[PDFlan]

I have malware that is creating pop-ups of many different varieties. When i ran Avast it said that the threat was BakerFox.A When I tried to move it to the chest,delete it, or repair it Avast said that it could not find it and did nothing. These are the infections that are being shown: Win 32/Nugel.exe ; MSNtask.exe; Googletoolbaruser_32.exe; File sf.bin. I tried downloading SmitfraudFix, but when i click to run it it says that it is infected and will not run it. When I click on the "run protection" on the pop-ups it takes me to a site that tries to sell me Antivir Solution Pro. HELP . . . .

[Advertisements]

Hello PDFlan and welcome to Geeks to Go! Please follow these guidelines while we work on your PC:

• Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
• Please do not run any scans or install/uninstall any applications without being directed to do so.
• Please follow my instructions carefully and in the order they are posted.
• Any light blue colored text in my posts indicates a clickable link.
• You should print any instructions I give you for ease of use and reference.
• If you have any questions at all, please stop and ask before proceeding.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

http://download.blee...inler/rkill.exe
http://download.blee...inler/rkill.com
http://download.blee...inler/rkill.scr

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER (instructions below):

Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.pif

• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Download GMER Rootkit Scanner from here to your desktop.

• Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  
  Click the image to enlarge it
  
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you have trouble running GEMR:

• Make sure that your security software is disabled
• Uncheck the box next to "Files" this time also
• If you still can't run it, try in the Safe Mode

Please include the following in your next post:

• DDS and Attach.txt logs
• GMER log

Edited by RPMcMurphy, 24 July 2010 - 06:56 PM.

[RPMcMurphy]

Hello PDFlan and welcome to Geeks to Go! Please follow these guidelines while we work on your PC:

• Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
• Please do not run any scans or install/uninstall any applications without being directed to do so.
• Please follow my instructions carefully and in the order they are posted.
• Any light blue colored text in my posts indicates a clickable link.
• You should print any instructions I give you for ease of use and reference.
• If you have any questions at all, please stop and ask before proceeding.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

http://download.blee...inler/rkill.exe
http://download.blee...inler/rkill.com
http://download.blee...inler/rkill.scr

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER (instructions below):

Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.pif

• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Download GMER Rootkit Scanner from here to your desktop.

• Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  
  Click the image to enlarge it
  
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you have trouble running GEMR:

• Make sure that your security software is disabled
• Uncheck the box next to "Files" this time also
• If you still can't run it, try in the Safe Mode

Please include the following in your next post:

• DDS and Attach.txt logs
• GMER log

Edited by RPMcMurphy, 24 July 2010 - 06:56 PM.

[RPMcMurphy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.