Infected by an adware

[topgear]

Ran a scan from bootable PD today
It found three tojan.win32(which i think were false positive)
deleted them
Will again have to wait and watch

BTW kaspersky has not updated their rescue disk from a long time
its database is outdated. Is there a way to install updates from within windows?(as i would not be able to MBLAZE in its "OS")

Or should i download some other AV's rescue disk?

EDIT: didn't work(again)
Think will have to reinstall OS

try AVG or Avira rescue disc - they are updated almost daily

 

[Niilesh]

Combofix didn't work
It was running the scan for 15 min. but didn't show any sign of progress
my system was lagging like hell. even the clock(near the tray) was not being updated.
I couldn't open even taskmanger. Had to force shutdown

@topgear will download AVG rescue disk

 

[topgear]

^^ nice.. let us know the result

BTW, my recommendation goes with Avira Rescue disc

 

[skeletor]

He already post HJT Log on post 12:
*www.thinkdigit.com/forum/1608173-post12.html

ok I missed that.

@OP

Might want to get rid of the following entries? I know they are related to Datacard, but still weird.

C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe

These as well

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

[Rockstar11]

Combofix didn't work
It was running the scan for 15 min. but didn't show any sign of progress
my system was lagging like hell. even the clock(near the tray) was not being updated.
I couldn't open even taskmanger. Had to force shutdown

@topgear will download AVG rescue disk

......okk

 

[Niilesh]

ok I missed that.

@OP

Might want to get rid of the following entries? I know they are related to Datacard, but still weird.

C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe

I think these are useful files. I will probably won't be able to connect without them

These as well

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

These are registry entries right?I do i have to search for these entries in a registry editor and delete them?

 

[dashing.sujay]

^Nope, just check the boxes against them in Hijack this, and select Fix.

 

[Niilesh]

Ran scan with AVG rescue disk
It didn't detect any infections
BTW they dont update every day, latest one was dated 12th march

^Nope, just check the boxes against them in Hijack this, and select Fix.

Ok, thanx will delete them

 

[coderunknown]

^^ you don't have to be 100% latest. these mayn't be 0day worms.

have you tried emsisoft antimalware. also i have a feeling, this is caused by the damage by worms to system files. the infected files are gone but some registry values are changed.

 

[Niilesh]

^^ you don't have to be 100% latest. these mayn't be 0day worms.

I know that but just wanted to inform topgear about it

have you tried emsisoft antimalware. also i have a feeling, this is caused by the damage by worms to system files. the infected files are gone but some registry values are changed.

Ok will try emsisoft antimalware
BTW registry keys can make ads pop up?

 

[topgear]

Ran scan with AVG rescue disk
It didn't detect any infections
BTW they dont update every day, latest one was dated 12th march



Ok, thanx will delete them

that's why I recommended Avira Rescue Disc ...

Download Avira AntiVir Rescue System

 

[skeletor]

These are registry entries right?I do i have to search for these entries in a registry editor and delete them?

No. Delete them using HijackThis. It gives you an option to fix.

If nothing works, get out of your Windows misery and start using Homepage | Ubuntu

 

[Sujeet]

No. Delete them using HijackThis. It gives you an option to fix.

If nothing works, get out of your Windows misery and start using Homepage | Ubuntu

Arguably Most Productive and Work-Oriented OS We have..No need worry about virus atleast.

 

[Niilesh]

Update:Ads seem to magically disappeared

No. Delete them using HijackThis. It gives you an option to fix.

If nothing works, get out of your Windows misery and start using Homepage | Ubuntu

Deleted them.
BTW i have an old pc(will buy a lappy in a month)
I think will have to use xubuntu

that's why I recommended Avira Rescue Disc ...

Download Avira AntiVir Rescue System

will try if ads again appear