Solved

Malware Issue

Posted on 2014-10-31
20
223 Views
Last Modified: 2015-04-21
Hello, I have an issue with some Malware.  It's affecting the task bar.  It also affects IE, and Chrome.  Unless I run IE in "Run as Administrator", I'm unable to access any links etc.  

I've run Malwarebytes, but that hasn't helped.

I'm running Windows 7 64 bit, and IE 11.

Please help.

Thank you!
0
Comment
Question by:bdfallon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 4
  • +4
20 Comments
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40416802
Hi:

Some suggestions:
Scan from safe mode with malwarebytes or other detection software.  
Download and create a "rescue cd", boot from that and scan the system.  
Try system restore.
Try "hijack this"  http://www.bleepingcomputer.com/download/hijackthis/
Reinstall Windows from restore partition or media.
0
 

Author Comment

by:bdfallon
ID: 40416840
Thanks for the response Larry. I'd rather remove whatever the issue is.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417014
"Scan from safe mode with malwarebytes "

A per the INSTRUCTIONS from malwarebytes....
DO NOT RUN IN SAFEMODE.

Malware scanners will very rarely detect all malware when run in safe mode. They are NOT designed to run in safe mode.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417020
For reference to "Safe mode scanning" see this post on Malwarebytes own site where one of the dev team explains why.

https://forums.malwarebytes.org/index.php?/topic/90791-safe-mode-scanning-less-effective/
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40417072
I have used safe mode many many times to remove malware that could not be removed in regular mode.  There are some varities of malware that will not let the user run any programs or do anything to the computer where safemode will run MB and remove the offender.

Also from the Director of Research.
https://forums.malwarebytes.org/index.php?/topic/5590-safe-mode/
Doing a safemode scan with MBAM should only be done when a regular mode scan fails .

Since bdfallon said regular mode had not solved problem, I suggested safe mode.  I stand by all my suggestions, and afaik, no one has suggested anything else.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417074
I stand corrected. Misread one line of question.
0
 

Author Comment

by:bdfallon
ID: 40417141
Hi experts,
Can an expert help me by having me run different tools and post the log a etc?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417150
Could you start by indicating why you think it is malware? You have made no statement as to why.
What did MalwareBytes find and remove on its run in normal mode? Do you have any logs you can share?
Have you run superantispyware?
0
 

Author Comment

by:bdfallon
ID: 40417322
Hi Neilsr

When I open IE 11, I'm unable to access sites etc.  Links don't work.  I tried putting running IE ad administrator and it works.

When I'm using Chrome, new tabs open with messages like:
"The page at fiimtl.com says: WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now." My Java version is up to date.

I have also run ComboFix, FRST64, and JRT.

Please see attached logs from Malwarebytes, ComboFix, FRST64, and JRT.

Thanks
mbam-log-2014-09-27--18-17-48-.xml
mbam-log-2014-09-29--04-55-21-.xml
mbam-log-2014-10-31--20-15-41-.xml
mbam-log-2014-10-31--20-32-28-.xml
FRST.txt
JRT.txt
0
 

Author Comment

by:bdfallon
ID: 40417323
Attached are FRST and ComboFix logs that I ran about a month ago.
FRST-27-09-2014-18-12-12.txt
Addition.txt
ComboFix.txt
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40417566
Are there any indications, other than the symptoms you describe, that indicate the presence of an infection?  There are very few infections that cannot at least be detected.  It could simply be that whatever it was has been removed but the damage it did has not and maybe cannot be repaired.

Here are some additional utilities, but if nothing shows up you may have to restore from backup, wipe and reload or do a system restore to before all this started to restore functionality.  Not every computer problem can be made to go away by running utilities.
   
http://www.bleepingcomputer.com/download/tdsskiller/
on that page, scroll to the bottom for further listings.

And try hijack this:
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 40417806
Have you tried Chameleon from MBAM?
0
 
LVL 25

Assisted Solution

by:NVIT
NVIT earned 166 total points
ID: 40417870
If you don't mind poking around the running tasks, try Autoruns. If you're familiar with the tasks that normally run on the computer, disable anything that looks suspicious.

I've found this helpful, too: http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part2.html

For deeper guidance using autoruns, Google "Utilizing "AutoRuns" To Catch Malware", the PDF by Sans Institute
0
 

Assisted Solution

by:bNetworked
bNetworked earned 167 total points
ID: 40418039
Have you gone into Control Panel, Internet Options, Connections tab, LAN Settings button near the bottom and checked to make sure that the malware hasn't set up a proxy that is filtering all of your traffic through it to track/modify things?  On a normal PC that isn't using a proxy (normally you'd know if this was required), *none* of those boxes should be checked off.

A good piece of software that we use to check systems is called Roguekiller (http://www.adlice.com/softwares/roguekiller/)

It can fix proxy problems, embedded malware, detect some rootkits and remove a LOT of browser embedded garbage.  Another favourite tool that we use is called ADW Cleaner.  It's a quick tool that can remove some malware and associated files and registry keys as well as embedded web browser junk.
http://www.bleepingcomputer.com/download/adwcleaner/

I always find those are a good place to start ... hope this helps a bit.
0
 
LVL 29

Accepted Solution

by:
Thomas Zucker-Scharff earned 167 total points
ID: 40419661
Chameleon is RogueKiller and MBAM rolled into one.  It is not quite as good as rogueKiller, but does the job.  I would suggest starting with Chameleon (run the svchost file in the chameleon directory). If that doesn't solve the problem, then try RogueKiller immediately followed by a deep scan with MBAM (NO REBOOT in between). Use the link by bNetworked for Roguekiller.
0
 

Author Comment

by:bdfallon
ID: 40420893
Thanks everyone.  

I checked the hosts file and the only thing there is the 127.0.0.1 localhost.

I checked Control Panel>Internet Options>Connections tab>LAN Settings> internet options> connections and no proxies are present.

I ran HiJackThis and selected Analyze This and received a message "No Internet Connection Available."

I ran dds.  The logs are attached.

Can anyone make sense of the dds logs?

Thanks,

Brandon
dds.txt
attach.txt
0
 

Expert Comment

by:bNetworked
ID: 40421251
I've seen malware corrupt Norton to the point that it blocked all internet traffic before. Have you tried uninstalling and reinstalling Norton? I run a repair shop and we've had to do this multiple times before to return internet to an infected machine.
0
 

Author Closing Comment

by:bdfallon
ID: 40429189
Thanks for the help everyone
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40429350
Would be interested in knowing what you found on the system and what found it.  Can you please let us know?
0
 
LVL 2

Expert Comment

by:Judit Camacho Díaz
ID: 40735959
I propose trying SUPERAntiSpyware, I have the free version download and it was by far more efficient that Microsoft Security Essentials.

http://www.superantispyware.com/

Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

Light on System Resources and designed not to slow down your computer like many other anti-spyware products. Designed not to conflict with your existing anti-spyware or anti-virus solution!

Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question