Audio Ads Playing in Background + Riderecting Issues

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

hardball69

Thread Starter
Joined
Jul 6, 2011
Messages
43
*REDIRECTING*. Computer was lagging, didn't catch that.

Recently, It's been irritating me (and disturbing me) that strange audio-ads are playing in the background of my PC at random intervals of time, sometimes overlapping with other ad-playings (creating a somewhat eerie symphony of odd product advertisements).

When I attempted to search for a solution, I noticed I was getting riderected to garbage-sites with no purpose or my request was stopped completely.

When these ads play, the system slows down noticably (especially when I try to play Minecraft on multiplayer).

I've ran full Malwarebytes (With Latest Definitions) scans twice, taking a total of about three hours. I found minor trojans and removed them, but the ads still played... And I still get redirected when using Internet Explorer.

I reached this site by using Steam's in-game Web-Browser to prevent redirection.


I've read similar problems like this, but the actual issues seem to be more specialized to the situations they're in, and the removal processes are different.
 

hardball69

Thread Starter
Joined
Jul 6, 2011
Messages
43
Bump.

I really need help. This issue has escalated and my entire computer has been compromised by a fake system tool called 'System Fix'. All files on the computer are hidden, and it was terribly difficult to get to the internet explorer.

Taskmanager and run have been deleted, and drivers have been corrupted. This fake tool is trying to convince me to buy the 'full version' to fix "HARDWARE ERRORS" such as "OVERHEATING" and "ROTATIONAL SPEED PROBLEMS", Which doesn't make sense. Lots of spelling errors, too.

The computer runs excruciatingly slow, even for a quad core processor and 8 Gigs of RAM. Thousands of Red 'X' error messages with random directories posted in them and spelling errors.

Safe mode has been neutralized completely. A driver called 'ClassPNP.sys' or something along those lines causes the safe mode initialization screen to freeze. I waited for over 15 minutes on this one file, I'm assuming it's been corrupted.

I really need help. My computer has some nasty stuff on it, now. And it all just appeared on... No downloading of suspicious files, although before this 'System Fix' garbage came about, the computer shut itself off for no reason while I was playing a game. I decided to leave it off for the night and get back to it the next day.

My mother wakes me up and tells me stuff's wrong with the computer again, and I'm infuriated. I didn't witness the beginning of this, but I suspect it was either downloaded while I was away by a member of my family, or something got it into the computer the night it shut itself off.

I realized I had System Restore enabled just now; malwarebytes was finding viruses, deleting them, but ads continued to play.


I beg of anyone generous enough here to lend a helping hand. I took a quick video and pictures of what the malware was doing and my attempts to system restore (which failed)
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1and validate by tapping Enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
 

hardball69

Thread Starter
Joined
Jul 6, 2011
Messages
43
RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Chris [Admin rights]
Mode: Scan -- Date : 12/05/2011 17:08:44
¤¤¤ Bad processes: 6 ¤¤¤
[WINDOW : System Fix] lv0aCD9Y9ApqCU.exe -- C:\ProgramData\lv0aCD9Y9ApqCU.exe -> KILLED [TermProc]
[SUSP PATH] FLVSrvLib.dll -- C:\Users\Chris\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] fIJsmsUwPvQ.exe -- C:\ProgramData\fIJsmsUwPvQ.exe -> KILLED [TermProc]
[SUSP PATH] lv0aCD9Y9ApqCU.exe -- C:\ProgramData\lv0aCD9Y9ApqCU.exe -> KILLED [TermProc]
[SUSP PATH] FLVSrvLib.dll -- C:\Users\Chris\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\Chris\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
¤¤¤ Registry Entries: 12 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : fIJsmsUwPvQ.exe (C:\ProgramData\fIJsmsUwPvQ.exe) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate by tapping Enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.
 

hardball69

Thread Starter
Joined
Jul 6, 2011
Messages
43
It would not let me save the file ANYWHERE except onto a USB. I couldn't even navigate to the desktop.
 

hardball69

Thread Starter
Joined
Jul 6, 2011
Messages
43
RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Chris [Admin rights]
Mode: Remove -- Date : 12/05/2011 17:13:08
¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Users\Chris\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\Chris\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
¤¤¤ Registry Entries: 12 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : fIJsmsUwPvQ.exe (C:\ProgramData\fIJsmsUwPvQ.exe) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg)
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

------------------------------------

I pressed 2 and deleted.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Are you able to run second stage of Rogue Killer?
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
We cross posted there, what is current status of system...
 

hardball69

Thread Starter
Joined
Jul 6, 2011
Messages
43
The process causing the most of the trouble has closed, thanks to the application.

I'm still getting redirected and there's system activity still continuing in the background.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
OK, we have made some progress. Do the following..

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top