Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Help Zone.


  • Please log in to reply
19 replies to this topic

#1 wavemaker

wavemaker

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:07:16 PM

Posted 23 July 2007 - 07:47 PM

Gooday all from the land down under. Dont know how we got this,(virus help zone), but we have it anyway. Wont let me run AVG, wont let me download hijack this, it's a mongrel. Any tips most gratefully recieved. Running XP Home SP2.AMD Sempron, 2600+. 1.6ghz, 192mb ram. Regards James.

Edited by wavemaker, 23 July 2007 - 08:01 PM.

When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:16 AM

Posted 23 July 2007 - 11:17 PM

It appears to be a home page hijacker, start with the Preparation Guide for Posting a Hijack this log.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:02:16 AM

Posted 23 July 2007 - 11:36 PM

wont let me download hijack this


You may have to rename the Hijackthis.exe file to be able to download it.
Maybe something like NoReturn.exe
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#4 vengadavan

vengadavan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 24 July 2007 - 02:14 AM

Did you try to download HiJackthis in safe mode with networking
try that and post the log

#5 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:07:16 PM

Posted 24 July 2007 - 04:08 PM

Gooday and thanks. I will do as suggested above when I get home from work today.
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#6 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:07:16 PM

Posted 26 July 2007 - 10:16 PM

Gooday again and thanks. I have followed the prep guide to the "download hijackthis" stage. I get it downloaded but it wont run. Meaning when I click on the desktop icon it appears and then just disappears again. I tried to do this in safe mode but the computer wont go into safe mode. Ok, so how do I rename hijackthis to get it downloaded and running. I have deleted hijack from the computer and am ready to start again. Once again, thanks to all.
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#7 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:07:16 PM

Posted 26 July 2007 - 10:39 PM

Any reason this is still back on page 3. I thought it would move up?
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:16 AM

Posted 26 July 2007 - 10:40 PM

Under step # 9, r click on the link, and save to your desktop. if ie, it is "save target as" if ff, it is "save link as" you should get the box calling it HJTinstall change the name to merijninstall then click save . its on page one here.

Edited by oldf@rt, 26 July 2007 - 10:41 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:07:16 PM

Posted 27 July 2007 - 04:20 AM

Thanks old f@rt, at 54 i'm not that far behind you. Got a big golf game tomorrow, so wont get to this till Sunday at best. Let you know how I go. Regards, James.
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#10 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:07:16 PM

Posted 28 July 2007 - 09:48 PM

I have tried renaming HJT to no avail. Still cant start the damn thing in safe mode. Going to give it another shot.
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#11 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:16 AM

Posted 29 July 2007 - 01:03 AM

If it does not work, download from this link, and save in my documents. right click, click open, not extract, right click on the file, click copy.

use windows explorer, navigate to the main documents and settings folder, open that folder, in an open area of the folder, right click, click paste.

in the same folder, find hijack this, right click on the file, click rename, call it "lastchance"

let us know if this works.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#12 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:07:16 PM

Posted 29 July 2007 - 04:26 AM

Old f@rt, i think i have followed your instructions and no joy. Its late sunday, I will try again tomorrow. Thanks so much for your persistence. Regards, James.
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#13 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:02:16 AM

Posted 29 July 2007 - 11:20 AM

Try this;
Download HijackThis onto a Thumb Drive, using another computer.
Then plug the Thumb Drive into your HD and install the program.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#14 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:07:16 PM

Posted 30 July 2007 - 04:23 PM

TMack, thanks for that. I tried that first up but doesn't work. I have hijack on the machine and it will even run but disappears before I can save the log to post it.
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#15 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:16 AM

Posted 30 July 2007 - 04:45 PM

Do you want to try a scan with Dr Web? this might clear up enough of the nasties to run hijack this. If you do, try this:

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
If you cant start safe mode to run the scan, try it in regular mode, or you can even run it from a flash drive.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users