Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help with removal please [Moved]

  • Please log in to reply
1 reply to this topic

#1 Chad P

Chad P

  • Members
  • 1 posts
  • Local time:12:27 PM

Posted 27 August 2009 - 11:32 AM


I have a computer that is infected. My wife got duped on a site, and apparently allowed "something" to run. This is the most aggressive infection I have ever dealt with. No antivirus/antimalware programs can run. Windows complains about permissions. Internet Explorer doesn't work. Firefox searches and hyperlinks get hijacked. ComboFix starts, then disappears. HJT starts, then disappears. I was able to use GMEP and is shows a .sys file in red under the rootkit tab. It also shows that svchost.exe, spoolsv.exe, explorer.exe, and a few random other services have been attacked. I try to kill everything that GMEP shows as bad, and reinstall MalwareBytes. It starts a scan, then disappears, and the red items reappear in GMEP. Please tell me what I need to upload to shed some light on this one. Thanks in advance.

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,046 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:27 PM

Posted 27 August 2009 - 11:48 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users