Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, Black Door Trojan, Browser Hijack, Adware, Mirar, Virtumonde


  • Please log in to reply
18 replies to this topic

#16 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 PM

Posted 11 November 2007 - 02:49 PM

You didn't answer my question as to how you entered safe mode to begin with.

While in safe mode go to Start > Run and type: msconfig
press Enter.
Click on the Boot.ini Tab and look to see if the /Safeboot option is checked. If so, uncheck it, click Ok and try rebooting again.

If that does not help, reboot into Safe Mode again and select "Last Known Good Configuration" or System Restore from a command prompt in Safe Mode to return to a previous state. We may have to start over with the malware removal but this time I will direct you on how to post a hijackthis log so we can see whats going on with your system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#17 lmfletcher

lmfletcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 11 November 2007 - 05:16 PM

I'm sorry I didn't answer your question earlier. I did not know how to access Safe Mode any other way than the way it is posted in the instructions (tapping the F8 key to bring up the screen and select Safe Mode). I did not know what you meant by forcing it through msconfig and since I knew I did not do that, I downloaded the information you gave me on Safe Boot Key Repair and followed those instructions.

I typed in the instructions you gave me to access msconfig and found the Bootkey.ini Tab, sure enough Safeboot was checked. I unchecked it and my system booted back to Normal Mode. Then a System Configuration Utility message box came up and let me know that I changed the way Windows starts. It said it is currently in Diagnostics or Selective Startup Mode and if I want to change it to Normal Mode I need to make that change on the General Tab. I clicked on OK and it took me to another screen, I went ahead and changed it to Normal Mode and the system rebooted. When my computer came back up it went into Safe Mode again after rebooting. I checked the msconfig when in Safe Mode and saw General Tab was set to Normal and the safeboot in the Bootkey.ini Tab was checked again. When I unchecked it and went back to the General Tab it showed up as Selective Startup Mode. I unchecked the Safeboot and rebooted the computer to Normal Mode. When the System Configuration Utility box came up I cancelled out of it.

All of these days and steps are starting to merge together and I'm not sure what we have accomplished. From what I can tell I have done the following:
11-7 (early am)
Concerned I could have a computer virus - inundated with pop-up windows, ballons announcing viruses detected, etc.
Unplugged from internet (I would plug back in every now and then to get updates while trying to figure this out)
Started to clean up and delete all temporary folders and files
Worked on protecting my important data and files
Went to Best Buy and Bought External Hard Drive, Spy Sweeper and Trend Micro Antivirus 2008
Backed up My Documents, Identities (for Outlook Express hotmail account), and Favorites folder, along with MS Money and Tax Documents

Found help through bleepingcomputer.com
Printed out Spyware Removal Download
Ran Ad-Aware - Detected 111 items
Re-ran Ad-Aware - Detected 4 items this pass
Re-ran Ad-Aware - Clean
Ran Spybot S&D - Detected 33 entries - attempted to Fix Selected Problems and it eventually froze up.
Re-ran Spybot S&D - Detected 25 entries - unable to get the Fix feature to work.
Ran Super AntiSpysweeper - Did not run at all on my computer
Called Best Buy and talked to them
Ran Spy Sweeper - Detected 23 items

11-10 (early am)
Made my first Post to bleepingcomputer
Downloaded SmitFraud and documentation on How to remove - printed out and read
Ran SmitFraud in Safe Mode - cleaned up unnecessary files on computer
Downloaded RogueRemover
Ran RogueRemover - it did not find anything
Downloaded SuperAntiSpyware
Ran Super AntiSpyware in Safe Mode - Detected 36 items - Quarantined and Deleted items
Downloaded Vundofix, VirtumundoBegone and documentation on How to remove - printed out and read
Ran Vundofix - Detected 1 file under windows/system/blcytfqdg.dll - Removed - still had problems
Ran VirtumundoBegone - Detected and cleaned several items - did not send over log
Downloaded updates for Super AntiSpyware
Ran Super AntiSpysweeper in Safe Mode - Detected Trojan.WinFixer - Quarantined and Deleted items
Computer only running in Safe Mode - unable to run in Normal Mode

11-11
Ran SafeBootKeyRepair - unable to restore computer to Normal Mode
Checked msconfig - temporarily restored to Normal Mode
I think I have a pretty good idea of what we have done so far. I needed to get it straight in my mind and go through all the pages I've printed out. I'm was getting a little buried in all of it.

Virus Issues
From what I can tell, I think we have solved my Trojan virus, and perhaps a few other viruses.

Operating Mode
I think we have temporarily fixed the Safe Mode/Normal Mode issue. I'm sure there is something else that needs to be done for this and I will wait until instructed further.

Internet Issues
I still have the never ending Internet Explorer Pop-Ups, also the bogus red and green shield icons on my desktop.

System Issues
I am unable to access System Restore and can not find Search in Windows Explorer. I'm not sure what other system issues I might have.

So now that I am in a temporary Normal Mode, where do I go from here?

Thank you for helping me quietman7. I will be home the rest of tonight and all day tomorrow. I am dedicated to getting these issues resolved. Will you be continuing to help me on this? Do you work during the week? Thank you again for helping me and let me know what your schedule is if you are not able to keep in touch with me.

#18 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 PM

Posted 12 November 2007 - 07:51 AM

Sorry for not getting back sooner lmfletcherbut I have been feeling under the weather the past two days. Guess I got some bug in my system. Just trying to get through my email this morning and answer those I have been helping.

I certainly understand the frustation. However, there are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job.

The message "You have used the System Configuration Utility..." is easily prevented. When you alter something in MSCONFIG.EXE, you are prompted at the next start up with a System Configuration Utility window that explains that You have used the System Configuration Utility. Check the "Don't show this message or launch the System Configuration Utility when Windows starts" box to prevent future warnings.

Anyway, I wanted to get you back into normal mode so we could get a deeper look as to what's causing your problems by creating and posting a hijackthis log. Doing that will help to identify any malware files that may be lurking on your system so they can be removed.

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. However, with the problems your having skip them and go directly to step #9 where there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#19 lmfletcher

lmfletcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 12 November 2007 - 02:28 PM

Quiteman7

I have posted my HijackThis log under the HijackThis Logs and Malware Removal Forum. I created a new post called 'Malware, Browser Hijacked, Adware, Going on day 6, please help me get rid of this.'

Thank you for all of your help so far. :thumbsup: Hopefully we will get to the bottom of this soon.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users