Tried to follow "Remove Random audio ads in background" guide, but...

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
I tried to follow the steps posted in the "Remove Random audio ads in background" guide, but was unable to complete Step 4 as the computer crashes while running RogueKiller. Tried to create all scan logs listed, but the aswMBR scan log is not complete. It kept crashing while I tried to run it. On one of the attempts, I was able to save whatever I had of the log before it crashed. Not sure if any of what was logged is helpful or not, but I decided to upload it anyway. Not sure what to do from here.
 

Attachments

  • Addition.txt
    45.9 KB · Views: 124
  • AdwCleaner[R0].txt
    5.9 KB · Views: 91
  • aswMBR.txt
    3.1 KB · Views: 83
  • FRST.txt
    41.9 KB · Views: 121

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,


Please download zoek.zip or zoek.rar by smeenk (
Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

    Code:
    createsrpoint;
    gpt.ini;z 
    C:\Windows\System32\GroupPolicy;v
    C:\Windows\SysWOW64\GroupPolicy;v 
    StandardSearch; 
    emptyfolderscheck; 
    installer-list; 
    installedprogs; 
    uninstall-list;
  • Click on
    Run%20Script%20by%20zoek.png
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
Here it is. Thanks for taking the time to help me!
 

Attachments

  • zoek-results.log
    112.4 KB · Views: 221

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
Ok, I ran it. I'm assuming I'm supposed to post the results?
 

Attachments

  • zoek-results.log
    11.3 KB · Views: 125

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
 

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
Thank you, TwinHeadedEagle for trying to help me so far. Since I haven't heard anything else, does that mean there is no fix for my issue? Should I just try to follow the steps from the guide again?
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's try another scan:


Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file
mbar.png
and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.


• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.


>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.



> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Please post both logs in your next reply.
 

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
It said no malware found, but I still have some audio ads playing. :(
 

Attachments

  • mbar-log-2014-03-25 (16-40-44).txt
    2.1 KB · Views: 75
  • system-log.txt
    29.6 KB · Views: 74

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's try this:


Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following text into the 'File name:' box:

    Code:
    c:\windows\system32\TrueSight.sys
    c:\windows\system32\qedit.dll
    c:\windows\system32\win32k.sys
    c:\windows\system32\wer.dll
    c:\windows\system32\tzres.dll
  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
 

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
Here is the URL:
https://www.virustotal.com/en/file/...6359783c27246530966a100a/analysis/1395902814/

Was I supposed to just copy/paste each line of the code separately, and run separate scans for each line? or just copy paste the whole thing in one scan? I copy/pasted the whole thing, so let me know if I need to redo this.

Also, my husband ran a full scan using Malwarebytes’ Anti-Malware before I got to start on your last reply. I thought you may want to see the report, but I can't locate the report. I remember that it detected 8 objects, which I removed. I still have the random audio ads playing in the background of the pc though. They still play randomly, even when I have no programs open.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
You need to copy each line separately...

About MalwareBytes reports, press Windows key + R and paste this

Code:
%appdata%\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Attach latest report, look at the date.
 

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
I'll scan and post the file names above as soon as I get the chance to later today. Thanks!
 

Attachments

  • mbam-log-2014-03-25 (22-55-53).txt
    4 KB · Views: 76

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
After I run each antivirus software, should I have been uninstalling them all along? I have so many now from trying to get rid of this virus, and someone just said that I'm supposed to uninstall them... need to know if that's been my mistake all along...
 

JARey

New Member
Thread author
Verified
Mar 18, 2014
18
Ok, I'll uninstall all the programs that I've been downloading since I started to follow the guide. I still get the random audio ads. Are you at the end of the rope with helping me with this? I certainly understand if you are. Just let me know!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top