Pages: 1

 

2008-08-19 15:17:07
cablecopulate
Member
+449|6742|Massachusetts.
And I can't get rid of it. I've tried ad-award, spybot search and destroy, hijack this, something called combo fix that I figured couldn't hurt. All have done nothing. Ran safe mode, tried to manually delete, and no results. The exe for this thing is p2JkBHFm.exe. Tried google, no results. I get IE window popups and then I also get a sound file that plays. "Congratulations, you've received a free $1000 Walmart gift card!" Sometimes a window pops up for that, sometimes not. Any suggestions on what else I can try to get rid of this. Oh, after I finished typing this, a sound file played telling me I have been selected to win 2 ipod nanos. As I typed that last sentence, I was told I could win a Wii.

Help me get rid of this and I will give you the free gift card, Wii and 2 ipods after I receive them.
2008-08-19 15:21:33
san4
The Mas
+311|6693|NYC, a place to live
http://www.download.com/Malwarebytes-An … l?hhTest=1
mbam conquers all.
2008-08-19 15:23:04
cablecopulate
Member
+449|6742|Massachusetts.
Trying it now.

Also, adware 2008 did find the .exe, but all it seemed to do was submit it to lavasoft, I don't think it tried to delete or quarantine.
2008-08-19 15:23:06
']['error.V2
Om nom nom nom
+48|5818
boot up in save mode with network connections, install/update antivirus and anti-spyware software, reboot into save mode without network connections, scan and clean.

also could you do a scan with Hijackthis and post the log here after you're done?
2008-08-19 15:41:50
cablecopulate
Member
+449|6742|Massachusetts.

san4 wrote:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?hhTest=1
mbam conquers all.
I think that might have done it. I'll give it a few minutes to see if the deletion took.
2008-08-19 16:04:28
cablecopulate
Member
+449|6742|Massachusetts.

cablecopulate wrote:

san4 wrote:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?hhTest=1
mbam conquers all.
I think that might have done it. I'll give it a few minutes to see if the deletion took.
It didn't take.
2008-08-19 16:11:57
liquidat0r
wtf.
+2,223|6632|UK
What happens when you kill the process?
2008-08-19 16:15:34
i g
Banned
+876|5868|GA

ccleaner?

dont use ie?
2008-08-19 16:19:34
`MetaL*
Just an ordinary guy, Looking for lulz.
+45|5759
I had a similar problem before, I did a windows search of my hard drive of the (process name).exe found it, removed the process and quickly dragged it into a new folder before the process reappears again then deleted it.
2008-08-19 16:46:45
cablecopulate
Member
+449|6742|Massachusetts.

liquidat0r wrote:

What happens when you kill the process?
It goes away and reappears a few minutes later. It also opens up it's own iexplore.exe. If I leave my computer on for too long, I get "virtual memory low" and that it's increasing the page file or something like that.

I think the issue might have something to do with some adware called "popcap." There's a popcaploader that malware keeps finding and deleting but it doesn't take. When I check the registry I can find the keys but can't open or delete. The malware log says:

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Going to try NOD32 now.
2008-08-19 17:06:40
san4
The Mas
+311|6693|NYC, a place to live

cablecopulate wrote:

cablecopulate wrote:

san4 wrote:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?hhTest=1
mbam conquers all.
I think that might have done it. I'll give it a few minutes to see if the deletion took.
It didn't take.
Wow, whatever you've got sounds nasty.
The version I linked you (1.24) to was out of date. The current version is 1.25, linked below.
http://www.majorgeeks.com/Malwarebytes_ … d5756.html

You could also try Blacklight, which is designed to remove rootkits, which sounds like what you have. See link at the bottom of this page:  http://www.f-secure.com/security_center/
2008-08-19 17:19:46
cablecopulate
Member
+449|6742|Massachusetts.
I tried blacklight, it did not locate anything.
2008-08-19 17:22:24
Cheez
Herman is a warmaphrodite
+1,027|6443|King Of The Islands

Goddamn it. Combofix needs it own website so people believe me when I link to it.

http://www.bleepingcomputer.com/combofi … e-combofix
Just download and run.

4srs.
My state was founded by Batman. Your opinion is invalid.
2008-08-19 17:23:19
cablecopulate
Member
+449|6742|Massachusetts.
I did try that, it didn't find anything.
2008-08-19 17:31:42
liquidat0r
wtf.
+2,223|6632|UK
Work out the exact time and date that the .exe found it's way on to your PC, if you still can*. If you have previously deleted it and it has since reappeared, you may not be able to.

But if you haven't, then search for files that were also created on that date at about the same time. There may be some .dll files. You'll probably be able to manually delete those which may help with the fact that the adware/malware/etc comes back once quarantined/deleted.


*The file's properties will tell you the date it was put on your system.
2008-08-19 18:51:52
san4
The Mas
+311|6693|NYC, a place to live
I hope you have your OS installed in its own partition, if you know what I'm getting at.
But before you get to that point, here are a couple progs from Microsoft that could help:

Malicious software removal tool
http://www.microsoft.com/downloads/deta … layLang=en

Windows Defender
http://www.microsoft.com/downloads/deta … layLang=en
2008-08-19 19:03:15
Noobpatty
ʎʇʇɐdqoou
+194|6358|West NY
If that doesn't work try SUPER antispyware
got rid of all the spyware my other progs couldn't
2008-08-20 15:48:58
cablecopulate
Member
+449|6742|Massachusetts.
Nothing was working, but I ran NOD32 and went to bed. Got up and it still hadn't reappeared. Just got back from work and still nothing, so I think that may have fixed it. Thanks for all the help dudes.
2008-08-20 16:53:01
san4
The Mas
+311|6693|NYC, a place to live

cablecopulate wrote:

Nothing was working, but I ran NOD32 and went to bed. Got up and it still hadn't reappeared. Just got back from work and still nothing, so I think that may have fixed it. Thanks for all the help dudes.
Cool, glad it worked out. NOD32 wins the contest.

 

Pages: 1

Board footer

Privacy Policy - © 2024 Jeff Minard