Because I don't see anything else on your system I believe we should try branching out and test if your router is the one that is infected. What is the make and model of your router?
What I want to do is reset it to its factory defaults. This is typically done by holding down the reset button on the back of the device for about 10 seconds while it's still on. Be warned that this will reset any configuration that was made on it including ISP passwords, wireless passwords and configuration and even the device's administrator password will be reset.
This will eliminate whatever infection on the device if there is any. If its DNS settings have been hijacked they could cause redirection symptoms on all the machines connected to it and that are configured to receive DNS information from it.
I've asked someone else to look at this to see if they can see anything I've missed. I'm beginning to wonder if these popups are the result of website coding and has nothing to do with your computer. Are you only getting them when you visit a certain website?
Let's try setting your computer up to use Google's DNS servers instead of your ISP's to see if that solves the problem. If it does, then the problem lies in your ISP's DNS servers.
NeonFx - After reading the instructions on making this switch, I was kind of reluctant...didn't want to end up with no
connection etc...I let it go for a few days. This morning, MS's malicious software group (that sound right??), popped
up with a message that a test had been run/ trojan found/ click to remove etc. Did so and computer looks good.
A thousand thanks for your fine support and tenacious pursuit of the problem, regards....RichH
Changing DNS servers does nothing to your connection. It's simply the location where your computer goes to translate addresses such as help2go.com into IP addresses. Companies use their own DNS servers all the time to prevent people in their company from visiting certain websites and such.
It's called the malware removal tool. I am very curious as to what was causing the problem. Could you look to see if the results were saved here? C:\Windows\debug\mrt.log
Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Mon May 17 03:02:48 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Quick Scan Results for 1141F7C9-5AD3-421D-85D0-F96EF5DFB411:
----------------
Threat detected: Virus:Win32/Alureon.H
rootkit://Alureon->alim1541
SigSeq: 0x000035A9D6C58B30
Results Summary:
----------------
Found Virus:Win32/Alureon.H, full system scan needed to complete removal
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 17 03:05:52 2010
Start 'clean' for rootkit://Alureon->alim1541
Operation was scheduled to be completed after next reboot.
Start 'clean' for file://\\?\C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP12\A0078626.sys
Operation succeeded !
Start 'clean' for file://\\?\C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP11\A0078219.sys
Operation succeeded !
Start 'remove' for file://\\?\C:\Qoobox\Quarantine\C\Program Files\PCenter\faq\guide.html.vir
Operation succeeded !
Results Summary:
----------------
Found Trojan:Win32/PrivacyCenter and Removed!
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 17 08:53:11 2010
I have to admit, I'm very surprised that MRT caught that. None of my other tools even hinted at it being there and that was the infection I was looking for.
Thank you for being patient with me. Are you ready for my closing instructions?
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
(If you use Vista or 7 just paste it into the text box that appears next to your start button)
ComboFix /Uninstall
Note: If you have trouble and it doesn't want to uninstall using the method described above, you can rename ComboFix.exe to Uninstall.exe and double click on it to uninstall it.
STEP 2
To clean up OldTimer's tools, along with a few others, do the following:
Run OTS.exe by double clicking on it
Click on the "CleanUp" button on the top.
You will be asked if you wish to reboot your system, select "Yes"
STEP 3
Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.
You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)
You might want to keep MalwareBytes AntiMalware though and that's fine Make sure you update it before you run the scans in the future.
All Clean
Congratulations!, , your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.
Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to (Start) > (All) Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates
Install WinPatrol
Download it HERE
You can find information about how WinPatrol works HERE and HERE
Note: This program will work alongside all other security programs without conflicts. It might ask you to allow certain actions that security programs perform often, but if you tell Scotty to remember the action by checking the option, the alerts will lessen.
Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.
Setting up Automatic Updates
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. See HERE for Windows 7.
Read further informationHERE, HERE, and HERE on how to prevent Malware infections and keep yourself clean.
LinkBack URL
About LinkBacks
, your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.
Reply With Quote
