I've got trkjmp, trying to get help!

Viruses and worms
1

I have the mouseover links in Firefox that everybody else mentions. I also have something that tries to install itself when I click short cuts on my desktop. Hopefully I provide the logs you need! Spent a couple days trying to figure it out on my own. This ones over my head! I’ll paste malware bytes and attach OTL asap

2

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.01.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: LENOVO-C5451E73 [administrator]

1/31/2013 9:13:45 PM
mbam-log-2013-01-31 (21-13-45).txt

Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300170
Time elapsed: 1 hour(s), 4 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

3

Here’s the rest! If anything else is needed please let me know.

4

do you have AVG and Norton installed?
never install multiple AV as this will give you a slow machine, mysterious windows errors and false detections…
run removal tools for the AV you you uninstall to clear any leftover files that may conflict
you find the tools here http://singularlabs.com/uninstallers/security-software/

removers are notified…it may take hours before one arrive so be patient

5

Hi,

Please go to systemroot partition ( C:\ ) and attach here AdwCleaner[S1].txt logreport.

When you do what Pondus advised you then …

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

"%userprofile%\desktop\combofix.exe" /killall

ComboFix will start to run. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

6

Sorry for the slow reply! If I had two virus scanners, I was unaware. I used the norton remover tool. Here are the two logs! Once more please let me know if you need anything else and thanks so much!!!

7

Hi,

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.

  • Again, temporaly disable your AntiVirus

  • Open notepad and copy/paste the text present inside the code box below:



ClearJavaCache:: 

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

Re-run OTL

[*]Make sure all other windows are closed and to let it run uninterrupted.

[*] Click on Scan All Users

[*] Paste this into Custom Scans/Fixes box at the bottom



BASESERVICES 
%SYSTEMDRIVE%\*.exe
/md5start
services.exe
/md5stop
CREATERESTOREPOINT

[*] Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*] When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

[*] Please attach them in this thread.

8

Hey, I can’t seem to find the one called extras. There was one saved from yesterday, but I don’t think that’ll help anything. Did I make a mistake?

9

Any time I click a short cut, this pops up.
http://imgur.com/mgoxBPv
It says “client security solution” then " please wait while windows configures client security solution." I hit cancel two or three times when I open something. I’m not sure if it’s even related, or if it’s because I uninstalled something trying to track down this bug on my own.

10

Hi,

Delete all your copies of TDSSKiller.exe and download new&fresh copy.
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Re-run TDSSKiller then click on Change parameters.

[*] Put a checkmark beside loaded modules.
[*] A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.

[*] Then click on Change parameters in TDSSKiller.
[*] Check all boxes then click OK.

[*] Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

[*] Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”.

[*] Please attache the contents of that file here.

11

I did have a couple couples of TDKiller, must’ve been getting a new one each time. Here’s the requested file.

12

Hi,
That pop-up is not malware related. It’s related for some software that you have install. Removing or configuring setting you will solve problem.

How’s your computer running now? Any malware related issues?

13

Here’s an example of what is happening. I moused over security guard, and you can see the ad pop up, which clearly doesn’t belong there. I also copied the url and pasted it into the browser bar at the top, which is where I came up with trkjmp. I rolled back anything I had installed in the last week on wednesday, any idea how I would get to the bottom of it?
http://i.imgur.com/xmouGON.png

14

this is a Lenovo computer?
not sure if this help …but when googling this “client security solution” i find this… and there is more if you google it
http://www.ehow.com/how_7202878_disable-lenovo-client-security.html

15

Ok, i see …

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:processes
killallprocesses 

:files
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\0olnc1l5.default\extensions\freehdsport@freehdsport.tv.xpi
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\0olnc1l5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

:Commands
[Reboot]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

Then, follow instructions for running RogueKiller
http://forum.avast.com/index.php?topic=53253.0
Attach here all RK reports.txt .

re-scan

Re-run OTL

  • Under “Extra Registry” click/switch on “Use Safe List
  • Click RunScan button and attach here fresh OTL.txt and Extras.txt logs
16

Magna: Thanks so much for your help! Your solution is probably more elegant, but I figured out it was firefox too, and just uninstalled it, and deleted the C:\Documents and Settings\Home\Application Data\Mozilla as well. IE didn’t have any of these pop-ups, so I used it to install chrome. I think that’s got it. Sorry I didn’t give you enough data to figure it out at the begining!