Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NEED ADVICE 4 REMOVING MALWARE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 16th, 2010, 8:25 pm

Dear shinybeast:
I am sending you copies of the two pages that I just loaded onto my computer when I opened Internet Explorer (eBay is the page it opens auto. to). They are obviously fake and trying to get my personal info!
Why and how do I have these pages opening up on my computer? Does this mean I have a trojan whatever? These pages were the reason I found your site and the reason I thought my computer was infected!!

hXXps://signin.ebay.com/ws/eBayISAPI.dl ... yISAPI.dll?

hXXps://signin.ebay.com/ws/eBayISAPI.dl ... UsingSSL=1

I would appreciate your help, thoughts, comments, explanations and help as soon as is possible.
Thank you!
ROSEM
Last edited by jmw3 on January 16th, 2010, 9:37 pm, edited 1 time in total.
Reason: Edit Links
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm
Advertisement
Register to Remove

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby shinybeast » January 16th, 2010, 10:55 pm

Hi ROSEM,

Thank you again (and to your instructor) for your time
and help.


You are very welcome.

I think we found the bugger.
You are getting redirected. The steps below should take care of it.


You have a deep-rooted infection. I suggest you back up any important data before you do the following.


TDSSKiller

  • Click here to download TDSSKiller to your desktop.
  • Extract TDSSKiller.zip to your desktop so that TDSSKiller.exe is on your desktop (not in a folder).
    NOTE: Close all running programs as a reboot may be necessary.
  • Copy the text in code box below.
    Code: Select all
    "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the above command in the Open: box and click OK.
  • If TDSSKiller finds something, allow it to delete what it finds.
  • Once the tool is finished, press any key to continue and allow the computer to reboot if necessary.
  • Locate the log, tdsskiller.txt, on your desktop and post the contents of that log in your next reply.


After the reboot, please restart the computer once more, then continue with the following.


Scan with GMER MBR rootkit detector

  • Copy the text in the code box below
    Code: Select all
    "%userprofile%\Desktop\mbr.exe" -t
  • Click Start, click Run... and paste the above command in the Open: box and click OK.
  • A window will open briefly then close.
  • There will be a log named MBR.log on the desktop.
  • Please post the contents of that log in your next reply.


Scan with RSIT

  • Double-click RSIT.exe to run the tool
  • Click Continue at the disclaimer screen.
  • Once it finishes, one log will open
  • Please post the contents of log.txt log in your next post.


In your next reply, please include:
TDSSKiller log (tdsskiller.txt)
MBR log (mbr.log)
RSIT log (log.txt)
Info on symptoms and how computer is behaving.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 17th, 2010, 1:16 pm

Dear shinybeast:
You have asked me to do the one thing I do not know how to do. "Back up my files" !?
Also would like to tell you that I cannot access Norton's Internet Antivirus which I looked for yesterday to run a scan after I encountered all those fake pages. It looks like it is still on my machine because I can run logs from it, or turn it on or off from my toolbar. I have to tell you that I turned Windows Defender back on and am using Mozilla Firefox as a browser because I
seem to remember someone telling me it was safer than Internet Explorer. Please tell me how to back up! This computer has been rebooted once by my son but he did not show me anything. Actually, I have been thinking I needed to reboot (remember the other questions I wanted to ask you) because I have been unable to download the Windows 3 service pack.
I look forward to your reply.
ROSEM
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby shinybeast » January 17th, 2010, 5:44 pm

Hi ROSEM,

There is no need to panic. The infection is not that bad, it is just deep-rooted. It is what is causing your browser to load the bad web pages. There is a small chance that removing it could have unintended consequences. The tool we use is pretty mature and very unlikely to cause problems but the small chance is there nonetheless, hence the suggestion to back up important data.

What methods do you possess to transfer data from the computer (i.e. cd/dvd burner, thumb drive, external hard drive, etc.)?

Once you decide on a place to put the data, you must decide on what you want to backup. At a minimum, back up documents that cannot be replaced. Programs can be replaced and Windows can be replaced. Things like pictures and documents and other files that you do not have copies of elsewhere are what you are looking for. Also, export bookmarks from Internet Explorer to a file that can be transferred to the backup media.

To Export favorites to a file for backing up do the below.

  • Start Internet Explorer
  • Click File, then click Import and Export....
  • In the wizard that opens, click Next
  • Click (highlight) Export Favorites and click Next.
  • Click Next again
  • Select (tick) Export to a File or Address and click Browse...
  • In the new window click Desktop on the left.
  • Click Save

You should now have a file bookmark.htm on your desktop that can be transferred to your backup.

Let me know what options you have for backing up data and ask any questions that you have about that.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 17th, 2010, 7:09 pm

I have that tower (is that not the hard drive?) that has a cd drive(actually two) and a floppy disc drive(Dell). Seems like I remember my son having my husband back up his microsoft works on floppy discs when he rebooted. I might have some empty diskettes -will have to check if really empty as box is opened and unmarked. My husband knows how to back up his files (I have burned a music cd) and I guess if I move everything to one place he can show me how to back up on a diskette. I am not sure the questions that I have-will have to start the process-once I have backed up will update you. Gosh your schooling extends through the weekends too?? Thanks for your quick reply!
ROSEMAR
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 20th, 2010, 1:04 am

Dear shinybeast:
Tomorrow I am going to start backing up my file(s) on to diskettes. I have been trying to get printer to work (keeps showing as usb not connected-could that be malware? I think it is probably something between IE7 and my hp psc 2175). But my question to you is - if I back up microsoft works & stuff saved under microsoft word, and my bookmarks what happens to my mail? do I back that up too? Is there any chance I could back up this infection? Appreciate your patience (with my ignorance) and your assistance.
ROSEM
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby shinybeast » January 20th, 2010, 12:20 pm

Hi ROSEM,

You will not back up the infection.

If you use Outlook, you can use the Personal Folder backup tool from Microsoft. Instructions are on that page.
If you use Outlook Express, this page at Microsoft will tell you how to create a backup.

The printer issue does not sound like malware. Let's get the computer clean and then address other issues afterward.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby shinybeast » January 24th, 2010, 2:45 pm

Hello ROSEM,

It has been 4 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or performing the instructions?
Please let me know how things are going otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby jmw3 » January 26th, 2010, 4:28 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware