Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Is Fubar


  • Please log in to reply
7 replies to this topic

#1 SuperRookie

SuperRookie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 07 September 2007 - 02:31 PM

Hi guys...as the name implies, I'm a noob :trumpet: I'm running Windows XP SP2... So, the problem 'seems' started with the Ult. Defender desktop hijack...which quickly led to a slew of random popups over a day or two...my Norton wasn't up to date...I booted in SAFE mode to search the Web for a fix but after trying to download Webroot Spysweeper my system would repeatedly hang, forcing me to reboot...then, like magic, my DSL modem stopped being recognized on subsequent boots. (I'll see if the SP can help with this, who knows?) When I tried to install Kaspersky with AV, I got an erroneous message that the "Administrator" set prefs to restrict access... :flowers:

So, I can't download a fix...and I can't install a fix... :thumbsup: There MUST be some way to make headway here...

Help...Me...gasp...Please

Edited by SuperRookie, 07 September 2007 - 02:42 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 07 September 2007 - 03:03 PM

Have you tried using System Restore or System Restore from a command prompt in "SAFE MODE" to return to a previous state before your problems began?

If that does not work and since you cannot use your Internet, you are going to need access to another computer (family member, friend, etc) with an Internet connection.

Please download the following programs and save to a USB stick or CD:
ATF Cleaner
SmitfraudFix by S!Ri
RogueRemover
HijackThis Installer. This is HijackThis 2.0.2 but it is an automatic setup version which will install HJT in the proper location if we need to use it. DO NOT fix anything with HijackThis unless advised.

Be sure to print out the Smitfraudfix Instructions so you can follow along when we get to that part of the fix.

Transfer all these programs directly to the Desktop of the infected computer <- (Important!)

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Double-click smitfraudfix.exe to start the tool.
  • Select option #2 - Clean by typing 2 and press Enter to delete infected files.
  • Wait for the tool to complete and disk cleanup to finish.
  • You will be prompted: "Registry cleaning - Do you want to clean the registry?" Answer Yes by typing Y and press Enter.
  • The tool will now check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.
  • Answer Yes to the question "Replace infected file?" by typing Y and press Enter.
  • A reboot may be needed to finish the cleaning process.
  • If your computer does not restart automatically, please do it yourself manually (restart normally).
  • A text file will appear onscreen with results from the cleaning process. It can also be found at the root of the system drive, C:\rapport.txt.
Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover.
  • During the installation an icon will automatically be created on your Desktop.
  • Double-click on the RogueRemover icon to launch the program and select Check for Updates.
  • If prompted, click Download to receive the latest updates.
  • When completed, close the update window.
  • Select "Scan" and the program will walk you through the remaining steps.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 SuperRookie

SuperRookie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 07 September 2007 - 03:30 PM

I'll get on it first thing in the am...just to make sure my mind's right. USB stick ...now there's an idea. I'll be in touch. (Should change my name to 'nooberiffic')

Thanks.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 07 September 2007 - 04:37 PM

Your welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 SuperRookie

SuperRookie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 20 September 2007 - 08:54 AM

Hey,

I actually didn't have the time to sit and work through all the fixes until a few days ago...but I'm happy to say that I'm just about back up and running.
Had more than a couple of things wrenching up the works...desktop hijack, DNS hijack, trojans...the usual suspects. Now that I'm back up (I can get online and such), I do have two odd things happening. A few seconds after Windows boots, I get a message about some missing .dll file (I'll write it down and post it) but if I quickly "x" it out, everything else seems to run normally...If I don't "x" it out but, instead click "okay" (or whatever's on the button) the desktop will freeze and I'll have to reboot.

The second weird thing that happens is when online. I keep getting the message "The content you are looking for is unavailable..." or something to that effect. I don't even have to click anything and it'll just pop up sporadically 3 or 4 times a session...I close it those 3 or 4 times and won't see it again until I start a new session.

Anyway, I'd say my 'puter's about 90 -95% where it should be...I'd like to get it back to 100% if that's at all possible. Those fixes were incredibly helpful. You can count on my $upport.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 20 September 2007 - 10:39 AM

From what you describe in regards to the error messages, the file(s) is probably an orphaned entry related to a program (or malware) that was set to run at startup. Windows is trying to load this file but cannot locate it since the file may have been removed during an anti-virus scan, the uninstall of a program or use of a specialized fix tool. However, an associated registry entry remains and is telling Windows to load the file when you boot up.

When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. If the file was removed but not the registry entry, Windows will display an error message indicating that the file was not found. You need to remove this registry entry so Windows stops searching for the program when it loads. To resolve this download and run Autoruns, search for the related entry and then delete it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 SuperRookie

SuperRookie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 20 September 2007 - 11:36 AM

That's why they pay you the big bux, quietman7. Thanks :thumbsup:

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 20 September 2007 - 12:06 PM

Don't forget to Set a New Restore Point when done to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users