1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My browsers won't keep me logged in.

Discussion in 'Virus & Other Malware Removal' started by Crimm, Jun 15, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Crimm

    Crimm Thread Starter

    Joined:
    Jun 15, 2010
    Messages:
    22
    Ok, some background info first on what may have lead up to this.

    My operating system is Windows XP, and I use the latest version of Firefox with Ad Block Plus and Greasemonkey add-ons.

    I was looking for an MP4-WMV converter. I googled some up, and checked out some of the websites, but I didn't download or install any. I got a little nervous about visiting some sites I had never gone to before (my internet browsing routine is pretty limited, I check only a few websites that I know are safe) so I ran a full virus scan from Microsoft Security Essentials. It came up with Win32/Hilot, and after I removed it and restarted my computer, I ran another check, and Win32/Bredolab showed up. I told Security Essentials to remove that too, and then restarted my computer again and ran another check, and it comes up clean now. I restarted and rescanned a few more times just to be safe.

    *I forgot to add that Win32/Daurso also appeared and got cleaned out on the second scan.

    But now it seems like my browsers won't keep me logged in to websites like facebook and deviantart. It remembers my username and password, but despite having the "Keep me signed in" checked, it keeps making me log back in every time I exit and reopen the browser. It's not just firefox, internet explorer also has this problem. I tried uninstalling and reinstalling firefox but the problem is still there. It's not really vital, but it's incredibly annoying to have to sign back in every time.

    I guess my question is, did one of those viruses mess something up that keeps my computer from keeping me signed in to websites? And is there a way to repair or fix it somehow?

    Sorry for the massive wall of text. I hope it helps.
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    Please click here to download HijackThis.
    • Save the HijackThis.msi file to your desktop.
    • Double-click the HijackThis.msi file on your desktop. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run and follow the prompts to install the program.
    • It will install to C:\Program Files\Trend Micro\HijackThis by default. Please do not change this default destination.
    • A HijackThis icon will be created on your desktop.
    • Double-click the Hijackthis icon to launch the program.
    • Click on the Scan button. It will scan and open the resulting log automatically in Notepad.
    • Save the log file and copy and paste the entire report in your next reply.
    • Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.
     
  3. Crimm

    Crimm Thread Starter

    Joined:
    Jun 15, 2010
    Messages:
    22
    I already had a copy of Hijackthis from a while ago, so I used that version. Here you go.
     

    Attached Files:

  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    You did pick up an infection and it's a password stealer so you should immediately change all passwords for log-ins to all sites but especially those used for banking or other financial transactions using a different (clean) computer.

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    Also, please do not attach the logs unless instructed to or it's necessary because they are too large to fit into one post.
     
  6. Crimm

    Crimm Thread Starter

    Joined:
    Jun 15, 2010
    Messages:
    22
    Ah, sorry. Here you go.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4206

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/16/2010 12:14:45 PM
    mbam-log-2010-06-16 (12-14-45).txt

    Scan type: Quick scan
    Objects scanned: 167338
    Time elapsed: 5 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 10
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Fly (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  8. Crimm

    Crimm Thread Starter

    Joined:
    Jun 15, 2010
    Messages:
    22
    Sorry for the delay. I read the instructions, saved combofix as puppy, and it was running well, but now it's stuck on "Preparing log report." It's been on that for about half an hour. I know it said this could take a while. Should I just let it keep doing this for a few hours?

    I'm also typing this from my laptop since it says not to run any programs until after it generates the log report.
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    Is it still hung up? If so, then see if the log has been created and if so post it please.
     
  10. Crimm

    Crimm Thread Starter

    Joined:
    Jun 15, 2010
    Messages:
    22
    It's still stuck on it, but there was the ComboFix.txt.

    ComboFix 10-06-18.03 - Kristina 06/19/2010 12:55:09.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2932 [GMT -4:00]
    Running from: E:\My Documents\Downloads\puppy.exe
    AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: F-Secure Anti-Virus Client Security 5.55 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .
    The following files were disabled during the run:
    C:\WINDOWS\system32\nbtsping.dll



    Do you want me to run HiJackThis again, too?
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    Are you sure that's all that was in the log?

    It could be because you didn't disable Microsft Security Essentials.

    No, there's no need for another HijackThis log yet.
     
  12. Crimm

    Crimm Thread Starter

    Joined:
    Jun 15, 2010
    Messages:
    22
    I tried to turn it off before I started but I accidentally told it to go ahead before I did, and I didn't want to turn it off while it was running. Do you want me to turn it off and run it again? Because yeah, that's all there was. :/
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    Yes please do.
     
  14. Crimm

    Crimm Thread Starter

    Joined:
    Jun 15, 2010
    Messages:
    22
    Combofix won't move past the initial gray and green progress bar that shows up when I tell it to run, now. The green bar loads all the way, then it disappears, and the hourglass on my mouse shows up for a few seconds, but then everything just goes back to normal. Go me, I screwed up.
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    Download GMER from: http://gmer.net/index.php

    Click on the Download exe button and save it on your desktop. It will create a oddly named exe file on your desktop. Double click that file to run it and select the rootkit tab and then press scan. When the scan is done, click Save and save the log in Notepad then copy and paste the log report back here please.

    Note: It's important that all other windows be closed and that you don't touch the mouse or anything during the scan as it may cause it to freeze.

    If you do have trouble with it freezing, try running a new scan with only "Sections" and the C drive selected on the right-hand side.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/929431