So, the other day I opened up internet explorer (Please, hold your judgments) and in the frequently visited tab was a crap ton of websites that I have never been to.
My search history is filled with these websites in between the time I use the internet. (Past the end of one session is a hundred bogus website links)
Internet explorer (But not Chrome) also bugs me with a script error alerts on occasion (Usually once per website visit) and that has never happened before.
My better judgement tells me something is very, very wrong here, and I don’t know what to do. Any help would be greatly appreciated.
(The aswMBR scan seems to be frozen, it has been scanning the same file for about ten minutes now, but I’ll give a few more minutes to see if any progress is made)
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
.
Step 2
Scan with Combofix:
[*] Please download ComboFix by sUBs and save it to your Desktop. You may read how Combofix works here.
[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix. If you are unsure how to do this please read this or this Instruction.
[*] Run ComboFix. Click on I Agree! & follow the prompts. Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic. (typical log location: C:\ComboFix.txt )
On an unrelated note: Since the Malwarebytes scan my computer has been telling me it needs to update, but whenever I restart, the update will configure to about 20 percent and then tell me it fails. I take it that its due to interference from the zeroaccess. I’m also unable to turn on any firewalls- I read that zeroaccess disables windows defender and windows firewall and the like, so I presume this is due to the malware as well, though I’m not entirely sure.
I’m still unable to turn on firewalls (Though Windows is alerting me that I don’t have an active firewall, which it hasn’t been doing for a while), but my web history is no longer being filled with the bogus website links.
My computer is running smother, also.
I’m going to re-start and see if windows is able to configure its updates.
> Doubleclick on the MBAR file ( http://www.mcshield.net/personal/magna86/Images/mbar.png
) and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.
• On the Update Database screen, click on the Update button. Once you see ‘Success: Database was successfully updated’ click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.
Notice: with some infections, you may see two messages boxes:
‘Could not load protection driver’. Click ‘OK’.
‘Could not load DDA driver’. Click ‘Yes’ to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.
>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.
>>Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution …
When you see “press any key to exit” fix is completed, press any key to close the window. Reboot the system.
> The following reports will be created in mbar folder:
I’m still unable to turn on firewalls, and this morning the windows update failed to configure once again.
I downloaded the update troubleshooter from Microsoft, and it detected and has claimed to have resolved three problems. I have yet to restart my computer sense the troubleshoot, so I’m not sure if it was effective. (I’ve provided an image of the scan’s outcome)
Besides these two things, everything is in working order, and there are no other symptoms.
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.