Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine Hijacked?


  • This topic is locked This topic is locked
13 replies to this topic

#1 CurlySue83

CurlySue83

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 17 September 2009 - 07:06 PM

Hi. I think my computer/search engines have been hijacked. Ive been reading similar cases on this site before signing up. On 9/15/2009 I was dong some research on google and yahoo. Google stopped working, so I thought their server or whatever was having issues. I then tried using yahoo. Yahoo let me on and gave me search results. After clicking on search results porn sites started popping up over and over all over my screen as well as various other popups. The sites that popped up are showing in my history, not listing the link, just the name

ODNOIXNIKI.COM :: САМАЯ БОЛЬШАЯ КОЛЛЕКЦИЯ РАЗВРАТНОГО ВИДЕО!

and

YABLONDINKA.COM :: САМАЯ БОЛЬШАЯ КОЛЛЕКЦИЯ РАЗВРАТНОГО ВИДЕО!


Earlier that day Mcafee did pop up saying it found a Trojan and had cleaned it, so I clicked okay.

After experiencing the popups in yahoo I was then unable to use yahoo

Now I'm not able to use the following:
google
yahoo
msn
ask
but can open all other websites


We ran Mcafee and everything showed up clean

Norton cant even function...so there was no trying it..



I downloaded malwarebytes....... when I installed it and opened it up I got an error message with error 732 and it told me to report it to the software staff

I went ahead and ran the scan anyway. I scanned everything on my entire computer, it took like 2 hours and 19 minutes

It found way over 100 issues....

I deleted them all and then it said I needed to reboot to delete one of the other issues (it tells about it in the log)

After running malwarebytes I am still not able to access search engines

Please let me know if you want the malwarebytes log.

Thank you in advance for any help, it will be GREATLY appreciated.


Kimberly

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 18 September 2009 - 07:24 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.


Please post your Malwarebytes log. It can be found under the "Logs" tab of the Malwarebytes program.
Computer Pro

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 PM

Posted 18 September 2009 - 07:51 PM

You have Russian malware.
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 CurlySue83

CurlySue83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 19 September 2009 - 05:34 PM

will do should have it over to you shortly, thanks for your response....so appreciative!

#5 CurlySue83

CurlySue83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 19 September 2009 - 09:56 PM

Ok. I did what you said. I got another error installing, but it installed anyway. Then I got an error trying to update it. LOL

I did run the program and here is the log. But it didn't find anything.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/19/2009 10:43:53 PM
mbam-log-2009-09-19 (22-43-53).txt

Scan type: Quick Scan
Objects scanned: 134148
Time elapsed: 21 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 PM

Posted 19 September 2009 - 10:04 PM

Ok yes I see the update failed. Let's run these next.

Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Now try updating MBAM again.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 CurlySue83

CurlySue83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 20 September 2009 - 09:03 AM

Ok. Here is the log from Super.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/20/2009 at 03:40 AM

Application Version : 4.29.1002

Core Rules Database Version : 4102
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 03:11:32

Memory items scanned : 378
Memory threats detected : 0
Registry items scanned : 8439
Registry threats detected : 4
File items scanned : 171037
File threats detected : 1

Trojan.DNSChanger-Codec
HKU\S-1-5-21-1214440339-1326574676-682003330-1004\Software\uninstall

Rogue.Component/Trace
HKLM\Software\Microsoft\08F71865
HKLM\Software\Microsoft\08F71865#08f71865
HKLM\Software\Microsoft\08F71865#Version

Trojan.Fake-Drop/Gen
C:\WINDOWS\SYSTEM32\TEMP#01.EXE


Still can't update Malwarebyte. It gives me Error Code 732 (0,0)

Ran the scan and didn't find anything again. Here is the log.


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/20/2009 10:02:10 AM
mbam-log-2009-09-20 (10-02-10).txt

Scan type: Quick Scan
Objects scanned: 100628
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 PM

Posted 20 September 2009 - 02:51 PM

Is there anything else wiyh the 732 error message?
Error Code 732 - Internet Explorer 8, Possible Fix


Use Process Explorer to see what's running at startup.

Please download and run Process Explorer v11.33
Click on File then Save As, create a log.
Copy and paste it into your next reply.


Also please run Part 1 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 CurlySue83

CurlySue83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 21 September 2009 - 07:28 AM

No. There is no other error message or anything else with the error. Sorry.

Here is the log from Process Explorer.


Process PID CPU Description Company Name
System Idle Process 0 93.85
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 636 Windows NT Session Manager Microsoft Corporation
csrss.exe 700 Client Server Runtime Process Microsoft Corporation
winlogon.exe 724 Windows NT Logon Application Microsoft Corporation
services.exe 768 Services and Controller app Microsoft Corporation
svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 3300 WMI Microsoft Corporation
mcagent.exe 2216 McAfee Integrated Security Platform McAfee, Inc.
mcvsshld.exe 3428 McAfee VirusScan ActiveShield McAfee, Inc.
mcvsmap.exe 6016 McAfee VirusMap Reporting module McAfee, Inc.
svchost.exe 1004 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1064 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3280 Windows Update Automatic Updates Microsoft Corporation
wscntfy.exe 1400 Windows Security Center Notification App Microsoft Corporation
svchost.exe 1116 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1232 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1272 Generic Host Process for Win32 Services Microsoft Corporation
aawservice.exe 1548 Ad-Aware Service Lavasoft
spoolsv.exe 1752 1.54 Spooler SubSystem App Microsoft Corporation
svchost.exe 1828 Generic Host Process for Win32 Services Microsoft Corporation
PhotoshopElementsFileAgent.exe 1900
mDNSResponder.exe 1924 Bonjour Service Apple Computer, Inc.
svchost.exe 424 Generic Host Process for Win32 Services Microsoft Corporation
jqs.exe 468 Java™ Quick Starter Service Sun Microsystems, Inc.
mcmscsvc.exe 556 McAfee Services McAfee, Inc.
McNASvc.exe 1352 McAfee Network Agent McAfee, Inc.
McProxy.exe 1436 McAfee Proxy Service Module McAfee, Inc.
Mcshield.exe 1520 On-Access Scanner service McAfee, Inc.
MDM.EXE 1616 Machine Debug Manager Microsoft Corporation
MpfSrv.exe 1724 McAfee Personal Firewall Service McAfee, Inc.
nvsvc32.exe 260 NVIDIA Driver Helper Service, Version 171.16 NVIDIA Corporation
pctsAuxs.exe 2056 PC Tools Auxiliary Service PC Tools
pctsSvc.exe 2144 PC Tools Security Service PC Tools
pctsTray.exe 3048 PC Tools Tray Application PC Tools
svchost.exe 2256 Generic Host Process for Win32 Services Microsoft Corporation
TiVoBeacon.exe 2272 TiVo Beacon Service TiVo Inc.
wmpnetwk.exe 2456 Windows Media Player Network Sharing Service Microsoft Corporation
mcsysmon.exe 3092 McAfee SystemGuards Service McAfee, Inc.
TFService.exe 3472 PC Tools ThreatFire Service PC Tools
alg.exe 3056 Application Layer Gateway Service Microsoft Corporation
iPodService.exe 5600 iPodService Module Apple Inc.
lsass.exe 780 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 4032 1.54 Windows Explorer Microsoft Corporation
dlbubmgr.exe 3920 Dell Dell 942 Button Manager
dlbubmon.exe 3940 Dell Dell 942 Button Monitor
memcard.exe 3948 Memory Card Manager Executable
apdproxy.exe 4064 Adobe Photo Downloader 4.0 component Adobe Systems Incorporated
jusched.exe 628 Java™ Platform SE binary Sun Microsystems, Inc.
rundll32.exe 940 Run a DLL as an App Microsoft Corporation
McAfeeDataBackup.exe 5896 McAfee Data Backup McAfee
ctfmon.exe 3824 CTF Loader Microsoft Corporation
btdna.exe 4768 DNA BitTorrent, Inc.
SUPERAntiSpyware.exe 5164 SUPERAntiSpyware Application SUPERAntiSpyware.com
msimn.exe 5000 Outlook Express Microsoft Corporation
rundll32.exe 4956 Run a DLL as an App Microsoft Corporation
firefox.exe 6072 1.54 Firefox Mozilla Corporation
java.exe 5412 Java™ Platform SE binary Sun Microsystems, Inc.
procexp.exe 5624 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
EM_EXEC.EXE 2744 Logitech Events Handler Application Logitech Inc.



Here is the log from SmitfraudFix.


Scan done at 8:18:34.50, Mon 09/21/2009
Run from C:\Documents and Settings\Keith\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Keith\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Keith


C:\DOCUME~1\Keith\LOCALS~1\Temp


C:\Documents and Settings\Keith\Application Data


Start Menu


C:\DOCUME~1\Keith\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\SYSTEM32\\userinit.exe,"

RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




DNS

Description: Wireless-B PCI Adapter - Packet Scheduler Miniport
DNS Server Search Order: 68.87.68.162
DNS Server Search Order: 68.87.74.162

Description: Wireless-B PCI Adapter - Packet Scheduler Miniport
DNS Server Search Order: 68.87.68.166
DNS Server Search Order: 68.87.74.166

HKLM\SYSTEM\CCS\Services\Tcpip\..\{25541644-9598-4B72-A77A-94A4ADABBBB4}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4014C9A8-AC90-4316-8305-375BFF48260B}: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CS1\Services\Tcpip\..\{25541644-9598-4B72-A77A-94A4ADABBBB4}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4014C9A8-AC90-4316-8305-375BFF48260B}: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CS2\Services\Tcpip\..\{25541644-9598-4B72-A77A-94A4ADABBBB4}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4014C9A8-AC90-4316-8305-375BFF48260B}: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.166 68.87.74.166
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.166 68.87.74.166


Scanning for wininet.dll infection


End

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 PM

Posted 21 September 2009 - 03:39 PM

Hello it appears you may be running 2 Antivirus' ,McAfee and PC Tools is this correct. If so they can be conflicting. The side effect may be your problem.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 CurlySue83

CurlySue83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 21 September 2009 - 07:12 PM

I have McAfee disabled right now. It's still in the taskbar, but it's not monitoring anything.

Also, PCTools is just spyware, I didn't purchase the virus part of it. The PCTools was my first attempt at fixing this problem with the hijack.

Edited by CurlySue83, 21 September 2009 - 07:15 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 PM

Posted 21 September 2009 - 10:01 PM

Well what ever it is it is well protected.
You will need to run HJT/DDS.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 CurlySue83

CurlySue83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 24 September 2009 - 12:29 PM

Created and posted info in new topic in that board. Thanks.

Linkage: http://www.bleepingcomputer.com/forums/t/260001/some-form-of-hijack-cant-get-to-any-search-engine/

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 PM

Posted 24 September 2009 - 03:05 PM

Ok, that looks good....
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users