Scan and cleanup run several times - still infected

[laurareeling]

Hi there, I was warned by AVG of Trojan Horse Generic29.AJGE and started taking action.  Ran malwarebytes rootkit tool several times.  Ran superantispyware several times,  quick, complete, and custom on Firefox program.  Ran cccleanup.  Have rebooted several times.  Yet I am obviously still infected (pop ups, including one saying it was the FBI which required a restart to clear), even though I'm being told I'm clean by all these programs - what next?

[GuiltySpark]

Hi laurareeling,

 

Do the pop ups only appear when online ?

[laurareeling]

Kinda hard to tell as I'm always online...I'm also getting random audio from ads I cannot locate.

[GuiltySpark]

Try starting the Firefox browser in safe mode (reset).

 

To do this :

 

Select the FF tab, (if you are using the Menu bar select Help)

 

Select Help,

 

Select Troubleshooting info,

 

On the right hand side select Reset FF

 

This will start FF in its basic setting without add-ons etc.

[laurareeling]

OK, done.  Just went to a page where I was having problems and see none.  So what does this tell me?  (In fact, I ran a custom scan just on the Firefox program directory previously, as the browser is where I'm having all my problems...I had also uninstalled a pesky toolbar.)  Thanks!

[GuiltySpark]

The toolbar may have had something to do with it.

 

All of this tells me that the issue is with something downloaded to the browser like an add-on.

 

Disable all add-ons and incremently enable each one until you find the culprit.

 

What add-ons do you have? What was the toolbar ?

[laurareeling]

The toolbar I uninstalled of was 'sweetstarts' or something to that effect, but I was still having problems.  Also have/had an AVG Security toolbar.

 

Plugins: AVG SiteSafety plugin Shockwave Flash AmazonMP3DownloaderPlugin Adobe Acrobat Silverlight Plug-In NVIDIA 3D Vision Java Deployment Toolkit 6.0.220.4 Java Platform SE 6 U22 (SoftBlocked) CANON iMAGE GATEWAY Album Plugin Utility Windows Live® Photo Gallery MetaStream 3 Plugin (disabled)

[GuiltySpark]

Ok it looks like the toolbar was the issue to make sure all remnants have gone download adwcleaner and run, it will remove trace elements of the PUP crapware left behind.

[laurareeling]

OK, did that, deleted and rebooted. (Thank you for all your assistance by the way, it is much appreciated.)

The only thing that still concerns me is that when I logged in after boot up, my entire monitor was taken over by a 'The F.B.I. Dept. of Cybercrime...' window - had gotten this once before during all this mess and the only way I got rid of it was by a task manager restart (as I did this time).

[GuiltySpark]

Best way I found to get rid of that is either boot into safe mode and run any anti malware scans that are permitted in safe mode (some aren't),

 

or (and this is the way I've found to be best)

 

is use a bootable disc such as Avira rescue more details can be found here.

[laurareeling]

Thanks once again - I had some trouble creating the Avira rescue boot disk, but I've got it running now - it's finding things and renaming them (looks like some nasty, backdoor stuff), but the scanner's stopped twice now with 'segmentation fault' - I've hit start scanner and i think it picks up where it left off, but I'm not feeling comfortable that it's really working  and can find nothing online about what it actually looks like when it's found something.  So, sorry to be troubling you yet again, but does this all sound normal?  Should I just keep running it again when it stops until it's finally done?  (I created the boot disk on a clean laptop.)

[GuiltySpark]

Here's a tut on what things should look like forum.avira.com/wbb/index.php?page=Thread&threadID=82163

Remember, any thing that shows as jet black is a warning (I think) and is not necessarily bad, its just because its Linux based and can't distinguish between legit windows files (safe).

Anything in Red shows as an Alert (I think) the red ones are usually Threats and should be treated as such.

But it shouldn't keep stopping unless you are using a hibernate feature which will slow/stop things.

[laurareeling]

Thanks - I had found the tutorial, but it said nothing about segmentation fault.  It also looks like I'll need Avira's regular antivirus s/w to quarantine stuff afterwards (and yes, it's highlighting things in red).

[laurareeling]

Hmmm, I just babysat it and it stopped in the same spot it had the last time with 'segmentation fault.' I'm going to run their antivirus and quarantine what it did find. Wonder if this is bad enough I need to take this PC to a shop.

[GuiltySpark]

Do you have more than one OS on the disk ?

 

Have you got more than one Disk attached ?

 

What OS's are you using ?