Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major headache - literally


  • Please log in to reply
6 replies to this topic

#1 Jomarel

Jomarel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 23 August 2009 - 02:11 AM

It first started when PC Antispyware 2010 spontaneously installing itself on the computer. I've managed to get rid of it using the guide on this website. This is not first time it happened - a few months ago we were attacked by the 2009 version. I also got rid of it using the guide on this website and haven't had problems until now.
After removing 2010, I still had a fake yellow speech bubble trying to persuade me to download the same anti program. I browsed the computer looking for other possible malicious files. I've reinstalled MBAM and avast several times and newly installed SDfix which managed to remove a couple files. However when I try to run MBAM, avast, and HijackThis it will scan for a few seconds then get shut down for some reason. Afterwards the programs cannot be accessed at all. Regedit also couldn't be accessed until I created another admin account. Msconfig also claims that I do not have admin rights and thus not all changes could be applied. Another thing I found odd was that when I first started the computer in Safe Mode there was a second account labeled administrator even though there was only one account before I created the latest account.

I am now stuck browsing the internet with my tiny iTouch keyboard for solutions. I've been working on this for the past two days and probably developed this headache because of it. I'm about ready to give up and reformat the computer. Can you please help?

Edit: couple other details I forgot to mention - renaming MBAM let it run but then it couldn't update and would shut down after starting a scan
Scheduling a boot time scan on avast also worked but it couldn't get past the first infection it encountered and the computer stopped responding

P.S. My dad is now considering getting a Mac to prevent further problems. Thoughts?

Edited by Jomarel, 23 August 2009 - 02:20 AM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:46 PM

Posted 23 August 2009 - 09:51 PM

P.S. My dad is now considering getting a Mac to prevent further problems. Thoughts?

Why spend all that money when you can get Unbutu Linux for free and install it on the computer you already have
------------------------------

Try running SAS using this method:

If SUPERAntiSpyware will not run when your PC starts or when you double-click the program shortcut, you may have a class of infection that specifically targets SUPERAntiSpyware and prevents it from running.
USE this link.

http://downloads.superantispyware.com/downloads/SAS_FREE.EXE


Then try a Dr WebcureIt scan


Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Jomarel

Jomarel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 25 August 2009 - 12:09 AM

Quick question before I start - does it make a difference if I use msconfig to start Safe Mode instead of the F8 method? My computer doesn't seem to respond to the F8 key when I try to start it in Safe Mode.

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:46 PM

Posted 25 August 2009 - 07:41 PM

DO NOT USE MSCONFIG AND SAFE BOOT
You will hose your boot.ini file and won't be able to log on at all
-------------------------------------

Run the tools in normal mode for now
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Jomarel

Jomarel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 25 August 2009 - 08:40 PM

I was able to download SAS. I was able to reboot into Safe Mode using F8 and it's been scanning for two minutes now and thankfully hasn't been shut down. So far it's found 12 trojans. Do I just let it do it's job for now? And should we keep this program?

Edit: nvm. It just got shut down after 6 minutes. I imagine it ran into whatever's stopping my other programs. Now it won't run.
Also, when booting in normal mode a window claiming to be from Internet Explorer asks to install fonts for a webpage. We use Chrome.

Edit x2: Tried running Dr. Web. Everytime I click OK to start the scan a window pops up saying that 4ureu.exe has encountered a problem and needs to close.

Edit x3: Info just in case - Windows XP Professional SP2 version 2002 Intel Pentium 4

Edited by Jomarel, 25 August 2009 - 08:50 PM.


#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:46 PM

Posted 26 August 2009 - 07:39 PM

Reformatting looks to be the best option or you could try this:


Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 Jomarel

Jomarel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 05 September 2009 - 12:09 AM

Sorry for the long time gap in responding - my dad decided to just reformat the computer. Thank you VERY much for your help and answering my questions!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users