PM
OK, that's all done. File attached.

I came to this forum after I did a search for static virus because I didn't really know what it was called or even what it was really. I got a number of hits and read a few but decided that this was the most reputable place as I had a dear friend who recommended avast. I know avast is a good product and I may switch but I'm one of those crotched-y old people who do not adapt well to change. I still long for window 3.1.

I've been on the internet for a very long time and bb's before that and I can say that I have never had a virus. I think my av alerted me to a trojan a year or so ago but I'm not sure if it was real or not. I did what I was told to do and never felt any repercussions.

Not sure if this thing I had was related to that or not -- what was it that we fixed?

I won't know how things are running until I come home from work tomorrow morning. If I see the static blank page up, I'll know whatever we did, didn't work. If I don't see it, I'll know it did. Or maybe you'll know when you look at this log.

This was fairly painless and I really appreciate the help. Not sure what all I was sharing with these logs -- I hope it wasn't like telling my dreams to complete strangers who go on to psychoanalyze me. LOL
Title: Re: static virus or whatever
Post by: magna86 on October 16, 2013, 09:37:10 PM
Hehe...no, these tools just scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer.
This program is used varius security forums to provide a detailed overview of what programs/sofware are automatically starting when you start Windows and that will allow us to quickly ascertain whether or not malware may be running on your computer.


These logs looks good now. Is your computer behavior better after running this zoek script? Any pop-ups alert?
Title: Re: static virus or whatever
Post by: XK on October 16, 2013, 09:49:11 PM
The pop ups have only occurred at kind of specific times -- usually around 1:39 am (central time) and if my computer was off, the pop up would come on at 10:39 am or at 1:39 pm.  Or very, very close to those times. That's been my experience.

Computer seems to be running fine but I'll have to let you know tomorrow about the pop ups. I didn't mention it but this started a couple of months ago and it started with a pop up to web.longfintuna.net and I blocked that site then it switched to milesandkms.com which turned to static.forumdusein.com which turned into static.salesresourcepartners.com. After each blocking a new address would eventually appear.

I really do appreciate the help. A lot. Thanks and I will let you know what happens tomorrow.
Title: Re: static virus or whatever
Post by: magna86 on October 17, 2013, 01:15:48 PM
If all is good, I shall remove my tools:

Please download  DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.




I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity -  Official download link (http://www.mcshield.net)
Softpedija - Mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
Title: Re: static virus or whatever
Post by: XK on October 17, 2013, 03:22:39 PM
Thanks Magna. I just got home from work and I see everything is regular normal. No static pop up.

I will keep the MC Shield thing in mind, but I really don't use USB flash drives and I don't plug my phone in to the computer or use memory sticks. I'm pretty damn boring. I think I used a USB when I got this computer new which was like 2 or 3 years ago. Boring, I know.

But in a couple of weeks I will seriously look into upgrading to avast. I appreciate the help -- you've been great.