Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I Have The Same Hijacked System Problems As Neo147 - Need Help W/ Combofix Logs...please!

  • This topic is locked This topic is locked
6 replies to this topic

#1 stiahhh


  • Members
  • 15 posts
  • Local time:12:00 AM

Posted 07 July 2008 - 11:42 AM

So it seems that I have the same infection as the user Neo147 had. I have a blue background screen that reads, ''Warning Spyware detected on your computer! Install antivirus or spyware remover to clean computer'' and some of my Windows options are now changed and cannot be set back. Everything "bad" happens again when I reboot. Neo147's topic can be seen here:


It looks like I need to run Combofix and get some help analyzing the logs and what not...
I can post anymore information that helps out.
Please reply as soon as possible, I really appreciate it!

- Stiahhh -

BC AdBot (Login to Remove)


#2 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:00 AM

Posted 07 July 2008 - 12:20 PM

I have moved this topic to the Am I infected forum.

DO NOT RUN A ComboFix program until requested to do so by one of the HJT Techs.

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please explain the nature of your problem here.
Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 stiahhh

  • Topic Starter

  • Members
  • 15 posts
  • Local time:12:00 AM

Posted 07 July 2008 - 12:28 PM

Ok, thanks for replying/moving it.

My problem occured when a website dloaded some program called Antivirus XP 2008 and installed itself. Now, just like poster Neo147, I get this:

Now I've never had this before but straightaway there are some suspicious things going

1) Desktop background changed (and cannot change back to previous)
2) a program called ''Antivirus XP'' is installed
3) PC shows the blue "death screen" when i reboot

I tried to uninstall and delete any traces I could find of the program itself, but things go back to "bad" if i reboot...so it seems to hidden itself somewhere. i found Neo147's topic because it was so similar to my own problem. I downloaded ATF cleaner and ran that, but it didn't fix the problem. I ran all the regular scanning stuff first as well (AVG and AdAware) but that didn't fix it either. I read a bit about combofix, but wanted help from one of you before i did anything first.

What's next?

#4 stiahhh

  • Topic Starter

  • Members
  • 15 posts
  • Local time:12:00 AM

Posted 07 July 2008 - 09:49 PM

Here's some more details on what's been happening on my PC:

- randomly, and at boot up, i get the blue "death" screen. it refers to "panic_stack_switch" and other various things I have no clue about.
- at start up, i get a windows error message that reads "can not find script file '.tt25.tmp.vbs'"
- a new program has downloaded and installed itself..."Malware 2008". it seems to be some sort of trojan virus related to the other "antivirus xp 2008" program that originally started this whole mess.

none of these things have ever happened to this system before yesterday.

Please help...I have no idea what to do next. As stated before, this seems to be almost identical to the infection that user Neo147 had ( http://www.bleepingcomputer.com/forums/t/155025/warning-spyware-detected-on-your-computer/ )


- stiahhh

Edited by stiahhh, 07 July 2008 - 09:50 PM.

#5 fireman4it


    Bleepin' Fireman

  • Malware Response Team
  • 13,512 posts
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:00 PM

Posted 07 July 2008 - 10:00 PM

take a look at this topic here: http://www.bleepingcomputer.com/forums/t/111715/how-to-remove-xpantivirus-removal-instructions/
this might give u some insight.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.



If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif

#6 stiahhh

  • Topic Starter

  • Members
  • 15 posts
  • Local time:12:00 AM

Posted 08 July 2008 - 07:54 AM

Thanks for the link Fireman. Unfortunately that procedure didn't get rid of the problem.
Maybe because that guide was written last October, there might be a newer (and more malicious) version on my system. I have no idea really!
I'm now following the "Preparation Guide For Use Before Posting A Hijackthis Log", so we'll see.
I really need some advice on this one from an expert.

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,110 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:00 PM

Posted 08 July 2008 - 05:45 PM

Hello stiahhh

I see that you now have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/156582/infected-by-antivirus-xpmalware-xp-2008-trojans-keep-getting-found/ Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users