Solved

f0fff0, db7093, and fa8072 on startup

Posted on 2015-01-07
3
292 Views
Last Modified: 2015-01-12
Hello all,
I have never seen this before and would love some help.
I have a client that has a Windows 7 Pro 64 bit PC.
She had malware that would not allow her to get to the internet.
I ran Malwarebytes and it cleaned everything up except for when you start the PC, after everything starts up, before you try to go anywhere, Malwarebytes comes up four times with websites that it has blocked, which are f0fff0, db7093, fa8072, and then an unnamed website.  Remember this is BEFORE you double click on anything, ie, Internet Explorer or Google Chrome).
Here is a list of the programs that I have run, with a reboot after each, and I still get the same thing and none of them found anything to remove except for combofix and adwcleaner
combofix
adwcleaner
superantispyware
tdsskiller
rkill
hitman pro
spy hunter
malwarebytes anti rootkit
Kaspersky cleaning cd
As stated after each program that was run, rebooted PC, and same four came up on startup.  I was able to use Internet Explorer.
For giggles, I allowed the exclusions on these four and then it went back to square one.  Ran Malwarebytes and it found the ArcadeWeb malware.  
Ran Malwarebytes to let it clean and am back to the four coming up on startup.
Also looked under msconfig and registry and could not find these four to delete anywhere (as some websites suggest) so that is a no go.
Any help would be greatly appreciated.
Since this is a client's PC, I have to schedule time to go to her place to fix this so some patience on suggestions would be greatly appreciated.
Thanks,
Kelly W.
0
Comment
Question by:K_Wilke
  • 2
3 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40537088
download and install sysinternals autoruns go into the logon and scheculed tasks tab and look for items that should not be there also you can delete any 'file not found entries'
0
 
LVL 6

Author Comment

by:K_Wilke
ID: 40538600
I will do this next Monday morning so please be patient with my reply.
0
 
LVL 6

Author Closing Comment

by:K_Wilke
ID: 40545081
That worked beautifully!!!!!!!!!!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question