Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Follow Prep Guide Due To Infection. What Can I Do?


  • Please log in to reply
6 replies to this topic

#1 ryechud

ryechud

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 25 August 2008 - 08:57 AM

Hi there,

Recently I visited a website and i seem to have some sort of infection. It is almost exactly the same symptoms as described in another post on this site: http://www.bleepingcomputer.com/forums/t/160166/wallpaper-replaced-by-warning-spyware-detected-on-your-computer/

"Blue Wallpaper with yellow/blue box stating "Warning! spyware detected on your computer Install an antivirus or spyware remover to clean your computer"
Fake Blue Screens of Death with lots of text describing system errors etc.
Fake random windows startup screens appearing to restart computer
Website redirects to other sites

Also Task manager is'nt working it says "Task manager has been disabled by your Administrator" when I press Ctrl + Alt + Delete.
And in the Display Properties the only Tags visible are "Themes" "Apperance" and "Settings"
"


In my case the redirection is always to localhost (127.0.0.1)
Due to the redirection problem I am unable to complete the preparation guide.
I have downloaded Spybot and Ad-Aware2008 (The most recent definition files too) and transferred them to the infected PC.
I have run ad-aware and unfortunately I get so far and it closes with an unhandled exception. It can not send the crash report either because of the redirection. I have tried running ad-aware 3 times now with the same result.

I thought I would try running Spybot first and see if that would fix the problem and then try ad-aware again.
I cannot install spybot though... during the install it tries to connect to the update server? and obviously fails as it cannot connect due to the redirection.

My PC is running Windows XP with SP2 although I have not carried out any updates on it for a while....

Please help, I would like to know how to proceed. Should I just try to install and run HJT and post the results in the correct forum?

BC AdBot (Login to Remove)

 


#2 stupidhomer

stupidhomer

  • Banned
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 25 August 2008 - 10:47 AM

Well, you can try SmitFraudFix, that often cures those symptoms, get it from http://siri.geekstogo.com/ , the tool was made to remove infections like that.

Heres a direct download link too: http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Try to run it in safe mode for the best chance of success,
Say Y to cleaning the registry and let it do all the cleaning, soon the infection will be gone

Edited by stupidhomer, 25 August 2008 - 10:52 AM.


#3 ryechud

ryechud
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 25 August 2008 - 11:23 AM

Hi Thanks for that,

I figured out I could install spybot without updating. It was one of the ptions in the instal. Doh!
I downloaded smit though and will run it.
Hopefully it will solve my redirection prob and I won't have to keep transferring thiongs between pc.s

thanks again ;)

#4 stupidhomer

stupidhomer

  • Banned
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 25 August 2008 - 01:53 PM

I figured out I could install spybot without updating. It was one of the ptions in the instal. Doh!


No it isn't really, spybot can not do anything unless you update, spybot can only help you with its tools but not the actual scanner or immunizer, if you try either of them it will give you an error because it has no definition file from an update

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 AM

Posted 25 August 2008 - 02:33 PM

Due to the redirection problem I am unable to complete the preparation guide.

If you cannot complete a step, then skip it and continue with the next.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 ryechud

ryechud
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 25 August 2008 - 07:41 PM

I figured out I could install spybot without updating. It was one of the ptions in the instal. Doh!


No it isn't really, spybot can not do anything unless you update, spybot can only help you with its tools but not the actual scanner or immunizer, if you try either of them it will give you an error because it has no definition file from an update


Hi, yes I know that but I had downloaded the most recent definition file seperately. I just installed that after spybot was installed ;)

Good news is I ran spybot cleared probs then ran MBAM cleared probs and it seems to all be working fine now.

Going to perform an update and run stinger.
I will probably post a HJT log later just so the experts can confirm nothing remains.

Thanks for the help :D

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 AM

Posted 27 August 2008 - 12:39 PM

I don't see a log posted yet in the HJT forum.

Until you do, if there are no more signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users