1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audio Ads Playing in Background + Riderecting Issues

Discussion in 'Virus & Other Malware Removal' started by hardball69, Dec 3, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    *REDIRECTING*. Computer was lagging, didn't catch that.

    Recently, It's been irritating me (and disturbing me) that strange audio-ads are playing in the background of my PC at random intervals of time, sometimes overlapping with other ad-playings (creating a somewhat eerie symphony of odd product advertisements).

    When I attempted to search for a solution, I noticed I was getting riderected to garbage-sites with no purpose or my request was stopped completely.

    When these ads play, the system slows down noticably (especially when I try to play Minecraft on multiplayer).

    I've ran full Malwarebytes (With Latest Definitions) scans twice, taking a total of about three hours. I found minor trojans and removed them, but the ads still played... And I still get redirected when using Internet Explorer.

    I reached this site by using Steam's in-game Web-Browser to prevent redirection.


    I've read similar problems like this, but the actual issues seem to be more specialized to the situations they're in, and the removal processes are different.
     
  2. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    Bump.

    I really need help. This issue has escalated and my entire computer has been compromised by a fake system tool called 'System Fix'. All files on the computer are hidden, and it was terribly difficult to get to the internet explorer.

    Taskmanager and run have been deleted, and drivers have been corrupted. This fake tool is trying to convince me to buy the 'full version' to fix "HARDWARE ERRORS" such as "OVERHEATING" and "ROTATIONAL SPEED PROBLEMS", Which doesn't make sense. Lots of spelling errors, too.

    The computer runs excruciatingly slow, even for a quad core processor and 8 Gigs of RAM. Thousands of Red 'X' error messages with random directories posted in them and spelling errors.

    Safe mode has been neutralized completely. A driver called 'ClassPNP.sys' or something along those lines causes the safe mode initialization screen to freeze. I waited for over 15 minutes on this one file, I'm assuming it's been corrupted.

    I really need help. My computer has some nasty stuff on it, now. And it all just appeared on... No downloading of suspicious files, although before this 'System Fix' garbage came about, the computer shut itself off for no reason while I was playing a game. I decided to leave it off for the night and get back to it the next day.

    My mother wakes me up and tells me stuff's wrong with the computer again, and I'm infuriated. I didn't witness the beginning of this, but I suspect it was either downloaded while I was away by a member of my family, or something got it into the computer the night it shut itself off.

    I realized I had System Restore enabled just now; malwarebytes was finding viruses, deleting them, but ads continued to play.


    I beg of anyone generous enough here to lend a helping hand. I took a quick video and pictures of what the malware was doing and my attempts to system restore (which failed)
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Download RogueKiller to your desktop

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 1and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of the RKreport.txt in your next Reply.
     
  4. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    RogueKiller V6.1.12 [12/02/2011] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User: Chris [Admin rights]
    Mode: Scan -- Date : 12/05/2011 17:08:44
    ¤¤¤ Bad processes: 6 ¤¤¤
    [WINDOW : System Fix] lv0aCD9Y9ApqCU.exe -- C:\ProgramData\lv0aCD9Y9ApqCU.exe -> KILLED [TermProc]
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\Chris\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
    [SUSP PATH] fIJsmsUwPvQ.exe -- C:\ProgramData\fIJsmsUwPvQ.exe -> KILLED [TermProc]
    [SUSP PATH] lv0aCD9Y9ApqCU.exe -- C:\ProgramData\lv0aCD9Y9ApqCU.exe -> KILLED [TermProc]
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\Chris\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
    [SUSP PATH] FLVSrvLib.dll -- C:\Users\Chris\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
    ¤¤¤ Registry Entries: 12 ¤¤¤
    [SUSP PATH] HKLM\[...]\Run : fIJsmsUwPvQ.exe (C:\ProgramData\fIJsmsUwPvQ.exe) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [LOADED] ¤¤¤
    ¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Quit all running programs and run RogueKiller once again.

    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 2 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

    Please post the contents of the RKreport.txt in your next Reply.
     
  6. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    It would not let me save the file ANYWHERE except onto a USB. I couldn't even navigate to the desktop.
     
  7. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43

    ------------------------------------

    I pressed 2 and deleted.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Are you able to run second stage of Rogue Killer?
     
  9. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    Second Stage?
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    We cross posted there, what is current status of system...
     
  11. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    The process causing the most of the trouble has closed, thanks to the application.

    I'm still getting redirected and there's system activity still continuing in the background.
     
  12. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    I can now open Task Manager, although All files in the system remain hidden..
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, we have made some progress. Do the following..

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  14. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    The application will not open, even when running with administrative rights.
     
  15. hardball69

    hardball69 Thread Starter

    Joined:
    Jul 6, 2011
    Messages:
    43
    The process opens in Task Manager, but seems to be killed as soon as it opens.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1029581

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice