Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with who knows what - ?Trojan(s)


  • This topic is locked This topic is locked
3 replies to this topic

#1 Confused Lee

Confused Lee

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Plymouth UK
  • Local time:02:45 PM

Posted 09 August 2009 - 09:44 AM

Yesterday, I was downloading some files and suddenly, my firewall (Sygate Personal Firewall) went red and announced I had an infection. Thinking the files I was downloading might be the culprit, I disconnected from the internet immediately and initiated a full scan with AVG (free edition). Nine hours later, all that could be found was about 15 tracking cookies and two Trojans in a file that had been on the computer and unused for ages and ages, and which had been scanned several times before.
The file was too big for AVG to handle, so I erased it using HandyBits File Shredder, and I think that was the start of my problems. I have since scanned the three files that were on the way down to me and nothing has been found (they were not executables).
First, my browser (IE8) has been hijacked and is being redirected to an advertising site when I used Google and click on a result. Not all the time, but irritatingly often. Seems to be something called windowsclick.com and it is not a very good search engine!!
Second, my spyware detectors (Superantispyware and spybot search and destroy) seem to have been disabled. The former gives an error message and shuts down (message in doc1.doc attached) while the latter just seems to sit there.
Firewall keeps warning me about files I have never heard of tryiing to communicate with web sites - denied by me.
One is msa.exe wanting to talk to sc1.checkpoint.com (88.221.181.68) and the other is c.exe wanting switch.atdmt.com (194.129.79.25).
I managed to download stopzilla and perform a scan, and it found loads of stuff, but of course it wouldn't do anything with it, so things are there, just not spotted by the disabled software.
Another thing that is happening is IE8 keeps hanging, and that has been for a while now. I abandoned IE7 as I kept reading that 8 was safer and bettr, but all I have had is grief!! Again, very annoying.
Latest fun thing was AVG waking up this morning and telling me I had an infection, then doing nothing about it - there was nothing in the logs and the whole machine hung at that point. I did manage to see one of the dialogue boxes and it told me the infection was in process c\windows\msa.exe and that the file was varrusilanto-1.com/1/index.php, and that it was "Exploit MPAC ActiveX code execution (type 238) whatever that all means!!
Finally, and not associated with the current problem, a year or so ago I had a multiple trojan infection which was very kindly sorted out by a Bleeping Computer expert. Since then though, I have noticed that the auto-run feature on my optical drive just does not work, even though it is enabled, and I have checked several times. Is there some additional switch hidden deep in the dark recesses of Windows XP that needs switching on again?
If anyone can help me get rid of this problem and take me back to the quiet days of a computer that does what you tell it I would be so very grateful. DDS listings below and attached as instructed. Apologies for not zipping the attachment, but I use WINrar and your system won't let me upload a .rar file and I am afraid to download WINZIP and potentially lose this message again (this is the third attempt!!).
Thanks and kind regards,
Lee Fergusson


DDS (Ver_09-07-30.01) - NTFSx86
Run by Furball at 13:30:48.09 on 09/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.959.363 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\Furball\LOCALS~1\Temp\c.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Broadband Download Monitor\bdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\msa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Furball\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: yantifish: {38038d50-8a48-44c2-945f-d2f23f771410} - c:\progra~1\yahoo!\toolbar\YANTIF~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: YDragSrch: {62efd7c6-9f02-42f9-b634-98e2899e147b} - c:\progra~1\yahoo!\toolbar\YDRAGS~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: SearchPerks! Follow-On Study Assistant: {d1a1fd57-93fc-45fe-bc2a-b3a5d47d6674} - c:\program files\searchperks! follow-on study assistant\Bmbho.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: SearchPerks! Follow-On Study Assistant: {d1a1fd57-93fc-45fe-bc2a-b3a5d47d6674} - c:\program files\searchperks! follow-on study assistant\Bmbho.dll
TB: ???¢1???: {407f94f0-504f-4a40-8dfd-58b0666abebd} - c:\program files\yahoo!\toolbar\ytoolbar.dll
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {6576EBAA-B570-4345-98E4-96153C77CF24} - No File
EB: ???¢????(&Y): {fc029f74-d976-4889-a29a-747d0ba4086d} - c:\program files\yahoo!\toolbar\yfeed.dll
uRun: [Update Service] c:\progra~1\common~1\teknum~1\update.exe /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [STDSB] c:\windows\system32\drivers\STDSB.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\furball\startm~1\programs\startup\broadb~1.lnk - c:\program files\broadband download monitor\bdm.exe
IE: ???¢?????
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: £′?μ????¢????(&Y) - c:\progra~1\yahoo!\toolbar\yfeed.dll/YRSSMENUEXT
IE: £′?μ????¢????(&Y)
IE: ???¢????? - c:\progra~1\yahoo!\toolbar\ytoolbar.dll/203
IE: 保存到雅虎订阅(&Y) - c:\progra~1\yahoo!\toolbar\yfeed.dll/YRSSMENUEXT
IE: 雅虎全网搜索 - c:\progra~1\yahoo!\toolbar\ytoolbar.dll/203
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: moneysupermarket.com\www
Trusted Zone: musicradio.com\mediaweb
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158685749062
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} - hxxp://photo.163.com/163Uploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-6 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-21 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-6 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-8 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-8 298776]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2006-6-28 11279]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2006-12-29 515803]
S2 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [2006-6-28 11279]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-1-8 44928]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2006-12-29 10986]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2007-1-11 37772]
S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\vnic.sys --> c:\windows\system32\drivers\VNic.sys [?]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-08-08 13:24 151,040 a------- c:\windows\msa.exe
2009-08-08 13:23 208,900 a------- c:\windows\system32\msxml71.dll
2009-07-24 19:57 36,363 a------- c:\windows\CSTBox.INI
2009-07-20 12:12 3,750 a------- C:\ZB20090720121204001.xml

==================== Find3M ====================

2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 14:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-09 18:09 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 18:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 18:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 18:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 18:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 18:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 18:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 18:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 18:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 18:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 18:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 18:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 12:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-30 09:17 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 20:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-12 06:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2008-03-06 14:35 32 a----r-- c:\documents and settings\all users\hash.dat
2007-06-12 10:49 3,506 ac------ c:\docume~1\furball\applic~1\mdb.bin
2008-08-04 12:15 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 13:34:53.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 August 2009 - 03:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Confused Lee

Confused Lee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Plymouth UK

Posted 24 August 2009 - 04:20 PM

Hello Superbird, and thank you for coming back to me on this.

After my original post, the situation got worse and worse with the computer slowing down and redirections becoming rather more than tiresome even though I worked out how to circumvent them. Finally, as both my spyware detectors had been disabled by the infection, I did a scan using Microsoft malicious software finder, which identified a lot more than had been shown up before. I followed this with a full scan by StopZilla and it found no less than 47 infections of various danger levels, some of which were simple advertising generators, but others appeared to be trojans - at this stage the computer kept freezing and I couldn't read all the dialogue boxes.
Finally, I re-booted and got error messages while Windows was starting about a page fault in a non-page area. This continued for a couple of days and I could not boot up, so I gave up, formatted my C:/ drive and used my recovery discs to go back to factory settings. I am still trying to re-install all my software, but the computer is at last behaving itself - it actually shuts down when you tell it to now!! I only lost a small amount of data as I have been transferring my data on to a removable hard drive for a while now, in anticipation of doing what I was forced to do - start over. I was only hit lightly and the important data is all backed up to disc regularly anyway. So today I am finally back to square one and kept out of mischief re-installing all my bits and bobs and working through the huge pile of e-mails!!

Thanks again for all the work you guys do for those of us who are less than proficient at finding and eradicating the nasty stuff that people put out there. this time, I will not need your help, but I appreciate the call anyway.

Kind regards,

(still) confused Lee

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:45 PM

Posted 25 August 2009 - 09:58 PM

Hello

Thank you for posting back. Sometimes a reformat and reinstall is the quickest and best solution. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users