Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Housecall Scanner Getting Terminated By Something.


  • Please log in to reply
23 replies to this topic

#1 goatman2

goatman2

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 06:26 AM

Hello,

I wonder if someone here can help!

My PC is an e machines 330 running XP home edition + SP2. I have Norton System works, which did a full system scan Sunday and found nothing. Windows Defender also found nothing (quick scan).
Yesterday I realised I had a problem. Been getting "A pop-up was blocked" messages and bleeps lately.
I ran highjack this and produced a log, then got directed to this site.
I followed the instructions on this site to attempt to clean the pc before posting a hijack this log.
Adaware found a lot of malware, which I deleted.
Spybot found 27 threats including Smitfraud-C and Antivirusoverride. I opted to remove these using spybot.
Next, I tried to run housecall, but had to install Java first. During Java installation, I was told by spybot of various changes to registry keys. Unfortunately I opted to accept a few changes (alegedly logged by spybot). Subsequently I denied all further changes.
Housecall fails to run, it seems to be terminated. Same for the other two suggested AV products.

If I post the Hijackthis log that I produced originally, would it be helpful, or should I try to produce a new hijackthis log?

I hope someone is able to advise, thanks as my PC is getting worse. Cheers,

Steve

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 21 November 2007 - 06:33 AM

See the following Bleeping Computer removal guide:

How to remove the Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid

After running that re-scan with SpyBot.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 goatman2

goatman2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 07:02 AM

Hi thanks, will have a look. I just found on here a Smitfraud removal tool, but with advice not to use it without supervision by a qualified malware removal person. I will follow your link now and have a read. Thanks

#4 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:20 AM

Posted 21 November 2007 - 07:27 AM

Quote Papakid:
" Just for everyone's information, Smitfraud.C is Spybot S&D's name for a type of Vundo/Conhook infection. I wish they would call it something else because it is confusing. Smitfraud is a generic description of any application/trojan that hijacks the desktop to give fake warnings that you are infected or have errors and need to download their program to fix it, only telling you later you have to pay for the fix. Vundo is associated with the rogue app Winfixer, among others, but it is a completely different infection from what is more commonly known as Smitfraud and SmitfraudFix is not designed to fix it."

Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 goatman2

goatman2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 08:15 AM

Thanks for the reply.

I have, however run the Smitfraud fix.

My wallpaper has disappeared now from the desk top.
After the fix, Spybot told me of more changes to the registry and I was not sure whether to allow them or deny them. I denied them.
My home page has been changed to MSN.

I will try your suggestion now,
Thanks,
Steve

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 21 November 2007 - 08:18 AM

I understand that it is common for Smitfraudfix to reset the wallpaper. You should be able to change it back in the Display Properties.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 goatman2

goatman2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 08:54 AM

Thanks,

I have installed the superantispyware product, but it will not run in safe mode. Some sort of refusal to install, even though it is installed. Is there any point in running it in normal mode?

Cheers

#8 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:20 AM

Posted 21 November 2007 - 09:01 AM

It has to be installed in normal mode. Then run in safe mode. If you can't get it to run in safe mode then try it in normal mode.

Double-click SUPERAntiSypware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program.
--------------------------------------------------------------------------------

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Click Close to exit the program and reboot normally.

Edited by buddy215, 21 November 2007 - 09:02 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 goatman2

goatman2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 09:09 AM

Ok it is running in normal mode.

so far it has found 87 tracking cookies an Adware.Zango Toolbar/HB (5 occurrences)

Cheers

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:20 AM

Posted 21 November 2007 - 10:44 AM

Download Firefox and then perform this online Virus scan:
Trend Micro Housecall Scan for Firefox <- Does not use ActiveX
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 goatman2

goatman2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 12:32 PM

Hello, thanks guys for all the replies!
I have finished running the SUPERAntiSpyware product and quarantined the bad stuff, incl the Zango thing. Not worried so much about my wallpaper, but I cant use my broadband now. Getting "Network did not assign a network address to the computer" message.

Does anyone know how to find out what the IP address is and re-ecucate the computer?

I am currently re-running Spybot and so far there are no nasties.

Cheers.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 21 November 2007 - 12:38 PM

Try running WinSockFix to repair your internet connection.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 goatman2

goatman2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 01:37 PM

Hi,

Tried running Winsockfix and get error message "Winsock.exe is not a valid Win32 application"

Cheers

#14 goatman2

goatman2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 04:43 PM

Hi everyone. Running on dial up at the mo!

I have run Spybot again and it found DoubleClick (one entry). Will try to remove it using Spybot. Any suggestions as to how to get back my broadband?

Cheers,

Steve.

#15 goatman2

goatman2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 21 November 2007 - 05:30 PM

Hi,

Still running on dial up.

Thought I would try the Housecall online scanner again. All a bit slow with dial up.
Housecall started to scan OK, but went dead with several loud beeps. I haven't tried the Firefox yet. Any more views?

Any ideas as to how to get my broadband working?

Thanks,

Steve




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users