Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help - what do I do next


  • Please log in to reply
6 replies to this topic

#1 haveonelikethis

haveonelikethis

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 20 October 2008 - 03:58 PM

Hi there
sorry to prevail upon peoples good nature but in a way this is an appeal for help and a warning as well.

I am posting this from my trusty old desktop computer wire connected.

My wife got her laptop infected (its running on xp pack 3 wireless connected) and its been a b****r to get clean. She received a message from facebook ostensibly from someone she knew with an attachment and despite my always saying dont - she clicked on it. Thereafter she has been infected with zlob and her browser has been hijacked by windiwsfsearch.com plus zillions of phoney pop ups saying she needed to buy the special software to delete these infections.

I downloaded bought and ran Stopzilla and it said it had quarantined the viruses - but still pop ups so I then downloaded bought and ran spywaredoctor and it said it had quarantined the same viruses but still no complete fix. Thereafter I discovered various posts here and downloaded and ran malwarebytes anti-malware.

The result after a quick scan was the quarantine and delete of loads of stuff.

After I rebooted I now find that we cannot access the internet either through IE or Mozilla - we get a message saying that "Internet Explorer cannot display the webpage - most likely cause you are not connected to the internet, blah blah - she uses google.com as a home page. The funny thing is if I type in https://www.microsoft.com I get a connection but if I try to link to any page thereafter that is not https I get the same message.

I have run a full scan and can submit the log if required. It found 5 more and they were deleted and then the laptop was rebooted. Still the same problem. When I type in an address I briefly see a flash message at the bottom of the screen which includes http://www.windiwsfsearch.com ... etc - this says to me that it is still there. Blast it.

So please can someone put me out of my misery and tell me what to do next.

thanks
Colin

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 20 October 2008 - 04:03 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 haveonelikethis

haveonelikethis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 20 October 2008 - 04:07 PM

Hi there
Thanks for your quick reply - I have done this already and ran the program twice - once as quick scan and once as full scan.

Since then I have the problem of no internet conection.

regards
Colin

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 20 October 2008 - 04:15 PM

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 haveonelikethis

haveonelikethis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 22 October 2008 - 07:38 AM

Hi there Budapest.
Many thanks for your help so far. I have done what you say but it still does not connect and I still get the quick flash on the bottom of the screen saying www.windiwsfsearch.com ..... when I enter another website to connect to apart from the default one.

The laptop is on a wireless connection if this makes anything different.
One interesting thing - whilst I was repairing the connection which referenced getting dns a box popped up from spyware doctor saying that it had been updated and was now up to date - this implies there is a connection to the internet - so how does ie not connect. When I try to connect via mozilla I get a proxy server error - it says that proxy server is refusing a connection - is this relevant.

Sorry to bombard you and if you can help I will send you a box of donuts if you are in the UK.
regards
Colin

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 22 October 2008 - 04:15 PM

Download HostsXpert - Hosts File Manager
  • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to start the program.
  • When the program opens, click the "Restore MS Hosts File" button in the left pane.
  • Click "Make Hosts Writable?" (if available).
  • Click "Restore Microsoft's Hosts file" when prompted and then click "OK".
  • Exit Hoster when done.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 haveonelikethis

haveonelikethis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 23 October 2008 - 06:38 AM

Hi there Budapest.
Sorry but I could not download that program as I had no internet conection.

However I seem to have fixed it by going into the IE properties and telling it to get the DNS - also fixed the mozilla by removing proxy server. Seems as if that B**** of a virus / hijacker had altered the settings.

So far the laptop seems to me working OK.

Many thanks for your help.
regards
Colin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users