Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, Can't Log On To Any Tech Sites


  • Please log in to reply
8 replies to this topic

#1 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:01 PM

Posted 26 May 2008 - 04:16 PM

The computer I am working on is a computer I have dis-infected before with the help from the HJT team. The computer is back and I am having trouble getting a HJT log scanned and saved to word pad. The scanner runs and windows shuts down wordpad before it saves the log. I also can not connect to any tech sites, I can't log onto BC, Techspot (to get DSS) etc. The computer had a program called Utorrent that I uninstalled. The computer is rittled with nasties and I need help again to find them and to possibly find the source of them. IE explorer pops up about every 3 min with new adds. I have run Adaware, spybot, windows defender all of them found problems. However more problems persist. The owner is getting frustrated this is the third time I have had to clean the PC.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:01 PM

Posted 27 May 2008 - 05:48 AM

Sneaky let me play devil's advocate

I have run Adaware, spybot, windows defender


3 of the weaker programs available, have you turned off teatimer?

The owner is getting frustrated this is the third time I have had to clean the PC.


Do you suspect it's a reinfection or just one that won't be killed?

I would do a clean install if you suspect the latter?

why not take sub's disinfector, immunize a usb drive and download SAS, MBAM, their manual definition updates, ATF cleaner, SDFix and DSS and transfer to the infected computer?

I would start with

ATF then SAS from safe mode

Edited by DaChew, 27 May 2008 - 05:55 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 Sneakycyber

Sneakycyber

    Network Engineer

  • Topic Starter

  • BC Advisor
  • 6,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:01 PM

Posted 27 May 2008 - 02:46 PM

The computer keeps getting new infections the computer was cleaned with the HJT team. She has no removable drives. I believe the problem lies with her son looking for gaming cheats and her husband looking at adult website. The combination is killing the computer. She asked if there was a way to block them. Is there without having to constantly allow new websites that she wants access too? Will give what you suggested a try, although I need some links and clarification as I am not that great with Malware. What is sub disinfector, I will try a google search on them and let you know if I can't find them. Thanks for the help :thumbsup: .

Edit: What programs do you suggest I install to prevent this from re-occuring? She even said she would by anything that I recommended. With the above mentioned sites I am not sure what will actually protect her other than blocking the sites.

Edit 2: Yes I turned off Tea timer, I learned that from the last time it prevents programs from editing the registry.

Edit 3: I found them all I will run them tonight.

Edited by Sneakycyber, 27 May 2008 - 03:03 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:01 PM

Posted 27 May 2008 - 03:51 PM

make sure you run sub's flash disinfector on your computer and a usb drive, rerun it later on her's

http://www.superantispyware.com/definitions.html

you have to copy these 2 files over into the installed program folder

Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware folder


the tricky part

Edited by DaChew, 27 May 2008 - 03:53 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 27 May 2008 - 04:31 PM

suggest; create your OWN log in account and restrict it to YOU; get them to get their OWN computers; their misuse and abuse of yours shows a total disrespect for you and your computer ; let them infect their own .............

#6 Sneakycyber

Sneakycyber

    Network Engineer

  • Topic Starter

  • BC Advisor
  • 6,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:01 PM

Posted 27 May 2008 - 04:56 PM

The computer I am working on is not mine at all its a friend of a friend of a friend of the family. She has recommended a few paying customers so anything I can do to help her is no problem at all. I downloaded the Updates to my usb drive and manually copied them over to her computer, as the auto updates would not work. Some other notes some of the programs wouldn't install in safe mode I had to install them in regular mode then run them in safe mode. I tried DSS but windows still closes the note pad. ATF cleaner worked with out a problem, Sdfix ran with out a problem and SAS is running now. MBAM won't install at all as of yet. I am thinking the recovery partition for the computer may be infected and it may be re-infecting the computer. Its a gateway computer, during the last HJT log we disabled system restore and re enabled it deleting all existing restore points and creating a new one. I looked for that first when I got the computer it disappeared. I will be contacting the owner and pleading with her to get the restore disks since I don't have XP home edition.

Edit: I ran SUBS disinfector before copying files to my USB drive and every time I transfer files back and forth.

Edit 2: Mbam installed after running SAS

Edited by Sneakycyber, 27 May 2008 - 05:10 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#7 Sneakycyber

Sneakycyber

    Network Engineer

  • Topic Starter

  • BC Advisor
  • 6,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:01 PM

Posted 28 May 2008 - 05:03 PM

All seems well Thanks for the help DaChew :thumbsup: . Any Idea's on how I can protect the computer from further attacks?

Edited: double post

Edited by Sneakycyber, 28 May 2008 - 05:03 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:01 PM

Posted 28 May 2008 - 05:15 PM

Any Idea's on how I can protect the computer from further attacks?


the most obvious and foolproof is password protect her login, turn off fast user switching and create the bad boys a limited user login

install avira for free av and winpatrol for monitoring changes(leave teatimer off)
Chewy

No. Try not. Do... or do not. There is no try.

#9 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 28 May 2008 - 05:21 PM

A line of defence is to install suerpantispyware and activate the hijack homepage warning

if the homepage is changed for ANY reason , on reboot an alert will appear on the screan ; I find it useful



and do NOT allow anyone else access to the computer; OWN secure log in with username and password :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users