Hi, I have some unknown malware on my computer. When browsing online, constant annoying popups and ads come up, my homepage is constantly changed to aol for some reason, and I absolutely can't remove it. I've tried MBAM (latest one included, totally clean), AVAST, AVG, Lavasoft adaware, spybot, etc etc but nothing can get rid of it. I have attached all the following required information. Please help!
I didn't have any trouble running the required steps.
I am unable to post the DDS LOG or the DDS attach or the GMER One because I am getting the following error message when trying to post them: "The code snippet in your post is formatted incorrectly. Please use the Code button in the editor toolbar when posting whitespace-sensitive text or curly braces." Should I attach them?
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-13 15:57:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00 465.76GB
Running: u63z8etr.exe; Driver: C:\Users\3yoosh\AppData\Local\Temp\kwdiqpog.sys
Please don't attach logs. As it says, do this: "The code snippet in your post is formatted incorrectly. Please use the Code button in the editor toolbar when posting whitespace-sensitive text or curly braces."
The code button is in the line right above where you type your response. A window will open, paste the logs into it.
Shooting in the dark, here, but this line is probable germaine:---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
Please run ASWMBR, and tdsskiller.
==Download aswMBR from http://www.bleepingcomputer.com/download/aswmbr/
Start it, press Scan [it will download virus definitions from Avast], wait the 3 or 4 minutes until it says Scan completed then press Save Log. Post that, please. Do NOT fix anything at this stage.
An MBR.dat file will appear on your desktop, it is a copy of your MBR. Do not delete it.
==Download TDSSkiller from this link, save it to your desktop: http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
-click Start scan;
-if TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required];
-press Continue also on any Skip prompt for suspicious files. Do not delete or quarantine any files.
Post the log from C:.
1 - It's an oldish thread.
2 - Norton, Panda, and AVG absolutely will not remove anything that Mbam can't see. Especially Norton, it is the most useless security program out there, I am having to fix all the problems it causes on a daily basis.
Dude I will like to say that use Internet Security Antivirus...
Norton, quick heal, avast etc are useless for those errors.
Quick Heal Total Security may help You...
Avast Internet Security, Avira Internet Security may this helps you so...
When I am having the problem like this I use Quick heal Total and it removes all the Bug...
and now the reason for AOL as your default homepage/toolbar..
You have to uninstall it so from the Uninstaller
if you can't see this item in the uninstaller then This is hidden object so that you can't uninstall it but there are few steps for this too like:
Go to C:\ and check cookies for all the Files and etc.
And delete the AOL Toolbar/cookies etc...
If for some reasons you can't delete then use unlocker from filehippo and then delete that from unlocker.
You must also reset your Browser.
And then check for update after resetting... (If you use skins for browser then may this happen for that resons too.)
After reset, scaning and then you should restart your PC.
Then Run Ccleaner.
also Fix the Registry from it so this will help you alot...
and then again restart. (restart is done as some file of viruses can't deleted untill the restart has been done so. you need restart)
I use same procedure and now my PC is clean from that Time
Notes: Don't use the hack serial/keygen for antivirus.
Reasons: They are already blocked so that you will see it as Active but actually its not active...
(serial/keygen that you get from internet may result you to restart your PC. slow down your pc, or shows you as critical situation as you check for update...