Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected and can't install HJT or MWB's


  • Please log in to reply
8 replies to this topic

#1 kjmarket

kjmarket

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 02 March 2009 - 04:58 PM

Let me start from the beginning, as I'm not sure what information is pertinent to helping me. The other day when booting up my other computer, running Windows XP Home SP3, I noticed that all features of my AVG antivirus were active but not functional, my scan buttons were gone and so was the scan option from the menu. Upon attempting to reinstall my AVG, the PC just went haywire the second it was uninstalled. I've read many other posts by people that seem to have the same virus, but I cannot install anything like HijackThis or MalwareBytes to get rid of it. I can download the file, but it does nothing when I try to run, yet, on this computer, it works fine.

Some of the symptoms are a fake icon in the taskbar saying that I am infected and to run cleaner tool, my wallpaper is changed to a black background with a centered image saying I am infected, named ahtn.htm? Things like my registry and task manager, amongst other things, are disabled, though I can get into these using RRT(Restriction Removal Tool) Every minute or so it pops up the my documents folder, and I can't even search the internet for help, as all links in search engines are altered. Only by typing the site URL directly am I able to get there, and even that doesnt work most of the time. I was able to download a copy of HJT and MBAM onto the other PC, but when I try to run, nothing happens. I've tried redownloading a hundred times but it didn't work. I tried downloading MWB from a different link, and even though this time the setup ran and seemed to install, it only created a blank program files directory. Now, by using RRT, I can tell that something is closing it almost instantly. As far as the other copy creating a blank directory, I just have no clue. I really have no idea what to do and have been doing everything I can think of to fix this. I have performed multiple full system virus and adware scans using NoAdware and AVG, but it doesnt remove the problem. It seems to help, but within a short time everything it previously removed is back.

I'm really hoping someone can give me some advice as to something I can do to get these things installed so I can get rid of this. All help and advice is greatly appreciated!

Edited by kjmarket, 02 March 2009 - 05:05 PM.


BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:18 AM

Posted 02 March 2009 - 06:01 PM

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 kjmarket

kjmarket
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 02 March 2009 - 06:34 PM

I can't download that on the other PC. Like most websites, it says cannot find server for every last link I can find to download it, including here at bleepingcomputer. Its even worse now. I can't get to hardly any websites now. I can't even get to this thread to post on the other pc.

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:18 AM

Posted 02 March 2009 - 06:43 PM

Can you download it on another computer and transfer it via flash drive?

Do you have your original OS cd?

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 kjmarket

kjmarket
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 02 March 2009 - 06:50 PM

After lots of trying I found a site that wasnt cancelled out and was able to download sdfix. However, just like with HJT and MBAM, it was closed almost instantly. Same if I transferred it from this PC. And no, I dont have the original CD. The other PC was a slightly older PC given to me by my sister, and they lost the disc.

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:18 AM

Posted 02 March 2009 - 07:19 PM

First run your antivirus scan and the try renaming mbam's exe file to orange.bat and see if it works. Maybe your brief window will allow us to get MBAM installed.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:18 AM

Posted 02 March 2009 - 07:24 PM

Pardon the double post... Temporarily unplug you internet connection while the antivirus is running and then during the attempt to install MBAM

Plug it back in after completing these steps

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#8 kjmarket

kjmarket
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 27 March 2009 - 07:55 PM

I'm back. After weeks of trying I thought I had this infection cleared up but I was wrong. MBAM freezes 1 minute 25 seconds into the scan and the hijack this log is too long to post. Is there some way to shorten it without being able to actually get rid of the 100's of randomly named processes and infectd files? Great. My noadware goes off every 3 seconds saying a new file is trying to add itself to my startup programs, runnig an AV scan is pointless. It finds 2-3000 infected files everytime, and everything is back instantly. MBAM freezes and is useles. I dont know what to do.

Ok let me edit this post now that I switched computers. I'm really getting frustrated here. I was hoping to just post a long HJT log and hopefully get help but its way too big and wont let me. Not sure what other choice I have. My AVG picks up a few thousand infected files, MBAM freezes up after 1 minute 25 seconds every time. It was running ok, but then it didnt pick up what was copying the files right back, nor does AVG. Now it just freezes. I have no way to cut down on the countless, randomly named processes or infected files to shorten the HJT log. It is 408738 bytes. The AVG log just has a few thousand lines of Trojan.Sheur.

Edited by kjmarket, 27 March 2009 - 08:10 PM.


#9 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:18 AM

Posted 28 March 2009 - 11:23 PM

I believe it is time to visit the HJT forum.

Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible. You may wish to post a link back to this topic to see what was discussed thus far.

If you need any help with the guide, please let me know. Best wishes - you are in good hands...

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users