Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ADNXS - Ugh :(

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: ADNXS - Ugh :(

Unread postby Greenie » September 9th, 2012, 11:14 pm

Ran the code.. rebooted.. crazily enough I'm still getting the popups. Everything seemed to be running well with the Popup blocker, the one you recommended, but I find it strange how I'm continuing to still get them.. :?
Greenie
Active Member
 
Posts: 14
Joined: August 29th, 2012, 11:05 pm
Advertisement
Register to Remove

Re: ADNXS - Ugh :(

Unread postby askey127 » September 10th, 2012, 3:00 pm

Greenie,
There are lots of websites that will try to download that junk onto your system, especially if you click on the columns of ads on either side of the page.
I don't think you have a permanent infection to maintain the popups, but please do as follows, so we can check:
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window with a new copy of OTL.Txt. This is also saved in the same location as OTL. (desktop)
Please copy (Edit->Select All, Edit->Copy) the contents of OTL.TXT , and post as a reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADNXS - Ugh :(

Unread postby Greenie » September 12th, 2012, 10:01 pm

Tried to run the scan with those settings. Getting an 'Access Violation' ? :? (0045930B in module 'OTL.exe') Running as Admin.
Greenie
Active Member
 
Posts: 14
Joined: August 29th, 2012, 11:05 pm

Re: ADNXS - Ugh :(

Unread postby askey127 » September 13th, 2012, 6:43 am

Greenie
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADNXS - Ugh :(

Unread postby Greenie » September 16th, 2012, 9:38 pm

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Scotty [Admin rights]
Mode : Scan -- Date : 09/16/2012 20:37:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 031c4fff4d6fa2b8e845d27e2211ac44
[BSP] d98b33a9d9ad819e45549e60bfd1e786 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 51ffce30677ccf4dd2c58d17e15baf74
[BSP] 89a446c8ee907cef1f1b5e8950b873ac : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 610439 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Seagate FreeAgent Go USB Device +++++
--- User ---
[MBR] 2d896bc323a04438ca97c10e9dbed00b
[BSP] f4e7c03d42b7bdc814dcfb9f2a3d7684 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


Nothing was found in the Kaspersky scan.
Greenie
Active Member
 
Posts: 14
Joined: August 29th, 2012, 11:05 pm

Re: ADNXS - Ugh :(

Unread postby askey127 » September 17th, 2012, 8:25 am

Greenie,
I would suggest Uninstalling Mozilla Firefox and installing a new one, Version 15.0
When you Uninstall the old one, do NOT save any settings.
New one is here: https://www.mozilla.org/en-US/firefox/fx/#desktop
Then install the AdBlock PLus and NoScript plug-ins in the new version.
You can add back the few most important plug-ins of your own.

If you installed the program Uninstall Startup Inspector yourself, I would suggest Removing it as well, and using the free WinPatrol instead.
It is much less buggy, and very simple to use.
Instructions here: http://www.winpatrol.com/winpatrol.html

Many of your machine policies have been altered. I don't know whether PunkBuster could have done it, but PunkBuster does not always respect your security settings.
(PunkBuster is an anti-piracy service for games, and is actually Spyware itself)

See if you can start OTL (run as administrator), choose Quick Scan, and post OTL.txt.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADNXS - Ugh :(

Unread postby Greenie » September 20th, 2012, 11:34 pm

I've reinstalled to the newest Firefox. Downloaded the said add-ons. Currently still not able to run any sort of OTL scans, even after a reinstall of the software... Same sort of errors.

I'm somewhat familiar with punkbuster - seems to be what companies like EA use to 'monitor' online servers for gaming?


Green
Greenie
Active Member
 
Posts: 14
Joined: August 29th, 2012, 11:05 pm

Re: ADNXS - Ugh :(

Unread postby askey127 » September 21st, 2012, 8:49 am

Greenie,
You appear to be clear of actual infections.
The damage to your system from your past encounters has so many policy changes, it will not recoverable online.
If you have excessive difficulty running your machine the way you wish, the only certain way to correct it is to run a Complete System Recovery, putting the machine back to its "as purchased" condition.(coloquially called a "repave")

Some serious system instabilities have been reported by users of Webroot SecureAnywhere.
I cannot determine whether your present system anomalies are related to it.
If you decide to remove it, there is no assurance any of your remining issues will be corrected. It's your guess.
A satisfactory replacement is the free Microsoft Security Essentials here:
http://www.microsoft.com/security_essentials/
or the free Avast antivirus here:
http://www.avast.com/free-antivirus-download

The posts in our Public Library on Remote Access Infections include some instructions on how to "Repave" a computer.
http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=60204

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADNXS - Ugh :(

Unread postby Greenie » September 23rd, 2012, 11:05 pm

I appreciate, and thank you for the assistance askey127.

I'll keep your considerations and advice. I'm assuming it is safe to uninstall/remove that asked programs?

Thanks again,
Greenie
Greenie
Active Member
 
Posts: 14
Joined: August 29th, 2012, 11:05 pm

Re: ADNXS - Ugh :(

Unread postby askey127 » September 24th, 2012, 7:32 am

Yes.
If you start up OTL, and click the "Clean Up" button, it will remove most of the tools we used, automatically.
Good luck.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADNXS - Ugh :(

Unread postby askey127 » September 27th, 2012, 7:15 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware