Posted 07 April 2009 - 06:58 PM
...and my browser is has been hijacked.
It all started when one day after opening up Firefox, my pc was immediately filled up with pop ups. Alarmed, I went to my security center and noticed that everything was disabled and/or at their lowest settings. The bad thing is, with the nature of my work, my computer has to be in ready mode. So it's often left on for two days at a time. Who knows how long my security center was disabled? I cringe thinking about it. Anyways I immediately went into damage control. I fired up symantec and did a full scan...about ten minutes later the window was filled with a multitude of blue entries TROJAN this...Downloader that....according to symantec everything was quarantined. I also found and removed Trojan.Vundo using the tool from Syamntec. So I went down the list deleted everything. I rebooted in safe mode and did another scan, nothing came up. I thought I was safe and virus free once again.
So fast forward about two days. After 48 hours on calmness the storm hits. Immediately upon startup I get a yellow pop up saying Your Computer has been infected!!! Seconds later something called SPYWAREPROTECT2009 begans relentlessly "scanning" my pc for stuff...Thanks to my prior reading of this forum and other sources. I knew not to freak out and NOT to press ok. So I x'd out Spyware protect...it comes back...you know the drill. I immediately fire up symantec began yet another full scan and ended up with blue entries "SPYWAREPROTECT2009" was at the top of the list and symantec said a reboot was required. I do what symantec says, including disabling System restore, deleting keys in the registry...blah blah blah. I reboot and the first thing I noticed was a pop up saying "Symantec could not remediate..." I don't know what came after the dots because, SPYWAREPT2009 floods the screen again...and so began the endless loop of hell. Thats' when I decided to get more help. I went to google, searched for this wretched program, click on a search result and then end up on a crappy website. I choose another searchlink, same thing. I search for WIKIPEDIA....click on the link from google....different yet equally crappy website comes up. Now my browser has been compromised.During the course of battling my computer, I've read a TON of things and now I'm more confused then when I started. I seriously need help.
My System SPECS
Dell Pentium 4 2.40 Ghz
2.40 Ghz, 510MB RAM
Running Windows XP Professional SP2, Version 2002
SYSTEM RESTORE IS OFF
Symantec(version 10.1.5.500)-Operational, updated to the minute. Ran last scan this morning. Nothing comes up. Ran scan in safe mode again nothing. Got a huge yellow alert saying symantec auto-protect was disabled, but when I checked the settings nothing was changed.
Ad-Aware(latest Version)-Installed it yesterday. Works fine. Found nothing but suspect cookies, taken care of by the program. Last scan this morning found nothing.
HijackThis(second to last version..1.99 I think) Refused to RUN, so I uninstalled it, and DL'ed the latest version. Installation was succesful, but the program still will not run.
Spyware Blaster - DEAD, will not run
Spybot S&D(second to last version) ran okay. Found a nice amount of suspect stuff, but when I tried to take action the program froze as well as my PC. had to reboot. Installed the latest version, it WILL NOT RUN
Firefox-Totally Hijacked. Clicking any link within a search engine(both Google and Yahoo) leads me to weird crappy sites. The speed has slowed dramatically, to almost dialup level. Getting into my Gmail is infuriating.
Firefox.exe is also using ungodly amounts of memory according to my taskmgr(127,276 as I type with 2 tabs running)
OTHER WEIRD BEHAVIOR NOTICED
Upon startup my pc runs errors asking for bad files I removed within Symantec
Zelaiyra.dll, wehokigo.dll and vejaoso.dll
System Restore will not let me create a new restore point
nor does my pc allow me to create a recovery disk....is this a smart move on my pc's part because of infection or a malfunction because of infection?
I am at a loss as to what to do next. I have backed up all my data and my registry. I am willing to take a hammer to this cursed machine if necessary. Someone Please help me...Thank you