Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Posted 06 November 2009 - 11:59 AM
I am not sure where to put this, so please move it if necessary.
I recently worked on a client's Windows XP computer that had multiple infections. I used several programs to clean it and spent a lot of time combing over logs to make sure it was virus-free. It came up clean on Malwarebytes Anti-Malware, Spybot Search and Destroy, Avira Antivirus, and SuperAntiSpyware. HijackThis logs looked clean as well. I uninstalled unnecessary programs and combed the logs for any services that looked suspicious. All looked good.
Despite all this, upon getting her computer back, her browser was hijacked and a rogue anti-spyware program tried to scare her into installing it. She didn't, thank goodness.
I took the computer back, tried to replicate the problem (I could not.) Scanned it seven ways from sunday, looking for anything and everything I could find that might be causing it. I returned the computer to her and asked her to take a picture if it came up again.
It finally happened last night. I was able to track down the problem as drlcleaner.info. The screen matches this one exactly:
http://www.2-spyware.com/remove-drlcleaner-info.html (not the popup, but the one behind it.)
What bothers me is that none of the tools I used even detected this thing! It flew under all of them! I've cleaned many viruses off of computers (and learned a ton from these forums) but have never found one like this. I thought I would share here and see if anyone else has had trouble dealing with this one or even seen this before.
Edited to add: Every single one of the programs I used was updated with the very latest antivirus/anti-spyware/anti-malware definitions. Both IE and Firefox were updated to the latest versions and innoculated with Spybot Search and Destroy. I had put Adblock Plus on Firefox to further protect in case of malicious ads. How this got by everything, I'm not sure. But it really bothers me!
Llyn
I recently worked on a client's Windows XP computer that had multiple infections. I used several programs to clean it and spent a lot of time combing over logs to make sure it was virus-free. It came up clean on Malwarebytes Anti-Malware, Spybot Search and Destroy, Avira Antivirus, and SuperAntiSpyware. HijackThis logs looked clean as well. I uninstalled unnecessary programs and combed the logs for any services that looked suspicious. All looked good.
Despite all this, upon getting her computer back, her browser was hijacked and a rogue anti-spyware program tried to scare her into installing it. She didn't, thank goodness.
I took the computer back, tried to replicate the problem (I could not.) Scanned it seven ways from sunday, looking for anything and everything I could find that might be causing it. I returned the computer to her and asked her to take a picture if it came up again.
It finally happened last night. I was able to track down the problem as drlcleaner.info. The screen matches this one exactly:
http://www.2-spyware.com/remove-drlcleaner-info.html (not the popup, but the one behind it.)
What bothers me is that none of the tools I used even detected this thing! It flew under all of them! I've cleaned many viruses off of computers (and learned a ton from these forums) but have never found one like this. I thought I would share here and see if anyone else has had trouble dealing with this one or even seen this before.
Edited to add: Every single one of the programs I used was updated with the very latest antivirus/anti-spyware/anti-malware definitions. Both IE and Firefox were updated to the latest versions and innoculated with Spybot Search and Destroy. I had put Adblock Plus on Firefox to further protect in case of malicious ads. How this got by everything, I'm not sure. But it really bothers me!
Llyn
This post has been edited by llynara: 06 November 2009 - 12:38 PM
Back to top
on your desktop.
tab.
button.
button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
