Malware/Spyware of some sort...

[Yoko_Kisaragi]

My problem:
I keep getting the following (which is quite a hefty sum in my opinion):

A pop up from an icon which is like a yellow upside down triangle with an explanation point which says:

"Windows Antivirus"
Windows has detected spyware infection!
It is recommended to use special antispyware tools to prevent data loss. Windows will now download the most up-to-date software for you. Click here to protect your computer from spyware!

...as well as random popups which say:

"Windows Security Alert"
Warning! Potential spyware operation!
Your computer is making unauthorized copies of your system and
Internet files. Run full scan now to prevent any unauthorized access
to your files! Click here to download spyware remover.

... as well as:

"System Integrity Scan Wizard"
Warning: Your computer may have critical errors in Windows registry and file system!
The registry and file errors lead to computer freezes, system crashes, and slowdowns, corruption of files and documents.
Immediate system integrity scan and repair is strongly recommended.
To scan your computer for errors please click the "Next" button below.


...There's also a red circle with a white X inside of it.

...My computer desktop also changes its background to say something about how my computer is infected and will not allow me to run control panel or change my computer properties.

...I've also noticed that when I run a search in Yahoo and click on one of the results, I'm taken to a webpage in which I did not click on and must copy the address from the result directly into the address bar. Random webpages pop up from time to time also.

A. Scanned computer with ClamWin.92.
1. Found no suspicious programs.
2. Ran CCleaner.
3. Ran SUPERAntiSpyware
4. Ran Dr. Web CureIt
5. Working on updating Java. Not going very quickly with dial-up...
6. Ran HijackThis.

I've tried SmitFraud. This gets rid of it temporarily, but if I shut down or restart my computer, it's right back up. I've noticed the problem us much milder after all these scans, but it still pops up now and then.

[recovering space - attachment deleted by admin]

[Broni]

*** There is no active antivirus present on your computer, which is big NO-NO.
Download, and install AVG free antivirus: http://free.grisoft.com/
Update it, and run full scan.

*** Make sure, Windows firewall is ON.
Go Start>Control Panel. Double click on the Security Center icon. Click on the Windows Firewall icon beneath the status updates. Click On, then OK.

*** Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

*** Post new HijackThis log.

[Yoko_Kisaragi]

What would you like me to do if I cannot download AVG? I cannot download it at school as the link to it is blocked and it won't finish the download on dial-up.

[elxr06]

What would you like me to do if I cannot download AVG? I cannot download it at school as the link to it is blocked and it won't finish the download on dial-up.

http://filehippo.com/download_avg_antivirus/

try downloading thru this link ... once you visit above page, then on right side, click the link that say "Download Latest Version"

maybe it'll get done at school now. i hope it ain't blocked unless school is trying to be careful about getting it's network infected.

Big drawback against clamwin is that nothing is automated. AVG has automated updates and it automatically blocks the bad stuff.

[Broni]

it won't finish the download on dial-up

Leave download overnight, ask a friend to download it for you...

[Yoko_Kisaragi]

Broni, the download stops at 1 MB. It's not a problem of leaving it on. Elxr06, thanks, that link worked. I'll do the following requests when I get home.

[elxr06]

Broni, the download stops at 1 MB. It's not a problem of leaving it on. Elxr06, thanks, that link worked. I'll do the following requests when I get home.

no problem. i always get the files thru filehippo unless something prompts me to go to the vendor's own website to get it and filehippo is always updating their file servers with the latest versions (including beta's) of the programs that I typically use.

[Yoko_Kisaragi]

AVG seemed to get rid of the major problem, but my search engines are still screwed up. They still crash repeatedly and when I click on any of the links I'm given, it takes me somewhere else. Here are my HijackThis and MalwareBytes logs:



[recovering space - attachment deleted by admin]

[Broni]

*** Is Windows firewall on?

*** You need to update your Java:
http://java.sun.com/javase/downloads/index.jsp
Java Runtime Environment (JRE) 6 Update 6
Uninstall all previous versions of Java through Add\Remove.

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

- O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
- O2 - BHO: (no name) - {343029F8-2E2B-0CB8-3425-03B0077D5011} - C:\WINDOWS\system32\rgblocie.dll
- O2 - BHO: (no name) - {35EFCE3A-0D76-B449-A114-04380A544E37} - C:\WINDOWS\system32\kefgehrj.dll (file missing)
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O2 - BHO: (no name) - {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} - C:\WINDOWS\system32\hgGayASj.dll (file missing)
- O2 - BHO: (no name) - {E7600662-66CA-4F16-ACEF-A44EDAE65E67} - C:\WINDOWS\system32\browseu.dll (file missing)
- O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Administrator\My Documents\install_sbd_en.exe
- O4 - HKLM\..\Run: [lclatips] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lclatips.dll"
- O4 - HKLM\..\Run: [483c6bdd] rundll32.exe "C:\WINDOWS\system32\tylhpnch.dll",b
- *O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
- *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
- O4 - HKLM\..\Policies\Explorer\Run: [ZVQRBHoSK3] C:\WINDOWS\rqlaperg.exe
- O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
- *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
- O20 - Winlogon Notify: hgGayASj - hgGayASj.dll (file missing)

4. Click on Fix checked button.

5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

7. Delete following files/folders (if present):

- PC-Antispyware folder from C:\Program Files
- rgblocie.dll, wowfx.dll files from C:\WINDOWS\system32
- install_sbd_en.exe file from C:\Documents and Settings\Administrator\My Documents
- rqlaperg.exe file from C:\WINDOWS

8. Restart in Normal Mode.

9. Post new HijackThis log.