Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Malware Issue

Posted on 2014-10-31
20
Medium Priority
?
227 Views
Last Modified: 2015-04-21
Hello, I have an issue with some Malware.  It's affecting the task bar.  It also affects IE, and Chrome.  Unless I run IE in "Run as Administrator", I'm unable to access any links etc.  

I've run Malwarebytes, but that hasn't helped.

I'm running Windows 7 64 bit, and IE 11.

Please help.

Thank you!
0
Comment
Question by:bdfallon
  • 6
  • 4
  • 4
  • +4
20 Comments
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40416802
Hi:

Some suggestions:
Scan from safe mode with malwarebytes or other detection software.  
Download and create a "rescue cd", boot from that and scan the system.  
Try system restore.
Try "hijack this"  http://www.bleepingcomputer.com/download/hijackthis/
Reinstall Windows from restore partition or media.
0
 

Author Comment

by:bdfallon
ID: 40416840
Thanks for the response Larry. I'd rather remove whatever the issue is.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417014
"Scan from safe mode with malwarebytes "

A per the INSTRUCTIONS from malwarebytes....
DO NOT RUN IN SAFEMODE.

Malware scanners will very rarely detect all malware when run in safe mode. They are NOT designed to run in safe mode.
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417020
For reference to "Safe mode scanning" see this post on Malwarebytes own site where one of the dev team explains why.

https://forums.malwarebytes.org/index.php?/topic/90791-safe-mode-scanning-less-effective/
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40417072
I have used safe mode many many times to remove malware that could not be removed in regular mode.  There are some varities of malware that will not let the user run any programs or do anything to the computer where safemode will run MB and remove the offender.

Also from the Director of Research.
https://forums.malwarebytes.org/index.php?/topic/5590-safe-mode/
Doing a safemode scan with MBAM should only be done when a regular mode scan fails .

Since bdfallon said regular mode had not solved problem, I suggested safe mode.  I stand by all my suggestions, and afaik, no one has suggested anything else.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417074
I stand corrected. Misread one line of question.
0
 

Author Comment

by:bdfallon
ID: 40417141
Hi experts,
Can an expert help me by having me run different tools and post the log a etc?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40417150
Could you start by indicating why you think it is malware? You have made no statement as to why.
What did MalwareBytes find and remove on its run in normal mode? Do you have any logs you can share?
Have you run superantispyware?
0
 

Author Comment

by:bdfallon
ID: 40417322
Hi Neilsr

When I open IE 11, I'm unable to access sites etc.  Links don't work.  I tried putting running IE ad administrator and it works.

When I'm using Chrome, new tabs open with messages like:
"The page at fiimtl.com says: WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now." My Java version is up to date.

I have also run ComboFix, FRST64, and JRT.

Please see attached logs from Malwarebytes, ComboFix, FRST64, and JRT.

Thanks
mbam-log-2014-09-27--18-17-48-.xml
mbam-log-2014-09-29--04-55-21-.xml
mbam-log-2014-10-31--20-15-41-.xml
mbam-log-2014-10-31--20-32-28-.xml
FRST.txt
JRT.txt
0
 

Author Comment

by:bdfallon
ID: 40417323
Attached are FRST and ComboFix logs that I ran about a month ago.
FRST-27-09-2014-18-12-12.txt
Addition.txt
ComboFix.txt
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40417566
Are there any indications, other than the symptoms you describe, that indicate the presence of an infection?  There are very few infections that cannot at least be detected.  It could simply be that whatever it was has been removed but the damage it did has not and maybe cannot be repaired.

Here are some additional utilities, but if nothing shows up you may have to restore from backup, wipe and reload or do a system restore to before all this started to restore functionality.  Not every computer problem can be made to go away by running utilities.
   
http://www.bleepingcomputer.com/download/tdsskiller/
on that page, scroll to the bottom for further listings.

And try hijack this:
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 40417806
Have you tried Chameleon from MBAM?
0
 
LVL 25

Assisted Solution

by:NVIT
NVIT earned 664 total points
ID: 40417870
If you don't mind poking around the running tasks, try Autoruns. If you're familiar with the tasks that normally run on the computer, disable anything that looks suspicious.

I've found this helpful, too: http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part2.html

For deeper guidance using autoruns, Google "Utilizing "AutoRuns" To Catch Malware", the PDF by Sans Institute
0
 

Assisted Solution

by:bNetworked
bNetworked earned 668 total points
ID: 40418039
Have you gone into Control Panel, Internet Options, Connections tab, LAN Settings button near the bottom and checked to make sure that the malware hasn't set up a proxy that is filtering all of your traffic through it to track/modify things?  On a normal PC that isn't using a proxy (normally you'd know if this was required), *none* of those boxes should be checked off.

A good piece of software that we use to check systems is called Roguekiller (http://www.adlice.com/softwares/roguekiller/)

It can fix proxy problems, embedded malware, detect some rootkits and remove a LOT of browser embedded garbage.  Another favourite tool that we use is called ADW Cleaner.  It's a quick tool that can remove some malware and associated files and registry keys as well as embedded web browser junk.
http://www.bleepingcomputer.com/download/adwcleaner/

I always find those are a good place to start ... hope this helps a bit.
0
 
LVL 30

Accepted Solution

by:
Thomas Zucker-Scharff earned 668 total points
ID: 40419661
Chameleon is RogueKiller and MBAM rolled into one.  It is not quite as good as rogueKiller, but does the job.  I would suggest starting with Chameleon (run the svchost file in the chameleon directory). If that doesn't solve the problem, then try RogueKiller immediately followed by a deep scan with MBAM (NO REBOOT in between). Use the link by bNetworked for Roguekiller.
0
 

Author Comment

by:bdfallon
ID: 40420893
Thanks everyone.  

I checked the hosts file and the only thing there is the 127.0.0.1 localhost.

I checked Control Panel>Internet Options>Connections tab>LAN Settings> internet options> connections and no proxies are present.

I ran HiJackThis and selected Analyze This and received a message "No Internet Connection Available."

I ran dds.  The logs are attached.

Can anyone make sense of the dds logs?

Thanks,

Brandon
dds.txt
attach.txt
0
 

Expert Comment

by:bNetworked
ID: 40421251
I've seen malware corrupt Norton to the point that it blocked all internet traffic before. Have you tried uninstalling and reinstalling Norton? I run a repair shop and we've had to do this multiple times before to return internet to an infected machine.
0
 

Author Closing Comment

by:bdfallon
ID: 40429189
Thanks for the help everyone
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 40429350
Would be interested in knowing what you found on the system and what found it.  Can you please let us know?
0
 
LVL 2

Expert Comment

by:Judit Camacho Díaz
ID: 40735959
I propose trying SUPERAntiSpyware, I have the free version download and it was by far more efficient that Microsoft Security Essentials.

http://www.superantispyware.com/

Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

Light on System Resources and designed not to slow down your computer like many other anti-spyware products. Designed not to conflict with your existing anti-spyware or anti-virus solution!

Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question