Jump to content


  • Content Count

  • Joined

  • Last visited

About ameeeeeee

  • Rank
  1. Hello!! Since y'all helped me out so much the last time I had an issue, I'm hoping for some help again... Recently, when I do a google search, I am occasionally redirected to scour.com results (and when I searched for SAS, and clicked on the link, it took me to StopZilla)... I have just updated my SAS (I do this weekly) and am running a scan now, but it always comes up clean, so I'm not sure what the problem is. Also, about a month ago, I started having trouble with typing while on the internet... I have to take extra time and care to make sure all my letters and spaces register (ONLY when on the internet, NOT in regular applications like documents for work)... It's so annoying as it did not used to do this (sometimes I have a little green bar at the bottom of the screen as if something is trying to load). I am running IE8 while on the web, can't download another browser because of work restrictions (I can update IE if needed). Can anyone help? THANKS!!
  2. Bit Defender... But it's about up and I'm ready to try something different (unless you recommend I renew...)
  3. Okay, Seth... Here's the current update. I was still getting re-directs, but ONLY from search pages (google and bing)... I was still getting that Generic Host needs to close, blah, blah pop-up window about 15 minutes after I would access the internet (every time)... So I've started ComboFix, downloaded whatever they've asked me to also download, agreed to everything they've asked (yeah, they can have my first-born as long as they understand that the college tuition comes with him!!)... It said a 'Rootkit' was found??? Whatever that is... Anyway, whenever this finishes running, what's my next step? Anything? Will everything be cleaned up? Do I need to run SAS again? And do you know how I got this thing in the first place? Do you have a recommendation if I should see one of those fake-Windows-pop-up-messages in the future? Without something to 'X' out of, I'm not sure how to avoid this in the future (as I'm usually pretty good about NOT clicking on anything to get these)... Thanks...
  4. Okay... Will wait and see what happens today Thanks again, Seth... And again, I hope ya don't hear from me again!!
  5. Yes, the file I downloaded was named combofix.exe To update (cuz I checked after I posted last)... I am NOT getting redirects right now... I just tried several times, no redirects... I was able to click on the link I wanted and go to the right page. I DID download the UPDATES from TODAY for SAS while is safe mode... so maybe, hopefully, please, it's all clear? If your suggestion is still to run combofix, I will -- Just want to make sure I'm not going to mess anything up any further.
  6. I figured you might say that So I already tried to get to that site, and I feel like it's doing the JUMP thing -- taking me to a 'revival' software site... Is there any way you can post the ACTUAL download link? It seems that when I type in exactly where I want to go, it's not redirecting... I started a download from the download link #1 on the site it took me to, but I did NOT run it (cuz it said the publisher was unknown AND it asked me what program to open it with)... I'm sure you can understand why I'm feeling a little sketchy... Since my last post, I HAVE rebooted in safe, downloaded updates for SAS, and run another scan (which it is showing as clear)... Any chance it's nabbed it all yet?
  7. Boo hoo... I'm already back I updated Firefox as suggested. I'm still getting that Generic Host pop-up. I'm still getting new tabs open for surveys and garbage when my browser is open. I'm still being redirected from the search page (when I put in SAS, the search page shows you guys, but I'm being redirected to stopzilla)... Ran another scan (details below). Rebooted as suggested... Same problems all over. PLEASE HELP!! Thank you. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 03/25/2011 at 09:49 AM Application Version : 4.50.1002 Core Rules Database Version : 6666 Trace Rules Database Version: 3728 Scan type : Quick Scan Total Scan Time : 00:13:44 Memory items scanned : 685 Memory threats detected : 1 Registry items scanned : 2084 Registry threats detected : 5 File items scanned : 7248 File threats detected : 99 Trojan.Agent/Gen-Downloader[FakeSoft] C:\WINDOWS\SYSTEM32\ITLNFW32.DLL C:\WINDOWS\SYSTEM32\ITLNFW32.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\itlnfw32 Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\itlntfy Adware.Tracking Cookie C:\Documents and Settings\Brea\Cookies\brea@tribalfusion[1].txt C:\Documents and Settings\Brea\Cookies\brea@invitemedia[2].txt C:\Documents and Settings\Brea\Cookies\brea@stopzilla[2].txt C:\Documents and Settings\Brea\Cookies\brea@collective-media[2].txt C:\Documents and Settings\Brea\Cookies\brea@mediaplex[1].txt C:\Documents and Settings\Brea\Cookies\brea@ad.wsod[2].txt C:\Documents and Settings\Brea\Cookies\brea@ad.yieldmanager[1].txt C:\Documents and Settings\Brea\Cookies\brea@doubleclick[1].txt C:\Documents and Settings\Brea\Cookies\brea@serving-sys[1].txt C:\Documents and Settings\Brea\Cookies\brea@vertamedia.30008.search-goals[1].txt C:\Documents and Settings\Brea\Cookies\brea@www.stopzilla[2].txt C:\Documents and Settings\Brea\Cookies\brea@advertise[1].txt C:\Documents and Settings\Brea\Cookies\brea@atdmt[2].txt C:\Documents and Settings\Brea\Cookies\brea@apmebf[1].txt C:\Documents and Settings\Brea\Cookies\brea@imrworldwide[2].txt objects.tremormedia.com [ C:\Documents and Settings\Brea\Application Data\Macromedia\Flash Player\#SharedObjects\JX365UUV ] C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EBM4LPZK ] media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EBM4LPZK ] media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EBM4LPZK ] secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EBM4LPZK ] C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt C:\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt C:\Documents and Settings\NetworkService\Cookies\system@a.tribalfusion[2].txt C:\Documents and Settings\NetworkService\Cookies\system@pixel.invitemedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[1].txt C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@g-pixel.invitemedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[1].txt C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[4].txt C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt C:\Documents and Settings\NetworkService\Cookies\system@www.mediaquantics[1].txt C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[3].txt C:\Documents and Settings\NetworkService\Cookies\system@entrepreneur[1].txt C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ehg-players.hitbox[1].txt C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt C:\Documents and Settings\NetworkService\Cookies\system@user.lucidmedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[4].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[1].txt C:\Documents and Settings\NetworkService\Cookies\system@rotator.adjuggler[2].txt C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt C:\Documents and Settings\NetworkService\Cookies\system@pro-market[1].txt C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[2].txt C:\Documents and Settings\NetworkService\Cookies\system@gotacha.rotator.hadj7.adjuggler[1].txt C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt C:\Documents and Settings\NetworkService\Cookies\system@hitbox[2].txt C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt C:\Documents and Settings\NetworkService\Cookies\system@segment-pixel.invitemedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@t.pointroll[1].txt C:\Documents and Settings\NetworkService\Cookies\system@pointroll[1].txt C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[2].txt C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[3].txt Trojan.Hugipon HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll Malware.Trace HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman
  8. Thank you so much for all of your help I hope you don't hear from me again!!
  9. Ok. That worked. Then I turned it back on and clicked apply (that's correct, right?). I did not Create a new point though. Still do that? Or I'm good? BTW, mozilla crashed and I had to shut down... Of course, it wouldn't restart... I had to manually turn it off and then back on... Since then, it seems like everything has cleared up... I did, however, get redirected to Firefox when I opened my browser to upgrade to Firefox4... Is this whole virus thing a Firefox problem??? Or are IE users experiencing it too?
  10. I did not have an option for this??? Step one worked. My choices were on the left side 'System Restore Settings' (a link) and on the right side 'Restore my computer to and earlier time' OR 'Create a restore point'
  11. Seth, Other than that pop-up box that came up (see my post above UNDER where the scan log is), it seems okay... It's already been restarted (that's when the pop-up came)... Should I restart again? What should I do about that pop up? Any ideas? I have XP on this computer... Additionally, since I said something about the restore earlier, no changes were made to the computer in the restore (at least that's what the computer said)... There was only a message that it could not be restored to the date I selected. Thanks again.
  12. Hello, thanks for posting the info in how to find this -- I learned something new about the logs It appears that it's 32-bit (it didn't say either) Here is a copy of the log from last night: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 03/23/2011 at 11:29 PM Application Version : 4.50.1002 Core Rules Database Version : 6666 Trace Rules Database Version: 3728 Scan type : Quick Scan Total Scan Time : 00:16:19 Memory items scanned : 737 Memory threats detected : 0 Registry items scanned : 2069 Registry threats detected : 1 File items scanned : 7204 File threats detected : 9 Trojan.Agent/Gen-AdsBrite [tukdtjsr] C:\WINDOWS\SYSTEM32\TUKDTJSR.EXE C:\WINDOWS\SYSTEM32\TUKDTJSR.EXE C:\WINDOWS\Prefetch\TUKDTJSR.EXE-1847591A.pf Adware.Tracking Cookie C:\Documents and Settings\Brea\Cookies\brea@doubleclick[1].txt www.webhostrevenue.com [ C:\Documents and Settings\Brea\Application Data\Macromedia\Flash Player\#SharedObjects\JX365UUV ] C:\Documents and Settings\NetworkService\Cookies\system@clicks.fastgetonline[1].txt C:\Documents and Settings\NetworkService\Cookies\system@oddcast[1].txt Trojan.Agent/Gen C:\WINDOWS\SYSTEM32\DGJASR46W.EXE C:\WINDOWS\Prefetch\DGJASR46W.EXE-02E8F278.pf Trojan.Agent/Gen-Virut C:\WINDOWS\SYSTEM32\SERVICE.SYS ***To update, a tech assistant from work had me boot up in safe mode and download MBAM and run the full scan while in safe mode. After the scan finished (and found alot of what is posted above again), it rebooted. Everything appeared to be clear (don't see the dgjasr46w.exe or tukdtjsr.exe showing up in Windows Task Manager). However, about 15 minutes after I opened Mozilla, I got another pop-up box (the same as the first one I saw last night) -- I have NOT clicked on anything on it or tried to X out of it since I'm not sure what to do... The box looks like a Windows Message (exactly) and says: Generic Host Process for Win32 Services Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send to help us improve Generic Host Process for Win32 Services. We will treat this report as confidential and anonymous. To see what date this error report contains, click here (***THIS IS A BLUE LINK***) There are THREE clickable boxes across the bottom... Debug, Send Error Report, Don't Send Based on what happened to me last night -- If you click to see what the error report contains, it does show you something similar to what Windows Messaging would actually show you... If you click Send Error Report, the little 'connecting to server' box shows as well (just as if you were really sending the report). Since I have not clicked anything on the box (it's just still floating around on my screen), nothing has shown up in my Task Manager still and my computer seems to be running normally. Any and all help is greatly appreciated. I sincerely appreciate you taking the time to help me (and explain things for me). Thank you. By the way, I do have the log for the SAS scan run in safe mode last night too -- But nothing was found. Let me know if you need that as well.
  13. I can't post a copy of the SAS scan log because when I scanned in safe mode, it didn't find anything... The virus keeps freezing SAS if I don't reboot in safe mode... How do I know if it's 32-bit or 64-bit? Where do I look? Sorry, my tech knowledge is minimal... A technical friend told me to try and 'restore' my computer to a previous date... I tried several dates in the last two weeks, but it kept saying it could not restore to that date and no changes were made... I'm now trying to restore to March 5th... It started the restore process about 4 hours ago and I'm still looking at a black screen with an arrow (the light on the tower is blinking)... Not sure what I should do from that point (as I'd like to try and run annother scan to send you the log)... Can I just shut the computer off and try again? I'm on a different computer now, hoping to figure out a solution before long -- I really can't afford to take another day off of work because of this Can you help?
  14. Tonight my computer wouldn't stop running, clicking, whatever... I did a scan (after downloading updates) and it found several Trojans... I didn't think to copy them all down because I've never had a problem with the software not removing everything before... Anyway, when I rebooted (as it told me I needed to), the same pop-up window appeared (about ActiveX), it wouldn't let me access the internet via Firefox -- I was able to access via IE, BUT it kept taking me to a 'Jump' page to buy some sort of anti-virus software (that seems suspect!). Anyway, when I scanned again, same trojans showed up... Rebooted with same results again... In safe mode (did this through SAS) the trojans are not showing up in a scan. Please tell me what to do... I work from home on this computer -- I can't keep it in safe mode all the time -- I can't access my work files!! Help, please!! Ameeeeeee
  • Create New...