Malware Issue

Hello, I have an issue with some Malware.  It's affecting the task bar.  It also affects IE, and Chrome.  Unless I run IE in "Run as Administrator", I'm unable to access any links etc.  

I've run Malwarebytes, but that hasn't helped.

I'm running Windows 7 64 bit, and IE 11.

Please help.

Thank you!
bdfallonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Larry Struckmeyer MVPCommented:
Hi:

Some suggestions:
Scan from safe mode with malwarebytes or other detection software.  
Download and create a "rescue cd", boot from that and scan the system.  
Try system restore.
Try "hijack this"  http://www.bleepingcomputer.com/download/hijackthis/
Reinstall Windows from restore partition or media.
0
bdfallonAuthor Commented:
Thanks for the response Larry. I'd rather remove whatever the issue is.
0
Neil RussellTechnical Development LeadCommented:
"Scan from safe mode with malwarebytes "

A per the INSTRUCTIONS from malwarebytes....
DO NOT RUN IN SAFEMODE.

Malware scanners will very rarely detect all malware when run in safe mode. They are NOT designed to run in safe mode.
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

Neil RussellTechnical Development LeadCommented:
For reference to "Safe mode scanning" see this post on Malwarebytes own site where one of the dev team explains why.

https://forums.malwarebytes.org/index.php?/topic/90791-safe-mode-scanning-less-effective/
0
Larry Struckmeyer MVPCommented:
I have used safe mode many many times to remove malware that could not be removed in regular mode.  There are some varities of malware that will not let the user run any programs or do anything to the computer where safemode will run MB and remove the offender.

Also from the Director of Research.
https://forums.malwarebytes.org/index.php?/topic/5590-safe-mode/
Doing a safemode scan with MBAM should only be done when a regular mode scan fails .

Since bdfallon said regular mode had not solved problem, I suggested safe mode.  I stand by all my suggestions, and afaik, no one has suggested anything else.
0
Neil RussellTechnical Development LeadCommented:
I stand corrected. Misread one line of question.
0
bdfallonAuthor Commented:
Hi experts,
Can an expert help me by having me run different tools and post the log a etc?
0
Neil RussellTechnical Development LeadCommented:
Could you start by indicating why you think it is malware? You have made no statement as to why.
What did MalwareBytes find and remove on its run in normal mode? Do you have any logs you can share?
Have you run superantispyware?
0
bdfallonAuthor Commented:
Hi Neilsr

When I open IE 11, I'm unable to access sites etc.  Links don't work.  I tried putting running IE ad administrator and it works.

When I'm using Chrome, new tabs open with messages like:
"The page at fiimtl.com says: WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now." My Java version is up to date.

I have also run ComboFix, FRST64, and JRT.

Please see attached logs from Malwarebytes, ComboFix, FRST64, and JRT.

Thanks
mbam-log-2014-09-27--18-17-48-.xml
mbam-log-2014-09-29--04-55-21-.xml
mbam-log-2014-10-31--20-15-41-.xml
mbam-log-2014-10-31--20-32-28-.xml
FRST.txt
JRT.txt
0
bdfallonAuthor Commented:
Attached are FRST and ComboFix logs that I ran about a month ago.
FRST-27-09-2014-18-12-12.txt
Addition.txt
ComboFix.txt
0
Larry Struckmeyer MVPCommented:
Are there any indications, other than the symptoms you describe, that indicate the presence of an infection?  There are very few infections that cannot at least be detected.  It could simply be that whatever it was has been removed but the damage it did has not and maybe cannot be repaired.

Here are some additional utilities, but if nothing shows up you may have to restore from backup, wipe and reload or do a system restore to before all this started to restore functionality.  Not every computer problem can be made to go away by running utilities.
   
http://www.bleepingcomputer.com/download/tdsskiller/
on that page, scroll to the bottom for further listings.

And try hijack this:
0
Thomas Zucker-ScharffSolution GuideCommented:
Have you tried Chameleon from MBAM?
0
NVITCommented:
If you don't mind poking around the running tasks, try Autoruns. If you're familiar with the tasks that normally run on the computer, disable anything that looks suspicious.

I've found this helpful, too: http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part2.html

For deeper guidance using autoruns, Google "Utilizing "AutoRuns" To Catch Malware", the PDF by Sans Institute
0
bNetworkedSolutionistaCommented:
Have you gone into Control Panel, Internet Options, Connections tab, LAN Settings button near the bottom and checked to make sure that the malware hasn't set up a proxy that is filtering all of your traffic through it to track/modify things?  On a normal PC that isn't using a proxy (normally you'd know if this was required), *none* of those boxes should be checked off.

A good piece of software that we use to check systems is called Roguekiller (http://www.adlice.com/softwares/roguekiller/)

It can fix proxy problems, embedded malware, detect some rootkits and remove a LOT of browser embedded garbage.  Another favourite tool that we use is called ADW Cleaner.  It's a quick tool that can remove some malware and associated files and registry keys as well as embedded web browser junk.
http://www.bleepingcomputer.com/download/adwcleaner/

I always find those are a good place to start ... hope this helps a bit.
0
Thomas Zucker-ScharffSolution GuideCommented:
Chameleon is RogueKiller and MBAM rolled into one.  It is not quite as good as rogueKiller, but does the job.  I would suggest starting with Chameleon (run the svchost file in the chameleon directory). If that doesn't solve the problem, then try RogueKiller immediately followed by a deep scan with MBAM (NO REBOOT in between). Use the link by bNetworked for Roguekiller.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bdfallonAuthor Commented:
Thanks everyone.  

I checked the hosts file and the only thing there is the 127.0.0.1 localhost.

I checked Control Panel>Internet Options>Connections tab>LAN Settings> internet options> connections and no proxies are present.

I ran HiJackThis and selected Analyze This and received a message "No Internet Connection Available."

I ran dds.  The logs are attached.

Can anyone make sense of the dds logs?

Thanks,

Brandon
dds.txt
attach.txt
0
bNetworkedSolutionistaCommented:
I've seen malware corrupt Norton to the point that it blocked all internet traffic before. Have you tried uninstalling and reinstalling Norton? I run a repair shop and we've had to do this multiple times before to return internet to an infected machine.
0
bdfallonAuthor Commented:
Thanks for the help everyone
0
Larry Struckmeyer MVPCommented:
Would be interested in knowing what you found on the system and what found it.  Can you please let us know?
0
Judit Camacho DíazCommented:
I propose trying SUPERAntiSpyware, I have the free version download and it was by far more efficient that Microsoft Security Essentials.

http://www.superantispyware.com/

Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

Light on System Resources and designed not to slow down your computer like many other anti-spyware products. Designed not to conflict with your existing anti-spyware or anti-virus solution!

Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.