Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/Virus. All AntiVirus/AntiSpyware Programs Blocked.


  • Please log in to reply
14 replies to this topic

#1 Duis

Duis

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 02 December 2008 - 08:17 PM

I've recently been infected with spyware and or viruses.

Here are some things that have been stealth installed onto my computer.
- Mirar
- Webhancer
- Antispyware 2009
- More.

Symptoms include:
- Computer slowing to a crawl
- Web Searches being monitored and redirected
- Constant Pop-ups
- Frequent crashes

All Anti-Spyware/Virus are blocked.

I've tried
- Ad-aware [Freezes]
- Spybot S&D [Won't open]
- Norton 360 [Scan Blocked]
- Malwarebytes [Won't open]
- Hijackthis [Won't open]

I've tried running Dr-Web Cureit based on another thread here that sounded similar to my issue. Did not open.
When doing google or web searches, my links/results are redirected to other sites etc. Sites like Symantec and Bleeping computers would be directed to an error page or other sites.

Safe Mode does not allow me to run anything as well with the same symptoms. The only way to run with the lag is to kill explorer.exe when I first login then re-run it.
System restore is ineffective because all restore points were deleted.

I've tried hooking up the harddrive to another computer to solve the issue. The other computer is prevented from opening any anti-virus/spyware programs, and browsers blocked when my harddrive is connected. It does not however, get infected.

Sorry for the wall of text, any help would be greatly appreciated! ^_^

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 02 December 2008 - 08:23 PM

Here's another scan you can try:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Duis

Duis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 December 2008 - 12:06 AM

I've just tried SDFix as instructed. I downloaded the program via laptop and transferred through a memory stick. I'm stuck on step 4 of [Link]. As I've mentioned above, the program won't open. It's only running in the background as I see it in the processes.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 03 December 2008 - 12:15 AM

Did you try the fixes given at the start of the post?

Common problems/messages and how to fix them:

Error Message:

The command prompt has been disabled by your administrator.
Press any key to continue . . .


How to fix:

Click on the Start menu, then Run, and then copy and paste the following line into the Run field:

%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg

Press OK then run SDFix again


Problem:

If the Command Prompt window flashes on then off again on XP or Windows 2000


How to fix:

Click on the Start menu, then Run, and then copy and paste the following line into the Run field:

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

Then click OK, then type Y and press Enter when prompted, Reboot and start SDFix again



Problem:

If SDFix still doesn't run check the %comspec% variable


How to fix:

Click on the Start button then right-click on My Computer and select properties. Then click on the Advanced tab and then click on the Environment Variables. Under System Variables, make sure that the ComSpec variable points to %SystemRoot%\system32\cmd.exe


The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Duis

Duis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 December 2008 - 12:18 AM

Yes, my comspec is set accordingly.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 03 December 2008 - 12:20 AM

Did you try this command?

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Duis

Duis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 December 2008 - 12:26 AM

My apologies. I did not receive a command window at all so I have not tried that. I'll give it a shot now.

#8 Duis

Duis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 December 2008 - 12:32 AM

Sorry no luck.
Error message:
The system cannot find the path specified.

#9 Duis

Duis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 December 2008 - 12:35 AM

I've managed to get HJT to work, would you like a log?

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 03 December 2008 - 12:35 AM

Try running DrWebCureIt again, but rename the file to something else, such as abcde.bat, before running it.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 Duis

Duis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 December 2008 - 12:55 AM

I've ran into another problem T_T..
While trying to rename the file as you've instructed, I realized that file extensions were for some reason turned off. My 'folder options' is also no longer in the tools tabs.

I went to User Accounts to see if this is due to my account losing admin powers. It is still an admin account, but I found something else.. There's a third account on my computer.

1. My Admin Account
2. The Guest Account [Deactivated]
3. ASP.NET Machine A...

The third account does not show up when I'm in the login screen.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 03 December 2008 - 12:58 AM

I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Go straight to Step 9. Be sure to include a link to this thread so they can see what has already been tried.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 Duis

Duis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 December 2008 - 01:00 AM

Thank you very much, I'll continue as instructed. ^_^

#14 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:02:10 PM

Posted 03 December 2008 - 01:32 AM

Go straight to Step 9. Be sure to include a link to this thread so they can see what has already been tried.


:thumbsup:

Just to note, it not Step 9 anymore. It's now Step 6 for the RSIT/HJT log prep.

Edited by scff249, 03 December 2008 - 01:32 AM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 03 December 2008 - 01:41 AM

Thanks for the head's up.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users