Solved

Malware Issue

Posted on 2014-10-31
20
214 Views
Last Modified: 2015-04-21
Hello, I have an issue with some Malware.  It's affecting the task bar.  It also affects IE, and Chrome.  Unless I run IE in "Run as Administrator", I'm unable to access any links etc.  

I've run Malwarebytes, but that hasn't helped.

I'm running Windows 7 64 bit, and IE 11.

Please help.

Thank you!
0
Comment
Question by:bdfallon
  • 6
  • 4
  • 4
  • +4
20 Comments
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40416802
Hi:

Some suggestions:
Scan from safe mode with malwarebytes or other detection software.  
Download and create a "rescue cd", boot from that and scan the system.  
Try system restore.
Try "hijack this"  http://www.bleepingcomputer.com/download/hijackthis/
Reinstall Windows from restore partition or media.
0
 

Author Comment

by:bdfallon
ID: 40416840
Thanks for the response Larry. I'd rather remove whatever the issue is.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417014
"Scan from safe mode with malwarebytes "

A per the INSTRUCTIONS from malwarebytes....
DO NOT RUN IN SAFEMODE.

Malware scanners will very rarely detect all malware when run in safe mode. They are NOT designed to run in safe mode.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417020
For reference to "Safe mode scanning" see this post on Malwarebytes own site where one of the dev team explains why.

https://forums.malwarebytes.org/index.php?/topic/90791-safe-mode-scanning-less-effective/
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40417072
I have used safe mode many many times to remove malware that could not be removed in regular mode.  There are some varities of malware that will not let the user run any programs or do anything to the computer where safemode will run MB and remove the offender.

Also from the Director of Research.
https://forums.malwarebytes.org/index.php?/topic/5590-safe-mode/
Doing a safemode scan with MBAM should only be done when a regular mode scan fails .

Since bdfallon said regular mode had not solved problem, I suggested safe mode.  I stand by all my suggestions, and afaik, no one has suggested anything else.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417074
I stand corrected. Misread one line of question.
0
 

Author Comment

by:bdfallon
ID: 40417141
Hi experts,
Can an expert help me by having me run different tools and post the log a etc?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417150
Could you start by indicating why you think it is malware? You have made no statement as to why.
What did MalwareBytes find and remove on its run in normal mode? Do you have any logs you can share?
Have you run superantispyware?
0
 

Author Comment

by:bdfallon
ID: 40417322
Hi Neilsr

When I open IE 11, I'm unable to access sites etc.  Links don't work.  I tried putting running IE ad administrator and it works.

When I'm using Chrome, new tabs open with messages like:
"The page at fiimtl.com says: WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now." My Java version is up to date.

I have also run ComboFix, FRST64, and JRT.

Please see attached logs from Malwarebytes, ComboFix, FRST64, and JRT.

Thanks
mbam-log-2014-09-27--18-17-48-.xml
mbam-log-2014-09-29--04-55-21-.xml
mbam-log-2014-10-31--20-15-41-.xml
mbam-log-2014-10-31--20-32-28-.xml
FRST.txt
JRT.txt
0
 

Author Comment

by:bdfallon
ID: 40417323
Attached are FRST and ComboFix logs that I ran about a month ago.
FRST-27-09-2014-18-12-12.txt
Addition.txt
ComboFix.txt
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40417566
Are there any indications, other than the symptoms you describe, that indicate the presence of an infection?  There are very few infections that cannot at least be detected.  It could simply be that whatever it was has been removed but the damage it did has not and maybe cannot be repaired.

Here are some additional utilities, but if nothing shows up you may have to restore from backup, wipe and reload or do a system restore to before all this started to restore functionality.  Not every computer problem can be made to go away by running utilities.
   
http://www.bleepingcomputer.com/download/tdsskiller/
on that page, scroll to the bottom for further listings.

And try hijack this:
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40417806
Have you tried Chameleon from MBAM?
0
 
LVL 23

Assisted Solution

by:NVIT
NVIT earned 166 total points
ID: 40417870
If you don't mind poking around the running tasks, try Autoruns. If you're familiar with the tasks that normally run on the computer, disable anything that looks suspicious.

I've found this helpful, too: http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part2.html

For deeper guidance using autoruns, Google "Utilizing "AutoRuns" To Catch Malware", the PDF by Sans Institute
0
 

Assisted Solution

by:bNetworked
bNetworked earned 167 total points
ID: 40418039
Have you gone into Control Panel, Internet Options, Connections tab, LAN Settings button near the bottom and checked to make sure that the malware hasn't set up a proxy that is filtering all of your traffic through it to track/modify things?  On a normal PC that isn't using a proxy (normally you'd know if this was required), *none* of those boxes should be checked off.

A good piece of software that we use to check systems is called Roguekiller (http://www.adlice.com/softwares/roguekiller/)

It can fix proxy problems, embedded malware, detect some rootkits and remove a LOT of browser embedded garbage.  Another favourite tool that we use is called ADW Cleaner.  It's a quick tool that can remove some malware and associated files and registry keys as well as embedded web browser junk.
http://www.bleepingcomputer.com/download/adwcleaner/

I always find those are a good place to start ... hope this helps a bit.
0
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 167 total points
ID: 40419661
Chameleon is RogueKiller and MBAM rolled into one.  It is not quite as good as rogueKiller, but does the job.  I would suggest starting with Chameleon (run the svchost file in the chameleon directory). If that doesn't solve the problem, then try RogueKiller immediately followed by a deep scan with MBAM (NO REBOOT in between). Use the link by bNetworked for Roguekiller.
0
 

Author Comment

by:bdfallon
ID: 40420893
Thanks everyone.  

I checked the hosts file and the only thing there is the 127.0.0.1 localhost.

I checked Control Panel>Internet Options>Connections tab>LAN Settings> internet options> connections and no proxies are present.

I ran HiJackThis and selected Analyze This and received a message "No Internet Connection Available."

I ran dds.  The logs are attached.

Can anyone make sense of the dds logs?

Thanks,

Brandon
dds.txt
attach.txt
0
 

Expert Comment

by:bNetworked
ID: 40421251
I've seen malware corrupt Norton to the point that it blocked all internet traffic before. Have you tried uninstalling and reinstalling Norton? I run a repair shop and we've had to do this multiple times before to return internet to an infected machine.
0
 

Author Closing Comment

by:bdfallon
ID: 40429189
Thanks for the help everyone
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 40429350
Would be interested in knowing what you found on the system and what found it.  Can you please let us know?
0
 
LVL 1

Expert Comment

by:Judit Camacho Díaz
ID: 40735959
I propose trying SUPERAntiSpyware, I have the free version download and it was by far more efficient that Microsoft Security Essentials.

http://www.superantispyware.com/

Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

Light on System Resources and designed not to slow down your computer like many other anti-spyware products. Designed not to conflict with your existing anti-spyware or anti-virus solution!

Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now