Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SpybotS&D,HijackThis,Spywareblaster WILL NOT RUN


  • Please log in to reply
4 replies to this topic

#1 ChantellB

ChantellB

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 07 April 2009 - 06:58 PM

...and my browser is has been hijacked.

It all started when one day after opening up Firefox, my pc was immediately filled up with pop ups. Alarmed, I went to my security center and noticed that everything was disabled and/or at their lowest settings. The bad thing is, with the nature of my work, my computer has to be in ready mode. So it's often left on for two days at a time. Who knows how long my security center was disabled? I cringe thinking about it. Anyways I immediately went into damage control. I fired up symantec and did a full scan...about ten minutes later the window was filled with a multitude of blue entries TROJAN this...Downloader that....according to symantec everything was quarantined. I also found and removed Trojan.Vundo using the tool from Syamntec. So I went down the list deleted everything. I rebooted in safe mode and did another scan, nothing came up. I thought I was safe and virus free once again.

So fast forward about two days. After 48 hours on calmness the storm hits. Immediately upon startup I get a yellow pop up saying Your Computer has been infected!!! Seconds later something called SPYWAREPROTECT2009 begans relentlessly "scanning" my pc for stuff...Thanks to my prior reading of this forum and other sources. I knew not to freak out and NOT to press ok. So I x'd out Spyware protect...it comes back...you know the drill. I immediately fire up symantec began yet another full scan and ended up with blue entries "SPYWAREPROTECT2009" was at the top of the list and symantec said a reboot was required. I do what symantec says, including disabling System restore, deleting keys in the registry...blah blah blah. I reboot and the first thing I noticed was a pop up saying "Symantec could not remediate..." I don't know what came after the dots because, SPYWAREPT2009 floods the screen again...and so began the endless loop of hell. Thats' when I decided to get more help. I went to google, searched for this wretched program, click on a search result and then end up on a crappy website. I choose another searchlink, same thing. I search for WIKIPEDIA....click on the link from google....different yet equally crappy website comes up. Now my browser has been compromised.During the course of battling my computer, I've read a TON of things and now I'm more confused then when I started. I seriously need help.

My System SPECS
Dell Pentium 4 2.40 Ghz
2.40 Ghz, 510MB RAM
Running Windows XP Professional SP2, Version 2002

SYSTEM RESTORE IS OFF

PROGRAM STATUSES

Symantec(version 10.1.5.500)-Operational, updated to the minute. Ran last scan this morning. Nothing comes up. Ran scan in safe mode again nothing. Got a huge yellow alert saying symantec auto-protect was disabled, but when I checked the settings nothing was changed.

Ad-Aware(latest Version)-Installed it yesterday. Works fine. Found nothing but suspect cookies, taken care of by the program. Last scan this morning found nothing.

HijackThis(second to last version..1.99 I think) Refused to RUN, so I uninstalled it, and DL'ed the latest version. Installation was succesful, but the program still will not run.

Spyware Blaster - DEAD, will not run

Spybot S&D(second to last version) ran okay. Found a nice amount of suspect stuff, but when I tried to take action the program froze as well as my PC. had to reboot. Installed the latest version, it WILL NOT RUN

Firefox-Totally Hijacked. Clicking any link within a search engine(both Google and Yahoo) leads me to weird crappy sites. The speed has slowed dramatically, to almost dialup level. Getting into my Gmail is infuriating.
Firefox.exe is also using ungodly amounts of memory according to my taskmgr(127,276 as I type with 2 tabs running)


OTHER WEIRD BEHAVIOR NOTICED

Upon startup my pc runs errors asking for bad files I removed within Symantec
Zelaiyra.dll, wehokigo.dll and vejaoso.dll

System Restore will not let me create a new restore point
nor does my pc allow me to create a recovery disk....is this a smart move on my pc's part because of infection or a malfunction because of infection?

I am at a loss as to what to do next. I have backed up all my data and my registry. I am willing to take a hammer to this cursed machine if necessary. Someone Please help me...Thank you

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 07 April 2009 - 07:03 PM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 07 April 2009 - 07:10 PM

Moved from XP to Am I Infected Forum..for scans.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 ChantellB

ChantellB
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 10 April 2009 - 07:46 PM

My Computer is healed! Budapest, while I thank you for taking the time to give me a solution, literally minutes after I posted this...I found exactly what was killing my pc. I noticed that every link I clicked from google got replaced with a windowsclick.com link. The only reason I noticed it was because the firefox browser slowed down just long enough for me to SEE the link transform, rather than it happening lightening fast. I immediately searched for Winclick.com and found my solution on the site. I only wish I caught that before writing that long post. Seriously, THANK YOU!! :thumbsup: This site is GREAT!!!

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 10 April 2009 - 10:42 PM

Thanks for the good news...
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users