Malware/Trojan Help

I'll have to look into that.

but I agree, I keep telling people to watch their porn in VMs. or do all browsing in VMs if one can help it.

keep a backup, if you catch something, blow it away restore from backup.

Ya I know im still infected. Ran both malwarebytes avast bootscan and another program. Still get these alerts.

Weird part is (might be helpful) that When im on my pc playing a game or something I never get these alerts. Its only when my pc goes to sleep (turns off the monitor) and I wake it back up that I get like 8-10 notifications that avast blocked attacks.

I've never used Avast, I wasn't sure if it included a firewall portion, but I figured it was worth noting the difference just in case.

Another option, if feasible: if you know about when the issue started you could try a system restore point.

Just make sure to create a current one first so you can at least bring it back to the broken point.

Just started recently... Probably when I java said it was out of date and i said "sure update" >.> cause im a newb

ifyou are talkign about hte imunizatiosn features then it does not rely on the service running.
you can install s&D run the immunization and uninstalll S&D againg if you want to avoid unnede ressoruces. ( or simply disable the service and enable it once you want to scan for something.

Or just not install tea timer. or whatever its called.

So opened chrome (should use firefox) and got 24 blocks.. xD

hmmm seems small

teatimer is besides the service it installs. unless they have changed it recently

I assume you do your virus/malware cleaning in safemode? It is generally more effective to do that in safemode with networking.

Try malwarebytes and several other programs people have recommended. I know some of them are pretty powerful and can clean pretty much everything if you update them and they can run freely (without the virus/malware mess up them up).

If that fails to solve your problem then you are do what most professionals would do: remove your HDD and plug it into another PC (or same PC with another HDD/OS) and clean it.

If that also fails then probably try combofix. You might damage your OS with it but you should be able to fix your problem. It's worth a try before reformatting.

In the time you've spent reading this thread, following the links, and assessing the risks with the various programs, you could have already reinstalled windows and reconfigured your ***the way you like it.

Unless you manage to get a rootkit, that's going to be the most time-efficient solution.

how would that not be a time-efficient solution to resolve a rootkit?

there's ways to go about doing it.

you can either learn how to remove/prevent this now, or pay somebody to do it for you, or find somebody to do it for free. Honestly the first solution would be the best in the long run, especially if you value your own work.

If reformatting is out of the question, or you'd just like to resolve without doing it, read the thread again.

I'd personally try a system restore point (after creating one for the current time) before you did the java thing. then do a full scan with avast. See how that goes.

I mean you've already thrown several scanners at it. Does it redirect you at all when you surf, or your home page?

(I'd also check your hosts file, to make sure it didn't corrupt it).

A good thing to do would be to login to your PC as a non-admin and when you need to install something hold shift and right click and select run as another user, or admin and it should prompt for a password. or you could just configure your browser to constantly run as another user, one without admin privileges if running the account as a non-admin is too much of a hassle for you, that way you have less of a chance of getting something.

I can't make out the address it blocked on that screenshot, it's probably documented malware if you google it.

So i can run your log and see if i can get a better idea can i get the hijackthis log anyway from you it should take at maxs 1min to make the log that means just run the scan that will only take 1min maxs even on a slow computer.

I would never tell anyone to install teatimer It has been a pain in the butt when scanning with spybot search and destroy.I end up disabling it or you cant run the scan and fix or remove what you need.

btw formating is a last resort every time keep that in mind i know the scanners can fix this problem for sure but clean up will be a pain but it can be done.
No you should really disable system restore when you run a scan seeing as if a bug is hiding in the restore points then that will kill it and after you remove the bug or bugs you can turn it back on and go from the day after the scan.

btw when your clean bit defender is the best free AV on the market right now and even rated number 1 in a few tests if not most of them.Then just run MWB every 30 days and you should be fine.But we are fair from this step.

I do not care what your told about me but I am here trying to help so that is why i asked for the hijackthis log so like i said i can run it in a tool and see if it can find any thing wrong with the files it checks that would be the files in the log.Then I can give you a better idea of what scanner or what step but like i said on page 1 the 3 scans i gave you are your best bet and most likely the case is that you are not running in safe mode when you remove them.

BTW did you run the rootkit scanning tool that you were told to do so and if so did it find any errors if so let us know how many and if it gives you a log take a screen shot or save the log if you can last time i scanned with the rootkit tool it did not have a save log thing so just giving you a heads up.

teatimer is the live service.
http://www.safer-networking.org/faq/what-is-the-resident-teatimer/

I liked the teatimer once I had it set.

kind of like I enjoy noscript.

I mean I could just tell the browser to run as a user that's not an admin by default, would help a lot. Or just run as a non-admin all the time, but it gets annoying when a lot of ***needs admin rights. like peerblock, because it updates constantly.

I was so annoyed reading the responses you guys give this poor guy i actually had to log in and reply..FYI...though your intent was in the right place...your all idiots in this subject matter...sigh.

ANYWAY...guy...OP has some infections...first thing you need to do is either mount that HD from a live disc with an AV scanner. This will prevent any further files in your machine from being infected and also prevent any background processes that the virus may be running that you might not be aware of. There are tons of live CD's that can do this even some specifically made for virus removal. For example: http://www.ultimatebootcd.com/download.html i know Kaspersky has one as well but too lazy to find link..you can simply google it. However Ultimate boot CD is one of the better one.

Too much typeing...so instead of explaining the rest i will leave you to the wise oracle of google. i simply came to point the way.
Either way...id recommend mounting that drive externally through a live cd and backing up your data then reformat. shortly put: you dont want nasty worms left over or backdoors that the scanners have missed lurking on your machine.

ALSOOO ALSOOO: rootkits usually capture data and leave holes and ports open for background remote shell activity (mostly not all). These should be formatted to avoid securtiy risk and data theft. so yea.../slap >.>.
either way gl guy

yep...because i dont read through all the comments. nor do i care if i make spelling errors on the internet. this isnt an offical document. i just love how idiots look for irrelevant facts to try and seem smart.

Case and point: the minute someone saw he had a rootkit...given you even understand <-not know...but understand what that is...and recommended a live fix within the users profile..was the minute i stopped reading.

so you can suck it :p

Either..i have paid you too much attention. carry on with your shenanigans.

ninja edit..im only here for pics that make me lol when i came across this...
weather he listens to me/fix etc. his problem couldnt really affect me in the least.
Either way..i have already thew out one of the best way to approach the situation...weather he does it or not is up to him/her.

only looking to be smarts and trying to make other look dumb is you. and you just failed at it.

also now that we are on the fact if trying to tell how stupid ppl are lets look at you live bootcd
it will not acces locked/encrypted parts of the hdd meaning on your bootable disc you might risc only being able to scan less files than in the running environment


resident files is not always the same as a service.

beside teatimer spybotS&D used to have a service running as well that needed to be running for the on demand scanner to run (unlike teatimer) so im not talking about teatimer im talking about a different service like i said above.
it might have changed now its been 2-3 yes since i was working in IT with data recovery/malware cleanup

considering I told him to wipe clean, you're wrong on top of being unable to post without reading the whole thread and insinuating everyone in it is an idiot then on top of it try write off your failure of an attempt at the English language (when the browser pretty much takes care of it for you) by citing "it's the internet, who cares?" line, classy.

You're wrong, stop trying to save face, nobody is buying it.

End point of this thread: hopefully the OP wiped clean already, and has enabled adblock, and has some sort of background scanning and has learned to try to avoid using java if at all possible and to not to fall for a phising trap.

awwww I read that and thought you meant trojan condoms, then read malware and was like -.- DAMN

Sorry I didn't update this but I had a pc friend of mine take care of it. wiped everything clean and all that. also installed some stuff that said it should keep me golden. Anyways thanks for all the info!

Also everything is running great and havent had a single issue. he also OC'd my cpu since I never did and pc is running great. He also installed my second GPU (SLI evga gtx 670s) so now I shouldn't have to touch my machine for awhile.

Once again thank you all for the help! I really appreciate it.