Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've been hijacked, tried to get previous help to no avail.


  • Please log in to reply
1 reply to this topic

#1 sinitiere

sinitiere

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 12 June 2009 - 01:28 PM

I realized that I had been hijacked when I tried going to Best Buy, etc. webpages and I kept getting re-directed to different bizarre search pages. I also noticed that when I tried to click on the shortcut to my external WD HD in the Quicklaunch bar it wouldn't open unless I would right-click on the icon and hit "explore." Also Malware Bytes wouldn't run at all. A friend of mine is an IT Director and he tried cleaning it this past weekend but was unable to clean it completly. I have backed-up all my important data. I'm not exactley sure what all he did but I can tell you that he installed the following programs:

Hijack This
Lavasoft Ad-Aware
Mozilla Firefox
SpywareBlaster
CounterSpy
and SmithfraudFix

I plugged my WD EHD into another computer and realized that it was infected with the Recyler virus. I researched and followed steps to check and remove it from all of my drives. I was able to get rid of the Recycler files and the autorun.inf files and have checked a few times since and they no longer appear to be a problem.

Malwarebytes now runs.
I downloaded SUPERAntiSpyware but it won't install.

I'm not sure what all he was able to do, so if someone could kindly help me start from the beginning I'd really appreciate it.

I have a Gateway P-6301 Laptop running Windows Vista Home Premium SP1
Intel® Pentium® Dual CPU T2310 @ 1.46GHz
1.00 GB RAM
32-bit Operating System

I have AVIRA Anti-virus
I have all of the Windows Security Updates as of yesterday.
Windows Vista SP2 failed to instal
Windows Defender is up to date as of today.

I'm not sure what else you need from me. I hope I have be thorough enough. I can't wait to get my computer clean again! Thanks in advance for your help i

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:20 AM

Posted 12 June 2009 - 08:43 PM

Hello and welcome.
Please post your MBAM log..
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Next run ATF and SAS:
From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users