Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this crashing


  • Please log in to reply
13 replies to this topic

#1 crippeninc

crippeninc

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 29 July 2009 - 11:00 PM

Hi,
I think I may have some spyware/viruses. I have tried Avira, combo fix, SDFIX, panda rootkit and something still seems wrong. I want to post a Hijack this log, but it crashes after I try to run it, then when trying to click on it again it gives me a "Windows cannot access the specified device, path, or file. This error also happens now to spybot and malwarebytes. I think something doesnt want me to post my logs. Any ideas would be appreciated. I have also tried to run my antivirus, sdfix in safe mode, but I still cannot open hijack this.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 30 July 2009 - 12:46 AM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 crippeninc

crippeninc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 July 2009 - 10:37 AM

Im having problems with Dr.Web software. I booted in safemode, and ran program from desktop. It does the first scan and comes back with no viruses found. I then go to settings and turn off heuristics, then apply, then click on complete scan and hit the green arrow to start. Ive tried it 4 times and about 15 seconds into the scan, the program crashes and dissapears off screen. I ran the scan from the admin login(XP) and also my personal login where I saved to my desktop, same results everytime. It will not run a complete scan without cashing.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 30 July 2009 - 04:31 PM

Rename this file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

to this:

winlogon.exe

Then double-click the renamed file and see if it will run.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 crippeninc

crippeninc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 July 2009 - 05:53 PM

I had unistalled malwarebytes before I tried cureit,so I dont see this file anywhere. I tried to do a search, but no luck. Whatever is happening it wont let me run malwarebytes, spybot, hijack this or DR.web cureit. I was able to install AVG in safemode and ran a scan, but it only found some kind of cookie tracking? After AVG ran, I tried DR web cureit again, but it crashes about 15 seconds into the scan.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 30 July 2009 - 05:58 PM

Download a frsh copy of Malwarebytes. Rename the setup file:

mbam-setup.exe

to this:

winlogon.exe

Then double-click the renamed file and see if it will install.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 crippeninc

crippeninc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 July 2009 - 06:15 PM

Ill try it now. Do I do this in normal mode or safe mode?

Thanks for helping out.

#8 crippeninc

crippeninc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 July 2009 - 06:25 PM

In normal mode, I downloaded malwarebytes, then renamed the setup file to winlogon.exe. I clicked on it and it installed properly and took the update. I then attempted a quick scan and the program just crashed and dissapeared. Now when I click on the shortcut, it gives me an error window that says"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the items." This is the same error I get when trying other spyware programs like hijack this, malwarebytes, spybot.

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 30 July 2009 - 06:29 PM

Rename this file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

to this:

winlogon.exe

Then double-click the renamed file and see if it will run.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 crippeninc

crippeninc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 July 2009 - 06:41 PM

Tried it again, same results, crashes during scan, then when trying to click on winlogon.exe gives me the same error "windows cannot access the specified device.

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 30 July 2009 - 06:54 PM

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 crippeninc

crippeninc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 July 2009 - 07:08 PM

This is not looking good for me, Im considering a format soon. I downloaded superantispyware, then during the install i can a error that says ERROR 1321 windows installer has insufficient privelges to modify this program, then askes to abort\retry\ignore. Retry still get same message, I try ignore, it completes install and puts shortcut on my desktop, when clicking I get the same error "widows cannot access the specified device" I tried renaming the install file to winlogon.exe, but I get same results.

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 30 July 2009 - 07:19 PM

A format and reinstall is often an easier solution than spending days trying to fix a problem computer.

You could try scanning the the DrWebCureIt Live CD.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 crippeninc

crippeninc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 July 2009 - 07:25 PM

Thanks for trying to help me out. I need to go out of town this weekend, so wont be near my computer. I try a few other things, then maybe reformat. I do have access to all my files so I will be able to make backups.

Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users