Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Too Many Problems To List Here!


  • This topic is locked This topic is locked
9 replies to this topic

#1 justo316

justo316

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 31 July 2008 - 12:46 PM

This sounds like a tough one....It's a client computer I picked up today to fix. Normally I'd reformat to save time, but I actually wouldn't mind seeing if it can be fixed.

Symptoms:
- Can't install some cleaning tools (spybot, malwarebytes anti-malware). Open item results in nothing happening.
- Can't update cleaning tools (trend micro, avg, adaware, super antispyware).
- Can get to some websites eg. google, and can search for stuff. But if you click on a security related result, you get sent to pcprivacycleaner website. Other sites end up with a "Internet explorer cannot display the webpage" page.
- Can't run Kaspersky online.
- Desktop wallpaper is blue with "Warning! Your pc is infected with spyware!" or something like that.
- Desktop and Screensaver tabs are missing in Display Properties.
- When screensaver activates, you get a fake blue screen error and reboot animation. You have to press Esc to get back to what you were doing.
- Notepad doesn't work unless in safe mode. In normal mode, DEP activates and closes it down.

Things I've tried so far:
- Scanned with AVG, Trend, adaware, super antispyware, even though I can't update them.
- Run CCleaner.
- Tried running a portable version of Spybot, but nothing happens.
- Reset IE7
- Checked network settings
- disabled firewalls
- Currently running portable Avast (overnight).
- Out of curiosity, checked that Combofix won't run but Vundofix will (didn't let it do anything though)
- DSS won't let me save logs in normal mode cos notepad doesn't work. It probably will in safe mode, but it says to not do it unless someone tells me to.
- Disabled/deleted anything obvious in startup items using msconfig and Hijackthis (log to be attached).
- Checked all the same symptoms in safe mode.

Help requested please! :thumbsup:

Attached Files



BC AdBot (Login to Remove)

 


#2 justo316

justo316
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 31 July 2008 - 01:04 PM

** small update **
Portable Avast camp with no infections.

I found the bluescreen/reboot loop screensaver in windows/system32 and deleted it in safe mode. Not sure if it will come back, but I rebooted and it hasn't shown up in system32. Unfortnately, I don't know exactly what will happen in 30min time when the screensaver needs to kick in.

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 31 July 2008 - 03:10 PM

Hello justo316,

Welcome to Bleeping Computer :thumbsup:

Can you please post a log made in normal mode? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 justo316

justo316
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 31 July 2008 - 07:32 PM

Can you please post a log made in normal mode? :thumbsup:


Sure can.

Sorry, my bad....I thought it didn't work in normal mode cos notepad crashes. Didn't realise it still created the hijack log file.

Attached Files



#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 03 August 2008 - 05:25 PM

Hello,

Thank you. :thumbsup: Thing is, I don't see anything malware related there. It isn't a tell all though, and we'll look some more. But first : you should know that you're actually doing more harm than good by running 2 Anti Virus programs. (TrendMicro and AVG) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable or uninstall the other one, and use it as an on demand only scan occasionally.

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 justo316

justo316
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 03 August 2008 - 09:47 PM

Hi, thanks for the response.

The computer only runs Trend normally. I know you shouldn't have more than 1 active at any time. I installed AVG because I just wanted to use it to run a manual scan. But I can't update it so I've just left it for the time being.

As I mentioned in my original post, I CANNOT install some programs. Malwarebytes Anti malware is one of them unfortunately.

Also, I CANNOT update any of the programs that do install even though, technically, my internet conenction is working.

#7 justo316

justo316
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 04 August 2008 - 01:25 AM

Nevermind.

I've managed to fix it to a point where I can continue cleaning it myself.

Scanned the hard drive from another computer using Kaspersky which picked up 2 things of interest.

Rootkit.Win32.Clbd.ey in file c:\Windows\system32\clbdll.dll
Adware.Win32.SuperJuan.bwj in file c:\Windows\system32\hytpyy.dll

Deleted those 2 files, and now the PC can install Malwarebytes AntiMalware and Spybot. Also, AVG, spybot, AntiMalware all updated correctly. Internet browsing to all pages seems to have been restored. Notepad doesn't crash anymore.

Ran a smitfraud fix to restore the desktop background and give me back the display options missing tabs.

Looks like it's on its way to being cleaned now!

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 04 August 2008 - 02:24 AM

Hello,

If you don't want my help further, please let me know. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 justo316

justo316
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 04 August 2008 - 04:40 AM

no that's alright. I can manage from here thanks

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 16 August 2008 - 12:10 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users