Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hubby's Computer Is Messed Up


  • This topic is locked This topic is locked
8 replies to this topic

#1 EdithBunker

EdithBunker

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Location:Atlanta, GA
  • Local time:03:21 PM

Posted 13 August 2007 - 10:04 PM

My Hubby has been job searching (lost his job 3 weeks ago :thumbsup: ) So, to add insult to injury, I guess one of these job hunting sites, --or something--has gotten ahold of his computer. The windows screen (I don't know if you call it the wallpaper, or screensaver, or what-- it's the screen that comes up when you turn the 'puter on); anyway, it has been hijacked--these is now this bright red background with a biohazard-type sign on it, warning his computer is infected. His homepage on the web is also hijacked--to "Ultimate Cleaner"

He's getting pop ups saying they are windows system alerts saying he should download the recommended antispyware program to get rid of it. (There are several, I have copied them down word for word if ya need 'em) One says a Trojan.32Looksky is on my computer, and says to "click yes to remove it, yadayadayada". clicking to close the window, brings up a webpage, privacy.securepccleaner.com(with a bunch of backslashes, letters and numbers--again, I have it word for word if you need it) These pop-ups won't go away, and he has three new desktop icons that he doesn't remember installing. ("Error Cleaner", "Privacy Protector", and Spyware & Protection C)

He ran a program he previously had on the computer (before these new things), PCTools Spyware Doctor, and it said it found 2 "elevated risk" things, "Ultimate Cleaner", then 28 high risk, Trojan downloader. videocach and 6 AdwareAgent.Bin. He quarantined them. He ran his AV scanner (Avast)--it found nothing. I ran both again--the longer scans, and they found nothing. I also ran his CCleaner--and disconnected it from the internet.

He doesn't have Spybot or Adware or HiJack this--and I'm afraid to go back on the internet with his computer right now--he does all our family's banking in this computer. What if they've gotten ahold of his banking info?


haaaaallllpppp!

Moderator Edit: Moved topic to the more appropriate forum. ~ Animal

Edited by Animal, 13 August 2007 - 10:22 PM.


BC AdBot (Login to Remove)

 


#2 TheGrayNobleman

TheGrayNobleman

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internets
  • Local time:12:21 PM

Posted 13 August 2007 - 10:50 PM

I am not an admin or computer guru but I would like to help with the little computer information I know.
I would recommend downloading the FREE AVG anti-virus, anti-spyware, and anti-rootkit software. http://free.grisoft.com/doc/5390/us/frt/0

Also getting the free zonealarm firewall. http://www.zonealarm.com/store/content/com...reeDownload.jsp
(Unless you dont want to go out and buy Norton or Zonealarm)

Gr3y


Mod Edit: Edited to remove unnecessary quote. ~tg

Edited by tg1911, 14 August 2007 - 12:07 AM.


#3 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:12:21 PM

Posted 14 August 2007 - 12:18 AM

Hi EdithBunker,

You've been very vigilant in getting rid of the nasties on Hubby's computer!

Even though the scans are coming up clean, there could still be viruses left behind.
Just to be sure, please post a HijackThis Log in the in the Hijack and Analysis Forum by following the directions in this link; Preparation Guide for use before posting a HijackThis Log .

Please do not post the log in this forum.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#4 EdithBunker

EdithBunker
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Location:Atlanta, GA
  • Local time:03:21 PM

Posted 14 August 2007 - 12:49 AM

We have the Avast AV, and the Windows firewall--and a Linksys router the laptop (my hubby's computer) is behind.
So I think we wouldn't need the AVG or the Zone Alarm--correct me if I'm wrong, though! And thanks for your advice, Gray Nobleman.

TMacK, I haven't downloaded HiJack this on my hubby's computer, because I wasn't sure i should go back on the web with the computer. With as many pop ups trying to open up the webpage to this "security site" I'm afraid it's trying to "phone home" with info from his computer. And if it's info that could affect our finances, we'd be in deep doo-doo. (He's only had this computer a couple months and I hadn't gotten in there to dl the Adawre and Spybot and HiJackThis stuff) Those pop ups were still happening even after I disbled the internet connnection, then we were just getting "page not found" and the little window asking if we wanted to work offline or try reconnecting.

His computer doesn't have a floppy drive, or I'd download the HiJackThis with a floppy, and get the log that way, we also don't have a "pen drive". So should I log online long enough to get HiJackThis, or would that be taking too many chances? I'll go get one of the pen drives tomorrow, if that's better, then download HiJackThis-- and all the others onto that to scan his computer, if that would be safer. I'll check in tomorrow morning before I head out--Thanks so much!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:21 PM

Posted 14 August 2007 - 04:40 AM

You could also download HijackThis to a CD and transfer it that way.

While your at it, there are two other programs you can download and use for this infection.

If your using Win XP or 2000, please download "Smitfraudfix". Print out and follow the instructions provided in How to remove Ultimate Cleaner.

Then download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover.
  • During the installation an icon will automatically be created on your Desktop.
  • Double-click on the RogueRemover icon to launch the program and select Check for Updates.
  • If prompted, click Download to receive the latest updates.
  • When completed, close the update window.
  • Select "Scan" and the program will walk you through the remaining steps.
If your still having problems then, use HijackThis and post your log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

The HJT Team should be the only members that you take advice from, until they have verified your log as clean.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 EdithBunker

EdithBunker
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Location:Atlanta, GA
  • Local time:03:21 PM

Posted 14 August 2007 - 10:50 AM

Thank you, quietman7, for the instructions--they were very clear-especially the instructions for the HiJackThis new topic--thanks! I will make the transfer via cd or pen drive today. I'm not sure if you are saying that I should download the Rogue remover to the cd/pen transfer, or download that after doing the instructions in "How to remover Ultimate Cleaner"

I also am wondering about the safety of going online with that computer I'd have to to log in here and post the HiJackThis log, I'm thinking. (I just read the instructions on the "remove Ultimate Cleaner" before I post this) It looks like it might be okay to go online just to get this stuff, then do the cleanups in safe mode. I still will get the programs here on my own computer, because his is a pain-in-the-rear to use because every time we opned IE, getting the control of the address line was --um, "fun" to say the least! :thumbsup: And he has a tiny-screen laptop! LOL!

I'll be doing all this this evening because I have to run all sorts of errands today and won't be back til the evening. I appreciate all of your help.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:21 PM

Posted 15 August 2007 - 08:15 AM

I'm not sure if you are saying that I should download
the Rogue remover to the cd/pen transfer, or download that after doing the
instructions in "How to remover Ultimate Cleaner"

Download and transfer everything at the same time to the infected machine.

You may not need to post a hijackthis log after following the instructions I previously provided.

However, if your still having problems and need to post a log, and your concerned about going on line, do this...create and save a log on the infected machine, transfer it to your USB drive, and then to your other computer. From there you can go online and submit your log as instructed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 EdithBunker

EdithBunker
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Location:Atlanta, GA
  • Local time:03:21 PM

Posted 16 August 2007 - 08:49 PM

Thank you, quietman7, I followed all the steps you gave and thought I got it, all the desktop icons are gone and all the scans have come up clean---I even looked at the HiJackThis log for the entries listed in "How to Remove Ultimate Cleaner", and if I read correctly, they weren't there. (I didn't change anything) Everything looked good, but the background was all white--I finally found a faint top area that had an "x" and got rid of that, but the home page is still Ultimate Cleaner. Going to tools, internet options, changing the homepage back, it won't "take". It won't change back!

Soo, off to HiJackThis forum I go. . .

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:21 PM

Posted 17 August 2007 - 07:15 AM

Your log is posted here and you are receiving help from miekiemoes.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users