Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Holy Issues Batman!


  • Please log in to reply
6 replies to this topic

#1 audiomaninc

audiomaninc

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 27 November 2007 - 11:34 AM

Alright, Here's the deal. My girlfriend's computer at home has become severly infected! I've tried going into safe mode to clear out the visitors, but to no avail. I've tried using system restore to go back to before she became infected. When I do this, I can't actually go back to an earlier date to restore, it looks as though all restore points have been deleted. I would love to reformat, but she doesn't have the Windows disk that came with her computer. It's a Dell Inspiron 1100 with XP Home installed. I'll be trying to visit http:housecall.antivirus.com/ and http:www.pandasoftware.com/activescan/ when I get home from work, but it seems that anytime Internet Explorer is opened, we'll get bombarded with popups. New programs are installed on the computer everytime it's started up, such as something called "Sportsbook" and what looks to be fake antivirus software. Will I be able to visit these sites named if I startup in safe mode with networking? Any other tips short of buying her a new computer??? Please help :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 doomgiver13

doomgiver13

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 27 November 2007 - 11:45 AM

you might talk to dell about getting a restore disk... just a thought.
If you truly live by the sword, it only stands to reason that someone has to die by it.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 AM

Posted 27 November 2007 - 03:19 PM

Hello and welcome to Bleeping Computer, Try doing these...

Please follow these instructions: How to remove the Smitfraud / Generic Zlob /
From Normal mode Next:
Download,install (save to desktop),update SUPERAntiSpyware..
Now reboot PC into Safe Mode. How to start Windows in Safe Mode
Scan by clicking on the Super icon on the desktop or Look up Superantispyware in the programs list.
Scan the root drive (usually C:\)
Quarantine all found.
Reboot back into normal Mode.
Let us know how it went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 audiomaninc

audiomaninc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 28 November 2007 - 09:55 AM

Thanks so much! I'll try that tonight when I get home and let you know how it goes! :thumbsup:

#5 audiomaninc

audiomaninc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 30 November 2007 - 05:44 PM

Alright, here's the next chapter in this tale of doom...I've installed/ran "Smitfraud Fix" in safe mode and normal mode, and installed/ran "SuperAntiSpyware" in safe mode and normal mode, both with the wireless card pulled from the port. When I run SmitFraud Fix, after it says "deleting files", it says "C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Scan DNS.vbs(102, 4)Microsoft VBScript runtime error: Invalid procedure call or argument". SmitFraud Fix does NOT attempt to reboot the machine after completing the scan/cleanup. It simply displays a notepad file containing a description of the work which was done. After running both of these apps. multiple times, I also ran VundoFix, which found even more intruders, and stated that the file "C:\WINDOWS\System32\mqwasqom.dll could not be deleted and would retry upon reboot. When I finally went back to normal mode after running VundoFix, the desktop background was blue, and all seemed well. I let the computer sit overnight to see if anything would pop up. When I woke up, the blue background was still there, and I was feeling pretty giddy I must say. Then I proceeded to insert the wireless card into the port and WHAM, I was blindsided with a cascade of popups! I didn't have the bogus antivirus popups from the system tray anymore, but I'm definitely not out of the water yet! I yanked the wireless card and restarted the machine in safe mode and left for work this morning with SAS running. I also unplugged the modem and will plug it back in, in the morning so I'll get a new IP address. Other than that, I'm STUMPED! Any new suggestions??? :thumbsup:

#6 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:05:44 AM

Posted 30 November 2007 - 05:55 PM

Please follow the steps below so we can make sure you're computer is cleaned:

Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Click 'Do a System Scan and Save log'. The HJT log will open in notepad. Don't try to fix anything yourself.

Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Also include a link to this topic. Please be patient as our HJT team members work on serveral forums.

Also you can read the Preparation Guide for use before posting a HijackThis Log

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#7 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:44 AM

Posted 30 November 2007 - 07:15 PM

You can get a free Windows install CD from Dell.
http://support.dell.com/support/topics/glo...&redirect=1

Here is a link for the drivers that you will need. ( CD will not have drivers)
http://support.dell.com/support/downloads/...;l=en&s=gen

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users