Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

f0fff0, db7093, and fa8072 on startup

Posted on 2015-01-07
3
Medium Priority
?
304 Views
Last Modified: 2015-01-12
Hello all,
I have never seen this before and would love some help.
I have a client that has a Windows 7 Pro 64 bit PC.
She had malware that would not allow her to get to the internet.
I ran Malwarebytes and it cleaned everything up except for when you start the PC, after everything starts up, before you try to go anywhere, Malwarebytes comes up four times with websites that it has blocked, which are f0fff0, db7093, fa8072, and then an unnamed website.  Remember this is BEFORE you double click on anything, ie, Internet Explorer or Google Chrome).
Here is a list of the programs that I have run, with a reboot after each, and I still get the same thing and none of them found anything to remove except for combofix and adwcleaner
combofix
adwcleaner
superantispyware
tdsskiller
rkill
hitman pro
spy hunter
malwarebytes anti rootkit
Kaspersky cleaning cd
As stated after each program that was run, rebooted PC, and same four came up on startup.  I was able to use Internet Explorer.
For giggles, I allowed the exclusions on these four and then it went back to square one.  Ran Malwarebytes and it found the ArcadeWeb malware.  
Ran Malwarebytes to let it clean and am back to the four coming up on startup.
Also looked under msconfig and registry and could not find these four to delete anywhere (as some websites suggest) so that is a no go.
Any help would be greatly appreciated.
Since this is a client's PC, I have to schedule time to go to her place to fix this so some patience on suggestions would be greatly appreciated.
Thanks,
Kelly W.
0
Comment
Question by:K_Wilke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 83

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 40537088
download and install sysinternals autoruns go into the logon and scheculed tasks tab and look for items that should not be there also you can delete any 'file not found entries'
0
 
LVL 6

Author Comment

by:K_Wilke
ID: 40538600
I will do this next Monday morning so please be patient with my reply.
0
 
LVL 6

Author Closing Comment

by:K_Wilke
ID: 40545081
That worked beautifully!!!!!!!!!!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question