Solved

Malware Issue

Posted on 2014-10-31
20
219 Views
Last Modified: 2015-04-21
Hello, I have an issue with some Malware.  It's affecting the task bar.  It also affects IE, and Chrome.  Unless I run IE in "Run as Administrator", I'm unable to access any links etc.  

I've run Malwarebytes, but that hasn't helped.

I'm running Windows 7 64 bit, and IE 11.

Please help.

Thank you!
0
Comment
Question by:bdfallon
  • 6
  • 4
  • 4
  • +4
20 Comments
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40416802
Hi:

Some suggestions:
Scan from safe mode with malwarebytes or other detection software.  
Download and create a "rescue cd", boot from that and scan the system.  
Try system restore.
Try "hijack this"  http://www.bleepingcomputer.com/download/hijackthis/
Reinstall Windows from restore partition or media.
0
 

Author Comment

by:bdfallon
ID: 40416840
Thanks for the response Larry. I'd rather remove whatever the issue is.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417014
"Scan from safe mode with malwarebytes "

A per the INSTRUCTIONS from malwarebytes....
DO NOT RUN IN SAFEMODE.

Malware scanners will very rarely detect all malware when run in safe mode. They are NOT designed to run in safe mode.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417020
For reference to "Safe mode scanning" see this post on Malwarebytes own site where one of the dev team explains why.

https://forums.malwarebytes.org/index.php?/topic/90791-safe-mode-scanning-less-effective/
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40417072
I have used safe mode many many times to remove malware that could not be removed in regular mode.  There are some varities of malware that will not let the user run any programs or do anything to the computer where safemode will run MB and remove the offender.

Also from the Director of Research.
https://forums.malwarebytes.org/index.php?/topic/5590-safe-mode/
Doing a safemode scan with MBAM should only be done when a regular mode scan fails .

Since bdfallon said regular mode had not solved problem, I suggested safe mode.  I stand by all my suggestions, and afaik, no one has suggested anything else.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417074
I stand corrected. Misread one line of question.
0
 

Author Comment

by:bdfallon
ID: 40417141
Hi experts,
Can an expert help me by having me run different tools and post the log a etc?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417150
Could you start by indicating why you think it is malware? You have made no statement as to why.
What did MalwareBytes find and remove on its run in normal mode? Do you have any logs you can share?
Have you run superantispyware?
0
 

Author Comment

by:bdfallon
ID: 40417322
Hi Neilsr

When I open IE 11, I'm unable to access sites etc.  Links don't work.  I tried putting running IE ad administrator and it works.

When I'm using Chrome, new tabs open with messages like:
"The page at fiimtl.com says: WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now." My Java version is up to date.

I have also run ComboFix, FRST64, and JRT.

Please see attached logs from Malwarebytes, ComboFix, FRST64, and JRT.

Thanks
mbam-log-2014-09-27--18-17-48-.xml
mbam-log-2014-09-29--04-55-21-.xml
mbam-log-2014-10-31--20-15-41-.xml
mbam-log-2014-10-31--20-32-28-.xml
FRST.txt
JRT.txt
0
 

Author Comment

by:bdfallon
ID: 40417323
Attached are FRST and ComboFix logs that I ran about a month ago.
FRST-27-09-2014-18-12-12.txt
Addition.txt
ComboFix.txt
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40417566
Are there any indications, other than the symptoms you describe, that indicate the presence of an infection?  There are very few infections that cannot at least be detected.  It could simply be that whatever it was has been removed but the damage it did has not and maybe cannot be repaired.

Here are some additional utilities, but if nothing shows up you may have to restore from backup, wipe and reload or do a system restore to before all this started to restore functionality.  Not every computer problem can be made to go away by running utilities.
   
http://www.bleepingcomputer.com/download/tdsskiller/
on that page, scroll to the bottom for further listings.

And try hijack this:
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40417806
Have you tried Chameleon from MBAM?
0
 
LVL 24

Assisted Solution

by:NVIT
NVIT earned 166 total points
ID: 40417870
If you don't mind poking around the running tasks, try Autoruns. If you're familiar with the tasks that normally run on the computer, disable anything that looks suspicious.

I've found this helpful, too: http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part2.html

For deeper guidance using autoruns, Google "Utilizing "AutoRuns" To Catch Malware", the PDF by Sans Institute
0
 

Assisted Solution

by:bNetworked
bNetworked earned 167 total points
ID: 40418039
Have you gone into Control Panel, Internet Options, Connections tab, LAN Settings button near the bottom and checked to make sure that the malware hasn't set up a proxy that is filtering all of your traffic through it to track/modify things?  On a normal PC that isn't using a proxy (normally you'd know if this was required), *none* of those boxes should be checked off.

A good piece of software that we use to check systems is called Roguekiller (http://www.adlice.com/softwares/roguekiller/)

It can fix proxy problems, embedded malware, detect some rootkits and remove a LOT of browser embedded garbage.  Another favourite tool that we use is called ADW Cleaner.  It's a quick tool that can remove some malware and associated files and registry keys as well as embedded web browser junk.
http://www.bleepingcomputer.com/download/adwcleaner/

I always find those are a good place to start ... hope this helps a bit.
0
 
LVL 27

Accepted Solution

by:
Thomas Zucker-Scharff earned 167 total points
ID: 40419661
Chameleon is RogueKiller and MBAM rolled into one.  It is not quite as good as rogueKiller, but does the job.  I would suggest starting with Chameleon (run the svchost file in the chameleon directory). If that doesn't solve the problem, then try RogueKiller immediately followed by a deep scan with MBAM (NO REBOOT in between). Use the link by bNetworked for Roguekiller.
0
 

Author Comment

by:bdfallon
ID: 40420893
Thanks everyone.  

I checked the hosts file and the only thing there is the 127.0.0.1 localhost.

I checked Control Panel>Internet Options>Connections tab>LAN Settings> internet options> connections and no proxies are present.

I ran HiJackThis and selected Analyze This and received a message "No Internet Connection Available."

I ran dds.  The logs are attached.

Can anyone make sense of the dds logs?

Thanks,

Brandon
dds.txt
attach.txt
0
 

Expert Comment

by:bNetworked
ID: 40421251
I've seen malware corrupt Norton to the point that it blocked all internet traffic before. Have you tried uninstalling and reinstalling Norton? I run a repair shop and we've had to do this multiple times before to return internet to an infected machine.
0
 

Author Closing Comment

by:bdfallon
ID: 40429189
Thanks for the help everyone
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40429350
Would be interested in knowing what you found on the system and what found it.  Can you please let us know?
0
 
LVL 1

Expert Comment

by:Judit Camacho Díaz
ID: 40735959
I propose trying SUPERAntiSpyware, I have the free version download and it was by far more efficient that Microsoft Security Essentials.

http://www.superantispyware.com/

Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

Light on System Resources and designed not to slow down your computer like many other anti-spyware products. Designed not to conflict with your existing anti-spyware or anti-virus solution!

Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
OfficeMate Freezes on login or does not load after login credentials are input.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question