laurareeling Posted July 1, 2013 Hi there, I was warned by AVG of Trojan Horse Generic29.AJGE and started taking action. Ran malwarebytes rootkit tool several times. Ran superantispyware several times, quick, complete, and custom on Firefox program. Ran cccleanup. Have rebooted several times. Yet I am obviously still infected (pop ups, including one saying it was the FBI which required a restart to clear), even though I'm being told I'm clean by all these programs - what next? Share this post Link to post Share on other sites
GuiltySpark Posted July 1, 2013 Hi laurareeling, Do the pop ups only appear when online ? Share this post Link to post Share on other sites
laurareeling Posted July 1, 2013 Kinda hard to tell as I'm always online...I'm also getting random audio from ads I cannot locate. Share this post Link to post Share on other sites
GuiltySpark Posted July 1, 2013 Try starting the Firefox browser in safe mode (reset). To do this : Select the FF tab, (if you are using the Menu bar select Help) Select Help, Select Troubleshooting info, On the right hand side select Reset FF This will start FF in its basic setting without add-ons etc. Share this post Link to post Share on other sites
laurareeling Posted July 1, 2013 OK, done. Just went to a page where I was having problems and see none. So what does this tell me? (In fact, I ran a custom scan just on the Firefox program directory previously, as the browser is where I'm having all my problems...I had also uninstalled a pesky toolbar.) Thanks! Share this post Link to post Share on other sites
GuiltySpark Posted July 1, 2013 The toolbar may have had something to do with it. All of this tells me that the issue is with something downloaded to the browser like an add-on. Disable all add-ons and incremently enable each one until you find the culprit. What add-ons do you have? What was the toolbar ? Share this post Link to post Share on other sites
laurareeling Posted July 1, 2013 The toolbar I uninstalled of was 'sweetstarts' or something to that effect, but I was still having problems. Also have/had an AVG Security toolbar. Plugins: AVG SiteSafety plugin Shockwave Flash AmazonMP3DownloaderPlugin Adobe Acrobat Silverlight Plug-In NVIDIA 3D Vision Java Deployment Toolkit 6.0.220.4 Java Platform SE 6 U22 (SoftBlocked) CANON iMAGE GATEWAY Album Plugin Utility Windows Live® Photo Gallery MetaStream 3 Plugin (disabled) Share this post Link to post Share on other sites
GuiltySpark Posted July 1, 2013 Ok it looks like the toolbar was the issue to make sure all remnants have gone download adwcleaner and run, it will remove trace elements of the PUP crapware left behind. Share this post Link to post Share on other sites
laurareeling Posted July 1, 2013 OK, did that, deleted and rebooted. (Thank you for all your assistance by the way, it is much appreciated.) The only thing that still concerns me is that when I logged in after boot up, my entire monitor was taken over by a 'The F.B.I. Dept. of Cybercrime...' window - had gotten this once before during all this mess and the only way I got rid of it was by a task manager restart (as I did this time). Share this post Link to post Share on other sites
GuiltySpark Posted July 1, 2013 Best way I found to get rid of that is either boot into safe mode and run any anti malware scans that are permitted in safe mode (some aren't), or (and this is the way I've found to be best) is use a bootable disc such as Avira rescue more details can be found here. Share this post Link to post Share on other sites
laurareeling Posted July 3, 2013 Thanks once again - I had some trouble creating the Avira rescue boot disk, but I've got it running now - it's finding things and renaming them (looks like some nasty, backdoor stuff), but the scanner's stopped twice now with 'segmentation fault' - I've hit start scanner and i think it picks up where it left off, but I'm not feeling comfortable that it's really working and can find nothing online about what it actually looks like when it's found something. So, sorry to be troubling you yet again, but does this all sound normal? Should I just keep running it again when it stops until it's finally done? (I created the boot disk on a clean laptop.) Share this post Link to post Share on other sites
GuiltySpark Posted July 3, 2013 Here's a tut on what things should look like forum.avira.com/wbb/index.php?page=Thread&threadID=82163 Remember, any thing that shows as jet black is a warning (I think) and is not necessarily bad, its just because its Linux based and can't distinguish between legit windows files (safe). Anything in Red shows as an Alert (I think) the red ones are usually Threats and should be treated as such. But it shouldn't keep stopping unless you are using a hibernate feature which will slow/stop things. Share this post Link to post Share on other sites
laurareeling Posted July 3, 2013 Thanks - I had found the tutorial, but it said nothing about segmentation fault. It also looks like I'll need Avira's regular antivirus s/w to quarantine stuff afterwards (and yes, it's highlighting things in red). Share this post Link to post Share on other sites
laurareeling Posted July 3, 2013 Hmmm, I just babysat it and it stopped in the same spot it had the last time with 'segmentation fault.' I'm going to run their antivirus and quarantine what it did find. Wonder if this is bad enough I need to take this PC to a shop. Share this post Link to post Share on other sites
GuiltySpark Posted July 3, 2013 Do you have more than one OS on the disk ? Have you got more than one Disk attached ? What OS's are you using ? Share this post Link to post Share on other sites