Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Virus causing pop-ups
New Posts  All Forums:Forum Nav:

Virus causing pop-ups

post #1 of 23
Thread Starter 
I have a virus called adware.mirar. Nod32 catches it, but when i press delete, it just keeps poppin up again. I guess nod32 can't delete it. Ive scanned with multiple spyware scanners. Those scanners found other spyware but not the one causing the pop-ups. Ive read all about mirar toolbar virus.
http://vil.nai.com/vil/content/v_124245.htm

It says it installs a toolbar in IE. I dont have a toolbar. For removal instrucions:
http://www.spyany.com/program/article_spw_rm_Mirar.html
It says to delete several registry entries. I dont have these entries. So what now, HiJack this?
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
post #2 of 23
Thread Starter 
Anyone? Its annoying the hell out of me!
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
post #3 of 23
post #4 of 23
Thread Starter 
I did ad aware, spybot s&d, and Nod32. Non of them got the pop up one.
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
post #5 of 23
Might as well try Hijack this..

Also try diff AV's.

Try avast and then try AVG.
Workoholic REborn
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600K P8Z68-V PRO NVIDIA GeForce GTX 1080 Ti 12GB 1x4GB+1x8GB 
Hard DriveHard DriveOptical DriveCooling
Intel 520 Series WD Black ASUS DVD+RW Sunbeam Twister 120 
OSMonitorMonitorKeyboard
Windows 7 Ultimate LG OLED65C7P Oculus Rift Logitech K400 
PowerCaseMouse
Corsair 620 Modular Lian Li V1020B G9x 
  hide details  
Reply
Workoholic REborn
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600K P8Z68-V PRO NVIDIA GeForce GTX 1080 Ti 12GB 1x4GB+1x8GB 
Hard DriveHard DriveOptical DriveCooling
Intel 520 Series WD Black ASUS DVD+RW Sunbeam Twister 120 
OSMonitorMonitorKeyboard
Windows 7 Ultimate LG OLED65C7P Oculus Rift Logitech K400 
PowerCaseMouse
Corsair 620 Modular Lian Li V1020B G9x 
  hide details  
Reply
post #6 of 23
post #7 of 23
boot to safe mode and try to delete it that way. Then it won't start.
Main
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600@3.21GHz ASUS P5K-Deluxe 3870x2 4GB G.Skill PQs PC2-8000 
Hard DriveOSMonitorKeyboard
1.32TB RAID0 & 750GB Storage Vista Home Premium 64-bit ViewSonic 22" LCD x2 Microsoft Ergonomic 
PowerCaseMouseMouse Pad
SILVERSTONE ST1000 Rocket-Li Thingy Logitech G7 meh 
  hide details  
Reply
Main
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600@3.21GHz ASUS P5K-Deluxe 3870x2 4GB G.Skill PQs PC2-8000 
Hard DriveOSMonitorKeyboard
1.32TB RAID0 & 750GB Storage Vista Home Premium 64-bit ViewSonic 22" LCD x2 Microsoft Ergonomic 
PowerCaseMouseMouse Pad
SILVERSTONE ST1000 Rocket-Li Thingy Logitech G7 meh 
  hide details  
Reply
post #8 of 23
AVG spyware is pretty good as well for getting rid of that stuff, you can try hijack this and post the log for others to read and may be help you out.
i7 on the cheap
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 970 Gigabyte X58A-UD7 evga GTX470 Corsair Vengence 
Hard DriveOptical DriveOSMonitor
Intel X25-M 160GB LG GBW-H20L Windows 7 Ultimate Acer GD235HZ 23.6" 120HZ 
KeyboardPowerCaseMouse
Logitech G15 Rocketfish 900W 80+ Silver Corsair Obsidian 800D Cyborg Rat 7 
  hide details  
Reply
i7 on the cheap
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 970 Gigabyte X58A-UD7 evga GTX470 Corsair Vengence 
Hard DriveOptical DriveOSMonitor
Intel X25-M 160GB LG GBW-H20L Windows 7 Ultimate Acer GD235HZ 23.6" 120HZ 
KeyboardPowerCaseMouse
Logitech G15 Rocketfish 900W 80+ Silver Corsair Obsidian 800D Cyborg Rat 7 
  hide details  
Reply
post #9 of 23
Thread Starter 
Here is my Hijack this log.

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 9:58:55 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\System32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Toshiba\\Power Management\\CeEPwrSvc.exe
C:\\WINDOWS\\System32\\DVDRAMSV.exe
C:\\Program Files\\Eset\
od32krn.exe
C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe
C:\\Program Files\\Eset\
od32kui.exe
C:\\WINDOWS\\svhost.exe
C:\\DOCUME~1\\KAROLZ~1\\LOCALS~1\\Temp\\MBDownload er_876919.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Steam\\Steam.exe
c:\\program files\\steam\\steamapps\
etro107\\counter-strike\\hl.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.polwizjer.pl/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [CeEPOWER] C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe
O4 - HKLM\\..\\Run: [nod32kui] "C:\\Program Files\\Eset\
od32kui.exe" /WAITSERVICE
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKLM\\..\\Run: [poolsv] "C:\\WINDOWS\\poolsv.exe"
O4 - HKLM\\..\\Run: [svhost] "C:\\WINDOWS\\svhost.exe"
O4 - HKLM\\..\\Run: [NBInstall] C:\\DOCUME~1\\KAROLZ~1\\LOCALS~1\\Temp\\MBDownload er_876919.exe
O4 - HKLM\\..\\Run: [MemoryManager] rundll32.exe "C:\\WINDOWS\\system32\\kpykhmmx.dll",forkonce
O4 - HKCU\\..\\Run: [SIDEBAR] "C:\\Program Files\\Desktop Sidebar\\dsidebar.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\j2re1.4.2_03\\bin\
pjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\j2re1.4.2_03\\bin\
pjpi142_03.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\\Program Files\\Desktop Sidebar\\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\\Program Files\\Desktop Sidebar\\sbhelp.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\\Program Files\\AIM\\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1
O17 - HKLM\\System\\CS1\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1
O17 - HKLM\\System\\CS2\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\\WINDOWS\\System32\\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\\Program Files\\Toshiba\\Power Management\\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\\WINDOWS\\System32\\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\\Program Files\\Eset\
od32krn.exe
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
post #10 of 23
nod32.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon XP 1900+ Gigabyte something ax7c SIS315E 1GB mixed DDR 
Hard DrivePowerCase
40GB Western Digital ...dunno? Thermaltake Armor 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon XP 1900+ Gigabyte something ax7c SIS315E 1GB mixed DDR 
Hard DrivePowerCase
40GB Western Digital ...dunno? Thermaltake Armor 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Virus causing pop-ups