Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With _______?


  • This topic is locked This topic is locked
9 replies to this topic

#1 4ward_tristan

4ward_tristan

  • Members
  • 211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:beachmere qld aus
  • Local time:05:12 AM

Posted 10 January 2008 - 05:26 PM

hey guys, have been afk for a while, how have yous been? anyway..

have a pc here which is infected with something, have done some research online (that are similar cases), but those steps dont seem to resolve the issues i have here (unless im just really stupid, which i appologize in advance for :$).

symptoms: msconfig, regedit, hijack this all close after like ~1sec. homepage changes to a few things, is currently set to www.virushelpzone.com

renaming hijackthis etc. to something like crysis.bat doesnt help.. i cant post a hijackthis log (due to it auto-shutting :thumbsup:). might not be related, but pc is also just generally slow as a wet weekend.

what i have tried: scanned with avg, avgas, adware '07, housecall, poked around with autoruns - but quite frankly i need more exp. in that department..

i can run hijack this in safe mode, but one thing i have notice: there are 3 entries that are missing in safe mode (F3 entries maybe?? that are related to win.ini etc..), compared to normal-mode log, which i can see very breifly before it shuts down

EDIT: scanned with spybot - found "fakemsn8beta - taskkill.com and netstat.com" and a bunch of redirects, also scanned with cws shreddrer and found cws.svchost, and cws.smartsearch

specs: win xp home sp2, NIS 07? (slightly resembles vista, if that makes sense) and um yeah if you need any more info, please hassle me for it :D thanks guys...

tristan

Edited by 4ward_tristan, 10 January 2008 - 07:11 PM.

=)

BC AdBot (Login to Remove)

 


#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:12 PM

Posted 10 January 2008 - 07:20 PM

Hello,
Can you run anything in safe mode, Antivirus products especially?
Regards,

Alan.

#3 4ward_tristan

4ward_tristan
  • Topic Starter

  • Members
  • 211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:beachmere qld aus
  • Local time:05:12 AM

Posted 10 January 2008 - 07:25 PM

gday niggle :thumbsup: thanks for the reply...

yeah can run avg av, housecall etc...they come up clean >:flowers: !

sorry i also forgot to mention - first thing i did was hook the drive up as a slave to a ghosting machine and ran scans...still didnt produce any results though :S

and after removing the "fakemsn" thing and the cws items, still has the same symptoms.

tristan
=)

#4 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:12 PM

Posted 10 January 2008 - 07:40 PM

Thats interresting, if you can install this tool advanced windows care http://www.iobit.com/advancedwindowscareper.html it may be able to help the explorer problems, then we can look at the causes of these problems.
Regards,

Alan.

#5 4ward_tristan

4ward_tristan
  • Topic Starter

  • Members
  • 211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:beachmere qld aus
  • Local time:05:12 AM

Posted 10 January 2008 - 08:36 PM

ok i ran that windows care prog. - found quite a bit of misc things wrong, but still explroer issues...

tristan
=)

#6 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:12 PM

Posted 10 January 2008 - 08:37 PM

Do all the files/programs you open still terminate themselves?
Regards,

Alan.

#7 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:02:12 PM

Posted 10 January 2008 - 08:39 PM

Please follow the steps below so we can see what is infecting your computer:

Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Click 'Do a System Scan and Save log'. The HJT log will open in notepad. Don't try to fix anything yourself.

Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Also include a link to this topic. Please be patient as our HJT team members work on serveral forums.

Also you can read the Preparation Guide for use before posting a HijackThis Log

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#8 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:12 PM

Posted 10 January 2008 - 09:03 PM

Also, Do you have a windows CD? if so, you can use the windows file system checker. Start->Run->sfc /scannow
Regards,

Alan.

#9 4ward_tristan

4ward_tristan
  • Topic Starter

  • Members
  • 211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:beachmere qld aus
  • Local time:05:12 AM

Posted 10 January 2008 - 09:54 PM

ok topic created =)

yes i do have a windows cd, i will try sfc but my instincts tell me that this isnt a corruption issue...

thanks - tristan
=)

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:12 PM

Posted 11 January 2008 - 08:47 AM

Your hijackthis log is posted here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users