Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I never thought malware would beat me


  • This topic is locked This topic is locked
3 replies to this topic

#1 snadata

snadata

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 27 October 2008 - 08:50 AM

I somehow got infected with XP Antivirus 2009, and before I realized what I was doing, I clicked the little balloon in the system tray. I suspect that at that point XP Antivirus 2009 downloaded a whole host of other viruses.

Using the steps below, I managed to eliminate most visible traces of infection. The only persistent symptoms are:
1) google searches are redirected (in both IE and Firefox) to go.google.com ad sites
2) most websites (including bleeping computer) are blocked.
3) during the scan-and-fix process, the integrity of my system's logon screen got corrupted. Now, about half the time, the computer simply hangs while I type my logon password (XP Professional SP3).

Steps taken to resolve:
1) When I thought it was all XP Antivirus 2009, I followed manual deletion steps I found online, cleaning out all critical system folders of all files with specific names, and all files created or last modified at the same time as those files.
2) When that didn't work, I used a second computer to download malwarebytes, sdfix, spyhunter, norton360, hijackthis, smitfraudfix, and other anti-spyware programs. I transferred them through hard disk to the infected computer and systematically tried every possible scan for several days. The only thing which helped was running SDFix in Safe Mode. That temporarily resolves the problem. But it keeps coming back.
3) I tried killing various services, mucking with registry settings, and combining that with various bits of software from step 2.
4) I tried running different variations of software AFTER running SDFix. I found the software could at least download its definition updates once SDFix had run.
5) I followed all the pre-posting directions on your website. Again, the only thing that really provides any temporary relief is SDFix.

I've attached several log files:
1) sd_fix_report.txt - This is the most recent run of SDFix, finished just a few minutes ago, which is how I can connect to your site.
2) hijackthis_right_after_sdfix.log - as the name implies
3) hijackthis_redirecting.log - a HijackThis log I took yesterday, with symptoms present.
4) hijackthis_not_redirecting.log - a HijackThis log I took yesterday, after an SDFix run, without symptoms present.
5) rapport.txt - For good measure, I've attached a SmitFraudFix report that I ran at some point during this process, after most infections had been removed.

I appreciate any and all help.

Thank you,
Saul

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:44 PM

Posted 12 November 2008 - 09:22 AM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 snadata

snadata
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 12 November 2008 - 11:07 AM

Hi, Sam.

I *think* I've solved the problem. In the end, ComboFix was the most useful tool. Afterward, however, I had to manually deleting all the files in system directories created in the last month. I also (weirdly) had to switch over my logon screen from the bright friendly version to Windows Classic, which eliminated the hanging logon issue.

Since running ComboFix, I now run SpyBoy S&D AVG Free, and Windows Defender. AVG picked up one attempted virus re-installation, not sure from where, which worried me slightly, but the system has otherwise run cleanly.

I should say, I have avoided restarting it like the plague. I restarted only once in all that time, with a Windows security fix. Generally, the problem has reoccurred on restart, but this time it didn't. But I'm not taking any chances.

But thank you so much.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:44 PM

Posted 12 November 2008 - 12:33 PM

Glad you got it sorted out.
But I do want to strongly advise against running Combofix on your own. It's a powerful program and can cause serious problems if not used correctly. I recommend that you uninstall it immediately.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users