Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apparently infected... Hoping for some assistance.


  • Please log in to reply
5 replies to this topic

#1 jbmia

jbmia

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 27 December 2008 - 01:04 AM

Gentlemen,

I'm experiencing several issues that are confounding me and I'm hoping some of you knowledgeable folks can assist me...

1. Search engine redirects (Yahoo & Google)... when I process a search and click on one of the search result links, the search engine is opening a new tab and sending me to an unrelated site... seems to be mostly advertising. I've verified the same yahoo and google searchs on a known clean machine and I'm not experiencing these redirects on the clean machine.

2. Key site and site links in a google search come up page not found... appears to relate to known security sites (e.g., Eset.com, Malwarebytes.org, etc...) Some sort of Malware appears to be preventing me from accessing these sites. Links verified as okay on a clean machine.

3. When I attempt to run existing installed spyware removal tools, the programs will not start: When certain security program is selected (e.g., Malwarebytes) from the programs menu, the hourglass appears and after a few seconds the hourglass just reverts back to the hand or arrow icon and nothing else happens. The selected program does not start.

4. When anti-virus / spyware removal programs do start, they will not function as the malware appears to be preventing their integrated "LiveUpdate" process from accessing the internet. Many antivirus tools (e.g., Norton Antivirus) , on installation, want to do an update of virus signatures at installation... The malware (or whatever it is) appears to prevent internet access to the update function and the program cannot complete it's anti-virus function from that point on.. the programs generally terminate with an error related to internet connection... Yet I can go out to Google immediately and browse other pages at will... No ports are being blocked at the router level or anything like that... Another, clean machine, has free access to the web...

5. Symptoms appear in XP safe mode as well... running windows xp pro.

I know all of this sounds really comprehensive and I certainly wouldn't believe it if I hadn't experienced it, but all of the above symptoms are accurate. I've already downloaded hijackthis and combofix to a usb drive and I'm ready to go with those tools when/if necessary. Have many years pc experience and some technical understanding.. + used hijackthis in the past, so no need for the abc's if you're so inclined...

Again.. appreciate any assistance!!

JB

Edited by Orange Blossom, 27 December 2008 - 01:07 AM.
Move from HiJack This forum to Am I Infected as there are no logs. ~ OB


BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2008 - 02:08 AM

You have major DLL errors. Usually errors in the OS occur when a hardware issue exists with the computer, such as a bad hard disk drive, causing the data on the drive to become corrupt, casing the .dll errors.

Solution #1: Windows Live Safety Center OneCare Safety Scanner: http://safety.live.com and click on Tune Up. Then when the page loads, click Tune Up Scan. It will check your version of Windows. If you are running Vista, then you will have to run their BETA of Vista which they will redirect you to the version needed to scan. After you get to the next page which should be a license (EULA) for the scanner, after you have followed any prompts that may have came up. Read the agreement then click the Accept button. After that, it will ask you to install the scanner. Follow all ActiveX prompts and click Install/Run, as this Microsoft Software is safe. After that, allow the scanner to run. This may or may not fix the problem. The reason why I have recommended this choice is because due to Microsoft being the creator of Windows DLLs, they have better authority to find errors and solving serious issues with DLLs.

Solution #2: You might have a remote hacker. The first step to do is to disable remote assistance. Here is the tutorial: Disable Remote Access in Windows XP
Then, you will have to change your Windows password. This can be done simply by going to the Control Panel, and clicking User Accounts. You will see your account name, so click on it. Then click "Change your password."

Solution #3: You may have a rogue software application which works as both malware and hacking in to Windows files and hurting DLLs. To remove this type of item you will need to use MalwareBytes' Anti-Malware. Download Malwarebytes' Anti-Malware to your desktop.
MalwareBytes' Anti-Malware Full CNET Download
* Go to your desktop and 2X-click mbam-setup.exe and install the program.
* At the end, checkmark the latter:

o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware

* Then click Finish.
* As soon as it loads, select quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. The rogue application should now be gone.

Solution #4: You might be good after that. If you are still having DLL errors, then I recommend GlaryUtilities Registry repair. It will automatically detect them when you run the Registry repair. CNET Download

Edited by Jay-P VIP, 27 December 2008 - 02:12 AM.


#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop

Posted 27 December 2008 - 07:38 AM

Solution #4: You might be good after that. If you are still having DLL errors, then I recommend GlaryUtilities Registry repair. It will automatically detect them when you run the Registry repair. CNET Download



It's been standard policy to not reccomend registry tools

http://www.bleepingcomputer.com/forums/t/182397/am-i-infected-what-do-i-do-how-do-i-get-help-who-is-helping-me/

and actually spelled out in the new rule for helping in this forum
Chewy

No. Try not. Do... or do not. There is no try.

#4 jbmia

jbmia
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 27 December 2008 - 09:30 AM

Thanks for the replies...

Update: After additional research, "it appears" that I've been infected with some variant of the virtumonde trojan.. I say " it appears" because the symptoms match those recanted by other folks with similar issues.... Certainly not conclusive, but in absence of a professional conclusion...

For others with similar issues, check here: http://www.bleepingcomputer.com/malware-re...undo-virtumonde

According to instructions, when the malicious code prevents you from running a spyware program (e.g., malwarebytes...), you should find the executable and rename it and then reattempt to run it directly from there by double clicking on it... In my case, for mbam, I had to rename, copy it to another folder, then copy it back into it's normal folder for it to run...

Once there I did a comprehensive scan (3 hours +) and it found 9 TrojanDss objects (registry, files, ...) + rootkit... I reran mbam several times and it now appears clear... Also, before running mbam, I disable network access to isolate the machine (not sure if that helped or not).

I am now going to follow additional follow up scans with other tools like Norton 360 now that I should be able to get a LiveUpdate.. Also, Spybot S&D and so on... and then get into prevention mode according to instructions provided on this site.

Though I didn't get specific solution here.. I appreciate the replies and replies to other posts that assisted me in solving this issue.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:50 PM

Posted 27 December 2008 - 09:49 AM

Showing some initiative is essential for self-help, especially if you want to clean a computer of a nasty infection is a timely manner

There's never enough trained or competent help to go around

I would not reccomend spybot except for it's immunization, and leave teatimer disabled whatever you do

http://www.bleepingcomputer.com/forums/ind...p;#entry1050976

Please run ATFCleaner and SAS as specified in this link
Chewy

No. Try not. Do... or do not. There is no try.

#6 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2008 - 09:39 PM

Oh okay. Thank you for correcting me. I will read over it immediately.

Edited by Jay-P VIP, 27 December 2008 - 09:39 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users