keep getting annoying popups and search boxes in I.E

Fiery

Level 1
Jan 11, 2011
2,007
RE: keep getting annoying popups

Hi mainsone and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
For the record, cookies are not harmful most of the time, never pay $$ to remove cookies. They are the most easiest things to remove :D

Looking at the log, your brother's laptop is infected with malware.

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O4 - HKCU..\Run: [oiapl] "C:\Windows\System32\rundll32.exe" "C:\Users\Josh\AppData\Roaming\oiapl.dll",Parse File not found
F3:64bit: - HKCU WinNT: Run - (C:\Users\Josh\DOCUME~1\Fontcore\Fontcore.exe) - File not found
F3 - HKCU WinNT: Run - (C:\Users\Josh\DOCUME~1\Fontcore\Fontcore.exe) - File not found


:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.
Attach the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 

mainsone

New Member
Thread author
Apr 22, 2013
11
Hi Fiery thanks for your quick reply! 15 mins i think! Anyway i have done as you asked and have added the txt files to this post for the scans in order. Look forward to your reply, thanks again!

mainsone
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi mainsone,

Your brother's laptop is infected with the zeroaccess rootkit. You can read more about it here: http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99

Did you click delete in RogueKiller after the scan?

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download ComboFix from one of these locations:

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
<a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>

<ul>
<li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
<li>Double click on Combo-Fix & follow the prompts.</li>

When finished, ComboFix will produce a log.

<>Note:</>
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
 
Last edited by a moderator:

mainsone

New Member
Thread author
Apr 22, 2013
11
hi Fiery, yeah sure did click delete in roguekiller just as document said. ive run the other scans and have attached the logs. one thing that came up when i first opened malwarebytes anti rootkit was a message along the lines of 'APP..._dll are signs of rootkit activity do you want to delete ,if unsure press no' so i said no just incase but said it should be re -displayed when computer is rebooted if needed to delete. one again, thanks a lot for your help
 

Fiery

Level 1
Jan 11, 2011
2,007
mainsone said:
ive run the other scans and have attached the logs. one thing that came up when i first opened malwarebytes anti rootkit was a message along the lines of 'APP..._dll are signs of rootkit activity do you want to delete ,if unsure press no' so i said no just incase but said it should be re -displayed when computer is rebooted if needed to delete. one again, thanks a lot for your help

Hi,

Can you run Malwarebytes anti-rootkit again and see if you get that message again. If so, write the file name or the entire message down and post them here.
 

mainsone

New Member
Thread author
Apr 22, 2013
11
Hi, I tried rebooting and re running and it doesn't show up like it did before (just before program opened) is there anything else I can do?

mainsone
 

Fiery

Level 1
Jan 11, 2011
2,007
Ok, then the rootkit must be gone. A few more steps and we will be done :). How is your PC?

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

mainsone

New Member
Thread author
Apr 22, 2013
11
Hi yeah its running a lot better and so far no more search boxes in I.E! Ran Eset online and found a couple of problems, logs attached below :)

mainsone
 

Fiery

Level 1
Jan 11, 2011
2,007
Those two files are related to Dell, they are false positive.

If you are no longer experiencing any other issues, your PC is now clean!

Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall




Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link




Keep your system updated
Please go to control panel and uninstall the following:

Java(TM) 6 Update 24
Adobe Reader X

Delete older Java version from your computer by downloading JavaRa
  • Run JavaRa.exe, then click Remove JRE.
  • Let the tool run
  • Once it finishes, close JavaRa

Currently, the following programs on your PC are outdated:
  • Java - Update Java here
  • Adobe reader - Update Adobe Reader here

Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:
  • Download and install Update Checker. It will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here


I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.


Other steps that you may want to do to further protect your system/files:
  • Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
  • Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 

mainsone

New Member
Thread author
Apr 22, 2013
11
Hi fiery, sorry for the late reply but thanks for all your help it seems pc is all clean and running nicely once again! had a quick look at those tips you posted in last post for sandboxie and other programs etc and am going to implement some of them! once again thankyou!
mainsone
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top