Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected


  • Please log in to reply
5 replies to this topic

#1 jmck24

jmck24

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 31 August 2009 - 08:52 AM

Ok well I know I'm infected, not sure exactly what it is but up until about ten minutes ago I was able to use my internet explorer to get to basic sites such as google, yahoo, etc... I read the "How to remove Trojan, Virus, Worm, or other Malware" tutorial on here and was trying to access the the Autoruns download when my internet explorer kept denying me access to the page. I figured it was the virus blocking me from the site so I rebooted in Safe Mode and still had the same problem. Only when I came back from Safe Mode my computer became much worse. A shield popped up called "Windows Police" and pretty much took over. I was basically unable to use Internet Explorer without pop-up after pop-up appearing. Not sure where to go from here, any help will be greatly appreciated. I am currently using another pc in my house that is how I am on here now.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 AM

Posted 31 August 2009 - 02:40 PM

You have a rootkit.
As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team member.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.

Now ... Download this Utility from any of the following locations and save it to your Desktop
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jmck24

jmck24
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 31 August 2009 - 04:00 PM

I downloaded the Utility and when I went to run it the "Open With" box appeared.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 AM

Posted 31 August 2009 - 04:07 PM

Let's try DDS from fere..
run HJT/DDS.
Please follow this guide. go and do steps 6 and 8 ,, Preparation Guide For Use Before Using Hijackthis.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jmck24

jmck24
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 31 August 2009 - 04:26 PM

Same result. I downloaded the dds.scr, saved to my desktop and when I went to run it the "open with" dialog box appeared again and wouldn't let me run it as is.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 AM

Posted 31 August 2009 - 08:26 PM

If usung Vista,you need to right click on the desktop icon and select "Run as Administrator."

If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users