Previous 1
Topic: HELP!!! =[
BYondLife's photo
Sat 10/31/09 03:56 PM
I got a major issue..
I can't seem to figure out.
So, hopefully someone knows...

First off.
I have McAfee and Malware Bytes Anti-Malware
For Virus protection.
IMO: It's a decent combo, and I've never had problems.

However..
Something recently went drastically wrong, and idk what.
I was glancing over graphics for that game I run here on Mingle..
Then suddenly, my pc started running drastically slow..

I figured, great, an infected site..
I x'd out of everything.
Ran my McAfee, it ran fine found nothing.
Now, this is where it got wierd..

My Internet Explorer suddenly opened a new web page..
It was an advertisement for Mingle.
I was like, eh? Maybe I bumped it?
I knew I didn't but that was my self reasoning.

I went to click on my MWB, and it opened and closed before I could react. Everytime I try it, I get the same results. It won't stay open for me to even use it. I tried to scan things individually, still it won't operate...

So, perplexed, I opened my Task Manager..
On the processes section it had that I was viewing 7 Internet Explorer pages at the same time; none of which were on my screen.
I was like what what the....

So..
Since I have broadband, I disconnected it.
Just as it disconnected, sure as shizzle..
7 IE pages suddenly opened saying this page cannot be viewed cuz I'm offline.

ALL, and I mean ALL, of these 7 pages were for dating sites of some sort... Accuse me of looking at porn if you wish, doesn't bother me, however, dating sites I do not and will deny. Why?

I was asked by a friend to come over here to Mingle..
Thus how I even heard of it.
But Fling and ones like it, I've only seen as advertisements on Myspace and Tagged..

Anyway, back on topic...

I ran McAfee while offline and it found 10 trojans at once!
I was like O.O!!!!!

I got rid of those but my comp is still being super retarded, which leads me to believe McAfee can't find it.

I still can't run my Malware, becuz for whatever reason, it won't stay open.

So, I need something that CAN find w/e is infecting my pc.
..and no, I can't get rid of McAfee; so w/e it is, it must be able to co-exist with it.

Any ideas of either what I might have, what might be keeping my MWB from running, or an alternative I can use to find the source?

Any ideas might be helpful. Thanks.

Monier's photo
Sat 10/31/09 06:35 PM
You may have a malicious acting add on. Check your task manager on start up. Do any of the windows or programs that you may start ever close themselves?

BYondLife's photo
Sat 10/31/09 08:26 PM
Um, not that I can tell?

ksknight72's photo
Sat 10/31/09 09:45 PM
Wouldn't hurt to check your registry run key either...

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

If you want, insert the text from those keys.

Also, check your user run key - same path except replace HKEY_LOCAL_MACHINE with HKEY_CURRENT_USER

The task manager will aslo telll you what is currently running as Monier stated.

BYondLife's photo
Sat 10/31/09 09:59 PM

Wouldn't hurt to check your registry run key either...

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

If you want, insert the text from those keys.

Also, check your user run key - same path except replace HKEY_LOCAL_MACHINE with HKEY_CURRENT_USER

The task manager will aslo telll you what is currently running as Monier stated.


Um, wth u talkin bout?
That like a DOS command or something?

ksknight72's photo
Sat 10/31/09 10:02 PM
Sorry.

Go to Start / Run
type in regedit and hit ok.

Browse to the path(s) that I listed and let's see what's in there.

BYondLife's photo
Sat 10/31/09 10:06 PM
Ok, I know what RUN is..
BUT.. no clue how to find it on Vista?

It's not like a main option...

BYondLife's photo
Sat 10/31/09 10:09 PM
Nevermind found it..

So, looking it over..

Two of them I never seen before:

Rundll32.exe "c:\progra~2\hiwiwepu\hiwiwepu.dll",a

and

Rundll32.exe "C:\ProgramData\sorusodi\sorusodi.dll",s

If I try to delete them says it'll cause instability issues.
So, got any clue wth they are?

ksknight72's photo
Sat 10/31/09 10:10 PM
Another way to do it is hit Ctrl Alt Delete
Select Task Manager
go to File / New Task
Once there type in regedit

BYondLife's photo
Sat 10/31/09 10:13 PM
Yeah, I'm in it already..
But idk what those two files are I just mentioned.

The rest I recognize..

ksknight72's photo
Sat 10/31/09 10:14 PM
Both are fraudulent security applications.

If you go to the task manager do you see them running?

I would certainly delete those registry entries to start.

Are you up on MSN or Yahoo Messenger?

ksknight72's photo
Sat 10/31/09 10:23 PM
A pretty good SW package for cleaning up your PC is called Spybot Search and Destroy - here's a link. if you install it, make sure that you update the defs and all of that good stuff and then run a scan.

http://www.safer-networking.org/en/ownmirrors1/index.html

BYondLife's photo
Sat 10/31/09 10:26 PM
Ok, deleted them.

Ima try out that site..
Make sure they're permo-gone.

I'll letcha know what happens. :D

Thanks!

ksknight72's photo
Sat 10/31/09 10:28 PM
No worries, I used to do this stuff for a living, now I manage a bunch of people that do this stuff for a living.

Once you take the registry keys out make sure you delete the DLLs. Wouldn't hurt to turn off System Restore either.

If you need more help let me know - I'm r_coil@hotmail.com

mo_muirnin's photo
Tue 11/03/09 09:35 AM
Edited by mo_muirnin on Tue 11/03/09 09:38 AM
If you still have problems download HiJack This from Trend Micro

http://free.antivirus.com/hijackthis/

It will save a log of your programs running, registry dll's and browser add-ons. This is for experienced users, but I would recommend you post it on a computer forum or even here; let us look over it and we can tell you what looks suspicious.

I have used it on my computer in the past and found great results with it. But like I said, you have to be experienced or know your computer top and bottom.

Another thing I notice, since you said it was Internet Explorer with the problem...there is a chance your browser hijacked and it put on a malicious add-on that caused your browser to do what it did. And it most likely downloaded a back door trojan that started downloading more viruses. These viruses can not only destroy your computer but most likely distribute viruses to people in your address book and send out e-mails...Yes they can do that.

That's probably another reason MWB was not working...it completely disabled it..Malwarebytes finds mostly Malware. Even if you remove those dll files you are still not removing the actual virus, which could also be in your system32 folder.

I recommend you download super anti-spyware, go in safe mode and run a scan, then do a scan with McAfee, then run HiJackThis, save the log and like I said - show us here or in one of the forums that HijackThis can be posted in.



Oh yeah. a great tip for you....Open Internet Explorer, go to tools, options, advanced and do a complete reset on the browser. This will disable your add-ons and delete all history, temporary internet files and a few other things related to the browser. You will not lose any of your add-ons, they are just simply disabled. Then open IE again and start browsing...see if you have the same problem..like I said it could have hijacked your browser.

Atlantis75's photo
Tue 11/03/09 03:40 PM
You could also install Spybot &Search and Destroy, which is free and well maintained and will keep you free from trojans and addware. Familiarize yourself with it, immunize your PC, run the seach/destroy task and have the passive protection enabled.

Also if i could recommend you to use either Firefox, Opera or Google Chrome instead of IE.

A whole new world would await you, without trojans and spyware!

spybot download site:

http://filehippo.com/download_spybot_search_destroy/


google chrome:

http://www.google.com/chrome


mo_muirnin's photo
Tue 11/03/09 05:25 PM

You could also install Spybot &Search and Destroy, which is free and well maintained and will keep you free from trojans and addware. Familiarize yourself with it, immunize your PC, run the seach/destroy task and have the passive protection enabled.

Also if i could recommend you to use either Firefox, Opera or Google Chrome instead of IE.

A whole new world would await you, without trojans and spyware!

spybot download site:

http://filehippo.com/download_spybot_search_destroy/


google chrome:

http://www.google.com/chrome




I'm going to have to disagree there..Spybot does NOT remove all trojans or spyware..it's good for "side" protection...and just because you use another browser does not limit your chances of getting a virus..it's the protection on your computer that helps with that..i know both FF and Chrome have phishing protection against harmful sites, but some sites still go through...

And since he basically admitted up to "porn". ...he could have gotten it from any of the sites he visits.....

He could use FF, install adblock plus, no script (which prevents harmful scripts from running, which can execute a virus) then install Web of Trust on firefox, then in a google search he can find the safe "porn" sites, LOL!, continue to use Mcafee and MWB with an on demand scanner of super anti-spyware or if he likes use spybot.

Beware though, spybot comes with a "tea timer" protection against registry changes and you make get these really annoying pop ups whenever something changes your registry values. It can be due to installing software, uninstalling software or a malicious software. So if you don't want that then be sure not to click on it during installation...

Atlantis75's photo
Tue 11/03/09 06:11 PM
Edited by Atlantis75 on Tue 11/03/09 06:17 PM
It's better than nothing to have Spybot installed!

You suggested to use the "hijackthis" program, which is really not for beginners or someones who have little understanding about registry and what damage he or she could do if removes the wrong keys either accidentally or not knowing what he is doing, and then we gonna get complaints about "hey, my stuff doesn't work anymore" or Vista doesn't boot! - Seen that all before!

So I disagree with your advice as well! :banana:

The person already indicated of having a virus program, so in conjuction with the Spybot, he should be a lot safer.

and just because you use another browser does not limit your chances of getting a virus..it's the protection on your computer that helps with that..i know both FF and Chrome have phishing protection against harmful sites, but some sites still go through...


I have also mentioned firefox as well but Google Chrome is far safer than Internet Explorer.

The person have a pop-up problem and most likely tied to having such cookies stored as well as his temporary folder probably filled with junk as well. Spybot will cleanse the temporary folders as well as check the cookies if something is out of order or should not be around, that will be all taken care of. "hijackthis" will not do any of these functions so there!

I also recommend CCleaner which will clean both temp files, cookies, registry keys that should be out of order.

http://filehippo.com/download_ccleaner/

His case is not as severe as it seems like, most likely he has no viruses, but some nasty adware and his virus program won't pick up on it!

I neither recommend your recommendation of "No script" whatsoever, since 75% of the websites are flash and when he gets on the web and the internet pages will look like Microsoft Word documents, you gonna get some hate mails, LOL!

Winx's photo
Tue 11/03/09 06:22 PM
I downloaded "Hijack This" and realized that I couldn't handle it.
Now my computer tells me that I have to delete it manually and I don't know how.tears

Atlantis75's photo
Tue 11/03/09 06:27 PM
Edited by Atlantis75 on Tue 11/03/09 06:28 PM

I downloaded "Hijack This" and realized that I couldn't handle it.
Now my computer tells me that I have to delete it manually and I don't know how.tears


The first victim of Mo Muirnin!

I should have posted my warning about "hijackthis"

Now you all suffer the consequences not listening to me.


Winx

start- control panel- add/remove software

select the "hijackthis" and selected uninstall. Not sure if it's gonna work because it's been a while since I used it. If you cant remove it, then leave it where it is, it's a very small program and just don't use it that's all. :smile:

Listen to me and get CCleaner and Spybot instead.

Previous 1