Help!! How to stop all the Popups, Adwares and Trojans??!!!

[green tea]

I guess I'm the latest person to need help!

The problem started Sunday afternoon. I was just browsing a forum I frequent for years, and then a bunch of popups started appearing. I kept seeing "Internet speed monitor..." and "Root.Stardoor", etc. These made my computer so slow and I tried exiting each one, but every couple of minutes more would show up.

I also noticed a new folder appear in My Document. I tried deleting that but it wouldn't let me, saying the application is in use. Then I checked the Start Up section, to see if anything new was installed. Turns out 2 programs installed by themselves "ISM" and "Outerinfo" I uninstalled both of them, and restarted my computer.

I even had problems starting my computer. It would boot for a little bit and then the screen would be black, and then it started up again. So I tried the "last known good configuration" and "safe mode". I had to alternate between the two (AND turn the power switch off) multiple times before successfully getting into my computer again.

The Internet speed monitor was gone, but the "Root.Stardoor" ads kept showing up once in a while. And then I left for work today thinking everything was ok.
................

I come home and then noticed a couple ads had popped up. The Root.Stardoor and a couple less indecent ads. So I started yahoo-ing for some answers. I ended up d/l SUPERANTISPYWARE (aka SAS for short) and ran that. I did a complete scan and found 500 infected files!!!!! So I quarantined that and restarted my computer. I had the same rebooting problems as the other times I restarted my pc *sigh*

And then I ran the SuperAntiSpyware again, and found 20 more infected. I removed everything that was in the Quaratine, and did a third scan. Found 40 infected. All of these were "ADWARE..." and "TROJANS"

The popups are less now, but everytime I open a new IE browser, an ad (ie: IMVU) would pop up. I'm currently have the free version of SAS running. I know that for the premium SAS, there's the real time ad blocker but I was wondering if there was anything I could do to get rid of these spywares/viruses for free first??

A couple basic info--I have Windows XP and use Internet Explorer. I always worry that my pc is going to die on me, and I suck at all the tech aspect of computers, so please help.

Your assistance is highly appreciated!!

[dairyman]

Please read this post and supply the logs.

[unlovedwarrior]

get spybot search and destroy

delete the files sas quaretined and rerun the scan

get spyblaster and update it

get rogue remover and update it and remove what it finds

get pocket killbox and browse to the folder you want to remove select remove on reboot  then ok apply then restart

run your antivirus if you have one if not get avg free and update and remove..

do all of this in safe mode (reboot and press f8 and select safe mode)

do all of this and report back what the programs find and if killbox deleted the folder

and i use sas free and love it

just my 2 cents

unlovedwarrior

[green tea]

Ok, just got home. Here are the SuperAntiSpyware logs

I actually scanned with SAS 3 times prior to finding out about this forum, but I'm going to include those logs as well just so you can see what happened with my pc



[file cleanup - saving space - attachment deleted by admin]

[green tea]

And here is the ESET log. I will get the Hijackthis log up later tonight.


[file cleanup - saving space - attachment deleted by admin]

[Broni]

Print out these instructions as we will need to close every window that is open later in the fix.

Download VundoFix:
http://www.atribune.org/content/view/24/2/

    * Double-click VundoFix.exe to run it.
    * When VundoFix re-opens, click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

***************************************************
1. Download VirtumundoBegone (http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe) and save it to your desktop.

2. Now reboot into Safe Mode.

         1. This can be done tapping the F8 key as soon as you start your computer

         2. You will be brought to a menu where you can choose to boot into safe mode.

         3. Select safe mode with networking using your arrow keys on the keyboard and then press enter.

         4. When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,

3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.

4. Exit when it has finished, and reboot back to normal mode.

*************************************************
Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
and post its log

[green tea]

Hi Broni, thanks for helping.

I had some questions before I follow your instructions. Do I still need to do Update my Java (Step 5 of Evilfantasy's things to do before posting) before I d/l the VundoFix?

Also, I'm having lots of trouble whenever I restart my computer. It won't run fully and stops in the middle of the Windows screen (before the login screen). My monitor would say "No signal" and the blackens out, then the pc would shut down and restart over again. That's when I have to do the "safe mode" or "prior good configuration" mode.

My other question was right after I'm done with VundoFix, do I reboot to normal mode, or safe mode (before proceeding to VirtumundoBegone)?

Hope this makes sense.

[Broni]

Do I still need to do Update my Java

Yes.

That's when I have to do the "safe mode" or "prior good configuration" mode.

...and what you do?

VirtumundoBegone should be run from Safe Mode.

[green tea]

Do I still need to do Update my Java

Yes.

That's when I have to do the "safe mode" or "prior good configuration" mode.

...and what you do?

How to explain.. when I had trouble fully restarting my pc, I try getting to Safe Mode, and then restarting my pc again from there. This worked sometimes, and but other times didn't work. I had to restart to Last Known Good Configuration. So basically, I had to alternate between those 2 modes when I tried restarting these last 2 days (whenever I needed to reboot).


I just checked the Add/Remove screen, and do not see any Java related items at all. Is that possible??

[Broni]

Maybe, you don't have Java installed. Get it here: http://www.java.com/en/download/index.jsp

Don't use Last Known Good Configuration anymore, because it brings you back to old infected state.

Run everything in Safe Mode from now on, until I tell you otherwise.

While in Safe mode, run again ESET on-line, Superantispyware, then VundoFix, and VirtumundoBegone

When you're done, try to run HijackThis from Normal Mode. If you still won't be able to, run it from Safe Mode.

Don't use Last Known Good Configuration

[green tea]

Java 6 has been installed.

About 10 minutes ago, I d/led VundoFix, but then the screen went blank and all the icons on my desktop are gone. All I see now is my wallpaper, the start menu, and clock (that whole bottom taskbar).

And then I just did Control Alt Delete, and only saw this Internet Page.

I'm going to restart now, and go to safe mode.

Should I go to just "Safe Mode", or "Safe Mode with Networking"

Awaiting your reply before I reboot. Thanks
....................

On a side note, my screen goes blank onces in a while, and the the items in my bar gets moved around (like iTunes was at the front but now its the back, any My Documents folders that are open get closed,etc).

[Broni]

Should I go to just "Safe Mode", or "Safe Mode with Networking"

It doesn't matter.
Go, before things will get worse.

[unlovedwarrior]

also while in safe mode try chkdsk /f (notice the space between the k and the /)
a black box will pop up and ask to do it on next restart enter y and press enter

[green tea]

also while in safe mode try chkdsk /f (notice the space between the k and the /)
a black box will pop up and ask to do it on next restart enter y and press enter

Hi, thanks for helping too. I was trying to get all the logs done, so I didn't follow the recommendation in your initial post. Hopefully, we don't have to do that.

Can you elaborate on the "chkdsk /f" process. What does this do, and where exactly do I go to enter that? I need all the detailed steps you can give me.
...........

Update: I'm currently in Safe mode and halfway done with ESET scan. It found 8 threats so far

[green tea]

ESET scan done. Here is the new log

But now I'm trying to run SuperAntispyware, but when I click on it, it says searching.. Then this window pops up-- "Problem with Shortcut: The item 'SUPERAntiSpyware.exe' that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly.   Nearest match based on size, date, type: ..... Do you want to fix this shortcut to point to this target or do you just want to delete it?"

So I tried installing it again, but it says "Window Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assist."

[file cleanup - saving space - attachment deleted by admin]