Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware In My Pc


  • This topic is locked This topic is locked
4 replies to this topic

#1 ukbobboy

ukbobboy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 AM

Posted 08 August 2007 - 02:12 PM

Hi Guys and Dolls of this forum

This is my first posting but I am by no means a PC novice, I have some technical experience, having worked on upgrading and repairing PCs for four years and I like reading user guides before installing any new hardware and/or software on my PC. I am also a stickler for privacy and security and as such have a battery of protective apps running on my computer.

Saying all that, I still have this strange problem that I cannot fix or get a sensible answer for:

Last year, around about July/August, one of my sons (I have two) downloaded what looked like a jpg file onto my desktop; I was at work at the time. This jpg seemed to be inactive so I traced it to where it was on my hard disk, it turned out to be an exe file, and deleted it, and I deleted the icon from my desktop and emptied my wastebasket (I use XP Home SP2).

I then tried to run my Norton AV, to my horror I found it had been disabled. I then went onto the internet and found an online AV scanner; it found two or three things and zapped them. I then ran my AVG Anti-Spyware, it found something then crashed; I restarted my PC and ran my AVG Anti-Spyware again, this time it found nothing.

I then spent the rest of the night trying to get my Norton AV working by deleting and reinstalling, upgrading to the next version, etc., everything I tried failed.

The next day, which was Saturday and the day I do my online grocery shopping, I found that my IE V6.0 would not log onto any secure site, it worked fine for non-secure sites but as soon as I tried a secure site, I got an error "This page cannot be displayed".

At this stage, even for me, panic set in because I could not shop or AV protect my PC. However, luckily for me I had a copy of Opera (an alternative browser) which was unaffected by this malware so I used Opera to do my shopping and still today use it as my main browser.

After doing my shopping I wrote to Symantec explaining this problem, I eventually got a very unsatisfactory answer, which was of no help. Not only that, Symantec seem to think that my Norton AV and IE6.0 problems are unrelated, so I wrote back to them and have not received any further replies.

OK, since then I have used Spybot, Adaware, AVG Anti-Spyware, AVG AV, Prevx (all updated with the latest definitions, etc.) but they have all come up blank, but my Norton AV still does not work and my IE6.0 still will not log onto any secure sites. Not only that I since found out that I cannot download MS updates or Norton tools without IE6.0, MS and Symantec will not work with any other browser other than IE6.0.

I believe that whatever malware my son downloaded has been deleted but the damage it has done is still there, please note that every other software and protective app I have still works so I am sure that this malware targets Norton AV and crippled IE6.0 so that the damage could not be repaired.

Now my question is this, other than a complete delete and reformatting of my hard drive, is it possible that there is a utility or tool that can find the damage done by this malware and put it right. Bearing in mind that only Norton AV does not work (all other Norton products, i.e. NSW and NPF still work perfectly) and IE6.0 has been compromised, I think that a registry setting (or settings) have been altered, is there anyway to check and correct this.




UK Bob

PS. It is now too late to go back to past starting point, as I said before I panicked and forgot that this option was available.

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:35 AM

Posted 08 August 2007 - 02:29 PM

The symptoms that you describe point to some malware still being on your computer, My suggestion would be to post a hijack this log, so one of the experts can see what is actually going on.
  • A new version of HijackThis has now been released, so before you post your log please download and install the new version
  • download the installer for Hijack this, and save it to your desktop.
  • Double click on the HJTinstall to run the installer.
  • Agree to the install.
  • Agree to the license agreement.
  • Hijack this will then open.
  • Click on the do a system scan and save a logfile.
  • notepad will open with your log.
  • Please post the contents of the Hijack This Log here.
  • Post in this thread if you haven't received an answer in five days.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 ukbobboy

ukbobboy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 AM

Posted 08 August 2007 - 05:28 PM

OF

Thanks for your advice and the links, I've got my HJT log and I am just about to post it. However, to my untrained eye I did not see anything that screams malware perhaps the experts will see something that I missed.


UK Bob

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:35 AM

Posted 08 August 2007 - 07:21 PM

Exactly, they have tools that should not be used with out instructions.

Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:35 AM

Posted 09 August 2007 - 06:53 AM

Your log is posted here.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users