Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVirus2009's Help button


  • Please log in to reply
1 reply to this topic

#1 jay99

jay99

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 23 December 2008 - 06:10 PM

Hallo folks

I would really appreciate help with the following, as I'm trying to help a friend whose machine has been infected with AntiVirus2009.

It shows the usual symptoms of browser hijacking (both IE and Firefox). He clicked on the Help button on the AntiVirus window, and since then he's been unable to do anything in either of the two user accounts which have been set up.

After rebooting normally, if he clicks on either account the PC just does nothing, and he has to power off to reboot (it doesn't have a reset button on the front panel unfortunately).

The only way to login now is through Safe Mode. Both MSIE and Firefox are still hijacked, he can browse to some sites normally but anything connected to anti virus such as Mcafee and Symantec gets redirected. I've tried downloading the HOSTS file from the MVP site but this has no effect.

I'd appreciate help with these questions:

1) Would clicking on the Antivirus2009 Help button have made things worse? He's really concerned that, although the machine was behaving in an annoying fashion before clicking on Help, now it seems unusable in anything other than Safe Mode since he clicked it. Coincidence or worse?

2) What is the mechanism used to redirect some website requests? On one of the sites I found some instructions which mentioned a BHO called winsrc.dll, but this file isn't listed in Explorer's list. In any case, how would it also affect Firefox?

3) I've tried running the Malwarebytes prog in safe mode, but it simply won't run. Even renaming it doesn't work.

Any ideas gratefully received!

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 25 December 2008 - 08:54 AM

Hi,

1. Yes, that could be. But we'll try to help you out. :thumbsup:
2. This can be done by malware by using several ways. Mostly the DNS is hijacked or something like that.
3. Please follow the instructions below these answers. I would ask you to do nothing unless I ask you to do, because I can't get a clear view else.


Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

You may wish to print out these instructions or copy them to a notepad document since you will be unable to access the Internet while in Safe Mode to read from this site.

Please then reboot your computer in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users