Solved

f0fff0, db7093, and fa8072 on startup

Posted on 2015-01-07
3
287 Views
Last Modified: 2015-01-12
Hello all,
I have never seen this before and would love some help.
I have a client that has a Windows 7 Pro 64 bit PC.
She had malware that would not allow her to get to the internet.
I ran Malwarebytes and it cleaned everything up except for when you start the PC, after everything starts up, before you try to go anywhere, Malwarebytes comes up four times with websites that it has blocked, which are f0fff0, db7093, fa8072, and then an unnamed website.  Remember this is BEFORE you double click on anything, ie, Internet Explorer or Google Chrome).
Here is a list of the programs that I have run, with a reboot after each, and I still get the same thing and none of them found anything to remove except for combofix and adwcleaner
combofix
adwcleaner
superantispyware
tdsskiller
rkill
hitman pro
spy hunter
malwarebytes anti rootkit
Kaspersky cleaning cd
As stated after each program that was run, rebooted PC, and same four came up on startup.  I was able to use Internet Explorer.
For giggles, I allowed the exclusions on these four and then it went back to square one.  Ran Malwarebytes and it found the ArcadeWeb malware.  
Ran Malwarebytes to let it clean and am back to the four coming up on startup.
Also looked under msconfig and registry and could not find these four to delete anywhere (as some websites suggest) so that is a no go.
Any help would be greatly appreciated.
Since this is a client's PC, I have to schedule time to go to her place to fix this so some patience on suggestions would be greatly appreciated.
Thanks,
Kelly W.
0
Comment
Question by:K_Wilke
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40537088
download and install sysinternals autoruns go into the logon and scheculed tasks tab and look for items that should not be there also you can delete any 'file not found entries'
0
 
LVL 6

Author Comment

by:K_Wilke
ID: 40538600
I will do this next Monday morning so please be patient with my reply.
0
 
LVL 6

Author Closing Comment

by:K_Wilke
ID: 40545081
That worked beautifully!!!!!!!!!!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now