Virus Like Activity - 60+ IE Windows Start Opening Up

[Clocker]

Howdy-
My dad is having some issues with his Win7 Home 64-bit computer. He uses IE (WAS using, I mean). Somewhat randomly when he goes to enter a website address new windows start popping up to the point where the PC is un-usable. They are just blank IE windows.

He has Norton AV installed (comes free with Comcast). I ran that it found nothing. Also ran the latest Malwarebytes. It finds only one thing 'Regedit.Hijack'. I have the program remove it but it is always there I have also switched him over the Firefox. I have also run a program called Combofix. It seems to do a lot of stuff but I have no idea what - it took about 10min to run. I also ran Adaware but that program now seems useless.

A few hours after I leave they are having problems again. Any recommended Malware cleaners or other ideas out there? I am getting ready to just do a format/reinstall.

Thanks
Clocker

 

[Mercutio]

Uninstall Java.
Uninstall Norton whatever using their Removal Tool.
Use ninite.com to install Avast, Spybot and Malwarebytes.
Hit Filehippo.com to grab Hijack This, Ccleaner and Spywareblaster.
Run MBAM to update it to current.
Right click on Spybot, go to properties, compatibility. Tell it to always run as Administrator.
Install and run Ccleaner.
Disconnect from the Internet.
Tell Avast to do a boot time scan. Just delete the shit that it finds (I'm betting java exploits).
Reboot.
Go into safe mode.
Run Malwarebytes again.
Then run Spybot. Do the immunizations as well.
Reconnect to the internet. Reboot normally.
If you experience internet connectivity problems, run
netsh int ip reset
and
netsh winsock reset

to fix your IP stack.

 

[Mercutio]

Everyone needs to be block ads all the time. This is not optional. In Firefox and Chrome, use Adblock Plus. Make Sure you subscribe to both Easylist and Fanboy's list.
IE should be updated to at LEAST version 9 but version 10 is out as well. IE uses tracking protection lists. You need both Easylist and Fanboy's Ad blocking list for it as well.
Ditch Acrobat Reader for either Nitro PDF or Foxit. Honestly both Chrome and Firefox now have integrated PDF readers so you may not need anything at all.

 

[Clocker]

Awesome. Thanks! I tried to boot into safe mode yesterday tapping f8 during Boot up but I wasn't getting the normal menu I would expect to see. Is there a new trick?

 

[Mercutio]

No. Do it faster.

 

[Clocker]

Thanks again sir!

 

[Clocker]

What's the best AV program I should install for them? The Comcast/Norton program obviously was not doing the job.

 

[ddrueding]

Anything is better than Norton. It is hands-down the worst out there IMO. Of the free options I prefer Microsoft Security Essentials. It isn't the best, but it is the most fool-proof. Even better programs will be worse when they aren't updated or running in 6 months.

For the paid stuff I still love NOD32.

 

[Clocker]

All cleaned up. Thanks guys. There were a few things on there that the boot scan cleaned out. Then Malwarebytes was able to find some other stuff. I took the opportunity to buy a double pack of NOD32 6.0...one for me and one for my parents.

 

[ddrueding]

You won't be disappointed. And a note for others here: ESET makes two products; NOD32 is great and their "whole system protection" program is crap, just like every other "whole system protection" product.

 

[Clocker]

Yeah I just got the plain old A/V one. Two PCs for Two Years, $75. Not great but not a terrible price. Didn't feel like shopping it around it is too late.

 

[Mercutio]

We've had this discussion before, but Security Essentials is easily the WORST of the free options. AVG is a total pig, but at least I've observed that machines that have it installed typically aren't infected by things. They spend two hours a day doing scans, but they aren't infected.

Avast really seems like the best deal overall. It's lighter than Security Essentials, has decent real-time scanning and a crap ton of other functions like the boot mode scan, sandboxing and now an update checker for important third party software.

I do not think any integrated security software is worth owning.

 

[Clocker]

I must say I thought Avast was nice and a butt-saver. But I decided to go with NOD32 because I understand that it is lighter on system utilization than the others. My parent's system is just an original Sandy Bridge G620 2.6Ghz.

 

[Bozo]

I have been running the free version of COMODO along with the MS program. No complaints so far.

 

[Mercutio]

My parent's system is just an original Sandy Bridge G620 2.6Ghz.

Man a G620 is nothing for most people to complain about. I think the big gulfs for day-to-day usage right now are between people who still have single core machines and people who have deliberately crippled stuff like Atom and Celeron processors. Everybody else is in roughly the same boat. The seven year old 1.86GHz E6300s in my old classroom machines still run great. If I wasn't concerned about power supplies and hard drive failures, I wouldn't even be bothering to replace them.

 

[ddrueding]

The thing I like about MSE is that I haven't seen a machine with it installed where it wasn't running and fully updated. Most machines I come across with the other free options (or Norton/McAffee) don't have it updated and many times it isn't even running. Just sitting in the corner with some error-looking status icon that doesn't tell the user anything. MSE beats any antivirus that isn't running or updated.

 

[mubs]

I've been using MSE for the last 2-3 years and haven't had a problem. I also have Spywareblaster, Spybot and MBAM installed, but these are updated and run only when I think something weird is going on. Never found anything so far. But then, my (and my kid's) surfing habits are relatively safe.

 

[Clocker]

After getting the PC back to my Dad's house I was confounded. The scanners that were run definitely found some stuff & cleaned it out. Java was uninstalled and the ad blockers were in place. We then went to reproduce the problem he had before....selecting about 10 email messages in his WLM 2011 email program with the shift key. It also popped windows other times but this was the only re-producable combination of things he could remember. The PC then proceeded to open another 60 or so browser windows (FireFox this time) and bring the PC to it's knees. I was able to get out of it by killing the FireFox process in Task Manger. I also noticed that in the email search field of his program there were about 100 or so h's appearing, like the h key was being held down or something. Was not happening if I opened Notepad or anything though. Windows Help was also popping up randomly after boot. I had not experienced this behavior at my house but I was using a USB keyboard of my own because I could not get into Safe Mode no matter how hard I tried using my Dad's wireless Logitech.

So my last steps were to upgrade him to WLM 2012 from WLM 2011. That had no effect. Yes, I know you guys will ask why I am using that program buy my parents are old and comfortable with it.

I then upgraded the Logitech SetPoint Software to the latest version and replaced the batteries in the keyboard and mouse combo. Problem seemed to disappear but I will give it a day or so before I believe it. It has been well over a year since they replaced the batteries so this could be an interesting learning experience. I never did test to see if getting into safe mode was possible now that the keyboard batteries are fresh.

 

[ddrueding]

I had a problem with an old MS wireless keyboard and mouse set. The keyboard had died long ago but the mouse was still in use. At random intervals the keyboard would launch random programs or type random stuff.

Put in a wired keyboard for a bit and disconnect the wireless receiver. I bet things will be fixed.

 

[Clocker]

So far so good with the new batteries!

 

[mubs]

Never would have thought of wireless kb/mouse causing this problem if you hadn't written about it!