Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run System restore, anti malware or anti spyware


  • This topic is locked This topic is locked
11 replies to this topic

#1 shearty

shearty

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 24 May 2009 - 03:12 PM

I am having the following problems:
- Many instances of "This page cannot be displayed"
- Many instances of links taking me to totally unrelated sites
- Cannot run "System Restore"
- Cannot run "Malwarebytes Anti Malware"
- Cannot run "Super Anti Spyware"
- Cannnot run "Spybot Search and Destroy"
Hope someone can help

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:11 AM

Posted 25 May 2009 - 04:14 AM

Hi shearty,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p (Bitlord, uTorrent, etc...) download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • You have the latest version of Java (Java 6 Update 13) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    J2SE Runtime Environment 5.0 Update 9
    Java™ 6 Update 5
    Java™ 6 Update 6


  • Make sure the following setting is set as it is supposed to be set:
    • Go to Start -> Control Panel -> Double click on Network Connections.
    • Right click on your default connection and select Properties.
    • Select the General tab.
    • Double click on Internet Protocol (TCP/IP).
      Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".
    • Click OK twice to save the settings.
    • Reboot.
  • Please copy and paste a fresh DDS to your reply and update me on the current condition of your computer. No need for attach.txt any more.


#3 shearty

shearty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 26 May 2009 - 05:21 PM

Hi farbar

Thank you for attention. I have tried to follow your instructions but am not sure I got all the p2p files removed. I only use Limewire for music downloads but I've found some files in couple of locations (some labelled as "corrupt"). I have removed the Java files you suggested and set the internet connections as you suggested. After rebooting, I was able to view a site that was coming up with "This page cannot be displayed", however I get a message that Windows has blocked some software as it does not recognize it (this is the crossword puzzle from the Toronto Star that requires Java to display). Other than that, I am still not able to run System Restore, Anti Malware or Anti Spyware.

Once again, thank you for your attention.

Attached Files

  • Attached File  DDS.txt   10.26KB   4 downloads


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:11 AM

Posted 26 May 2009 - 06:03 PM

Thanks for the detailed information.

You DNS is hijacked by a trojan DNS-changer.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#5 shearty

shearty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 26 May 2009 - 07:15 PM

Hi farbar

I turned off the antivirus and antispyware as well as the firewall and downloaded ComboFix to my desktop. I double clicked on the icon then clicked on the Run button but nothing happens. It does not launch.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:11 AM

Posted 26 May 2009 - 07:50 PM

Please rename Combofix to sherty.exe and run it again.

#7 shearty

shearty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 26 May 2009 - 08:51 PM

Hi farbar

Did as you suggested. ComboFix ran (log attached), but still can't see the crossword Windowa won't install the ActiveX Controller because it doesn't recognize the publisher.

Attached Files

  • Attached File  log.txt   12.72KB   1 downloads
  • Attached File  log.txt   12.72KB   0 downloads


#8 shearty

shearty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 26 May 2009 - 08:56 PM

Windows doesn't support Java? I don't understand

#9 shearty

shearty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 26 May 2009 - 09:04 PM

Reinstalled Java and it works now. Thank you for your help. It reaffirms my faith in human nature to find that there are people like you out there in this day and age. Unfortunately, I am not in a position to make a donation right now but I will spread the good word about Bleeping Computers. :thumbup2: :)

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:11 AM

Posted 27 May 2009 - 01:26 AM

You are welcome.

If you could post a fresh DDS (just first log) it will be good to have a final check. Otherwise:

Everything looks good.

Go to start > run and copy and paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

The first reboot might be a little slow, the next one will be faster.

Optional Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • Install Javacoolsİ SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link.

  • The rule of thumb: One AntiVirus with real-time protection, one firewall (other than Windows firewall) and one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with Windows.

Please let me know Combofix uninstalled properly.

Happy Surfing!

#11 shearty

shearty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 27 May 2009 - 08:02 AM

I have downloaded Site Advisor and Spyware Blaster. Thanks agqain for your help.

Attached Files

  • Attached File  DDS.txt   9.99KB   3 downloads


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:11 AM

Posted 27 May 2009 - 08:11 AM

Everything looks good and you are welcome.

This thread will now be closed since the issue appears to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users