Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bizarre Spyware Problem -- Please Help!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Drinky_McDumass

Drinky_McDumass

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 08 February 2008 - 07:43 PM

I contracted a bizarre spyware problem.

These are the symptoms:
1. Can't open any virus program (but can open spyware programs -- ran them many times, never find anything significant). Program attempts to open then closes.

2. Can't open HijackThis.exe. Attempts to open and then closes. Same for Microsoft's Process Explorer.

3. IE (both versions 6 and 7) close whenever you search for "Hijackthis" or "Process Explorer". (in fact just clicking on a thread in this forum with Hijackthis in the title closed down IE)

4. IE redirects to random websites during use (your more standard spyware symptom).

It seems to be related to the MalwareCrush program that loads itself onto your computer and then gives bogus info about viruses, etc. Well, I found this on my computer and have removed it via instructions from various forums. I have scoured the hard drive and registry looking for processes that shouldn't be, but can't find anything. And I can't use any programs like HijackThis to help.

Don't know what to do next. Please help!

BC AdBot (Login to Remove)

 


#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:11:08 AM

Posted 08 February 2008 - 08:13 PM

Try running an online scan.
TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.
Its almost a game of picking an AV program that the virus doesn't block! Try Downloading Avast! Antivirus, Clamwin or SUPERAntispyare among the programs that aren't often targeted by malware(, if it will let you near them).

I guess using firefox wouldn't get past it if its already stopping process explorer and HJT.

Anyway, Hope that Helps! :thumbsup:

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:08 PM

Posted 08 February 2008 - 08:44 PM

Hello and welcome to Bleeping Computer
Have you tried the instructions in our Tutorial
How To Remove Malwarecrush (removal Instructions)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Drinky_McDumass

Drinky_McDumass
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 09 February 2008 - 12:30 AM

Thanks guys for the ideas. I've already run HouseCall a number of times (nice that it will let me) and it only finds normal little things...tracking cookies, etc. Other online scans line PandaOnline cause IE to shut down. I've actually been able to remove MalwareCrush via removal instructions, but that hasn't fixed the larger issue of my disabled spyware fighting software -- I only mention it because it was the only major/obvious symptom. I expect things like that on the web and have removed more than my fair share.

Also I've downloaded a copy of Symantec's virus program and this spyware won't let me install it.

I'll look into programs like Avast! and Clamwin, never used those, but so far, AdAware and Spybot (not to mention Trend Micro HouseCall) have yielded nothing. I did also try FireFox and Safari as browsers, both to the same effect -- are easily redirected during searches and will shut down whenever a mention of a process program like HijackThis comes up.

I've been on this problem for a few weeks, run a number different scans and searches but can't identify the basic problem. What's causing HijackThis and IE (and these types of programs) to shut down? Am I wrong to think that there is some hidden process that could be shut down manually?

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,094 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:08 PM

Posted 09 February 2008 - 12:57 AM

If you wish to create an HJT log for the HJT forum, try renaming HiJackThis.exe to, perhaps, Rabbitears.exe or some other name.

If that still doesn't work try changing the extension to .bat

See if either of those work. If they don't, I've another trick up my sleeve to produce an HJT log.

It is undoubtedly malware on the system that is causing the problem with your security programs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:08 PM

Posted 09 February 2008 - 02:30 AM

Drinky_McDumass,
I have moved your HijackThis log to the Misplaced HJT Logs forum.
Please follow all directions that I've posted, as a reply to your log.
By following these instruction, it will ensure, that your HJT log is taken care of, in the most timely manner.
Your log can be found at this link:
Drinky_McDumass's HJT log

Since you have posted a HJT log, I'm going to close this topic.
From this point on, the HijackThis Team are the only members you should take advice from, until your log has been declared clean.
If you have any questions, don't hesitate to send me a PM.

Edited by tg1911, 09 February 2008 - 02:31 AM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users