Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

f0fff0, db7093, and fa8072 on startup

Hello all,
I have never seen this before and would love some help.
I have a client that has a Windows 7 Pro 64 bit PC.
She had malware that would not allow her to get to the internet.
I ran Malwarebytes and it cleaned everything up except for when you start the PC, after everything starts up, before you try to go anywhere, Malwarebytes comes up four times with websites that it has blocked, which are f0fff0, db7093, fa8072, and then an unnamed website.  Remember this is BEFORE you double click on anything, ie, Internet Explorer or Google Chrome).
Here is a list of the programs that I have run, with a reboot after each, and I still get the same thing and none of them found anything to remove except for combofix and adwcleaner
combofix
adwcleaner
superantispyware
tdsskiller
rkill
hitman pro
spy hunter
malwarebytes anti rootkit
Kaspersky cleaning cd
As stated after each program that was run, rebooted PC, and same four came up on startup.  I was able to use Internet Explorer.
For giggles, I allowed the exclusions on these four and then it went back to square one.  Ran Malwarebytes and it found the ArcadeWeb malware.  
Ran Malwarebytes to let it clean and am back to the four coming up on startup.
Also looked under msconfig and registry and could not find these four to delete anywhere (as some websites suggest) so that is a no go.
Any help would be greatly appreciated.
Since this is a client's PC, I have to schedule time to go to her place to fix this so some patience on suggestions would be greatly appreciated.
Thanks,
Kelly W.
0
K_Wilke
Asked:
K_Wilke
  • 2
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
download and install sysinternals autoruns go into the logon and scheculed tasks tab and look for items that should not be there also you can delete any 'file not found entries'
0
 
K_WilkeAuthor Commented:
I will do this next Monday morning so please be patient with my reply.
0
 
K_WilkeAuthor Commented:
That worked beautifully!!!!!!!!!!
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now