BleepingComputer.com: Laptop Infected, Have Run Scans But It's Not Helping...

A few days ago my laptop all of a sudden started to be very slow and there was a warning that looked like a red circle with aline through it that would change to a green wheelchair symbol next to where the clock is on my desktop. It would pop up a warning saying "Your computer is infected" and it also directed me to a site for an spyware removal program. Also, when ever I start my computer and log into Windows XP a window pops up from Windows installer saying "getting reading to install" but it doesn't say what it is trying to install, and it will do this every so often even after I close it. And finally, even when I am not online there will be pop-ups for casino and adult websites. I ran Norton 2006, Ewido, and Ad-aware (all with the updated definitions) and they all came up with a few issues and was able to delete them but this didn't help my problem.

I also found another post by someone who had the same problem on this site and I followed the instructions from this post <http://www.bleepingcomputer.com/forums/topic47826.html> and it did not help either. The roguescanfix was able to force some spyware out but that was it.

Please help

What is this website/ad it directs you to? I'm out of time but I'll be back to help you later and I'm sure some other helpers will arrive. Please answer my question so we can further help you.

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

Before posting a log, there is one more thing we can try.

Go here and follow the instructions for using SmitfraudFix.
After using the tool reboot again in "SAFE MODE" and

Clean out your Temporary Internet files as follows:

• Quit Internet Explorer and quit any instances of Windows Explorer.
  
• Click Start, click Control Panel, and then double-click Internet Options.
  
• On the General tab, click Delete Files under Temporary Internet Files.
  
• In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  
• On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  
• Click OK.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Then perform a scan with Ewido and reboot back to normal mode.

If that does not resolve the problem, then follow tg1911's instructions for posting a log.

I installed hijackthis and did a scan, but when I saved the log to my desktop and opened it it was blank.

Thank you quietman7, I did that and the infection warning is gone, but the other problems are still there.

OK now lets see if we can get a log. Did you follow these instructions?

1. Run HijackThis by double-clicking the hijackthis.exe inside its own permanent folder (C:\HJT); not from the desktop or a temp folder.
2. Choose "Do a system scan and save a logfile" and HijackThis will analyze your system.
3. When the scan is finished, a text file name hijackthis.log will open. Save the log to your HJT folder or to the desktop so you can easily find it.
4. Use Ctrl-A to "Select All", Ctrl-C to copy it, and Ctrl-V to paste the log into your post in the HijackThis forum.
5. Post the log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information.

This post has been edited by quietman7: 08 May 2006 - 05:57 PM

Thanks, I don't know why it was not working before. It just would not save properly b/c it was coming up blank. But I tried running hijackthis in safe mode and saving it and it works

OK. Now post your log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

Follow the instructions for creating a new topic and make sure you mention that the log was created in safe mode and why.

here is the top of hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:50:45 PM, on 5/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

First the speed of my computer was slow and these there was a Spyware warning that poped up saying "your computer is infected" and it directed me to a website for a spyware removal program (I can't remember which one), then there were pop ups when I wasn't even online for online casino and adult websites, and the Windows Intaller keeps popping up trying to intall something, it won't say what. I have done several scans to try and figure this out on my own, for everything I always updated the definitions first. I have run Norton 2006, Ewido, Ad-aware and AVG. I also downloded and ran smitRem.exe , Roguescanfix, and smitfraudfix.cmd - these were able to get rid of the infection warnings and as far as I can see, the pop-ups but the performance of my computer is very slow and the Windows Intaller keeps popping up. And now Norton keeps alerting me to a virus, it says that it is deleting it, but then it pops up again saying that the same virus was found and deleted again.

As I said before, the name of the anti-malware program it is advertising could be the key to the problem. If the advertisment is Winfixer we need to know that NOW so that we can give you the proper and comprehensive Winfixer treatment and then continue with general malware removal.

ees86

I'm not sure why you posted the top of the hijackthis log here along with your narrative. I just checked the HJT forum and do not see a new topic for you. You may have misunderstood me so lets try this again.

You need to click on this link: http://www.bleepingcomputer.com/forums/forum22.html
Then click new topic.
Give your topic a relevant name.
Start with a narrative of what steps you have done, what problems your still having.
Mention that your log was created in safe mode and why.
Then post the complete log.