Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
3 replies to this topic

#1 meppwc


  • Members
  • 12 posts
  • Local time:01:33 PM

Posted 29 September 2009 - 07:52 AM

I somehow managed to get infected with an application that takes control of your browser and navigates you to an advertising page called "TheFeedOnline.com"

In addition, it appears that it has also done the following, making things even more difficult
-- I can no longer boot into Safe Mode
-- I can no longer select a date in the System Restore interface
-- I can no longer access the Task Manager page to end a process that is running. When doing CTRL-ALT-DEL, I am presented with a new window that says Task Manager has been disabled.

Other than these issues, everything on my machine is running slow and jumpy.
I have run Malwarebytes (free version), Trend Micro (licensed version), SuperAntiSpyware (free version). All of them find Trojan issues and I remove the issues, but upon rebooting it is all back again.........note, that I have turned off System Restore and rebooted after running the virus applications. But upon rebooting, my issues are all back again.

BC AdBot (Login to Remove)


#2 techextreme


    Bleepin Tech

  • Members
  • 2,125 posts
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:03:33 PM

Posted 29 September 2009 - 08:03 AM

When you run Malwarebytes and Superantispyware, which "trojans" are they removing?

Also, can you update these programs before running them or has access been disabled for each of them to the internet?

It may also help to post your Malwarebytes and Superantispyware logs so that someone from the HJT team may possibly look through them and be of more assistance.

"Admire those who attempt great things, even though they fail."

-- Seneca

#3 meppwc

  • Topic Starter

  • Members
  • 12 posts
  • Local time:01:33 PM

Posted 29 September 2009 - 08:29 AM

I can update the applications before I run them
I will identify the Trojans and post the logs as soon as I get home from work.

#4 meppwc

  • Topic Starter

  • Members
  • 12 posts
  • Local time:01:33 PM

Posted 30 September 2009 - 08:22 AM

OK, I have managed to fix my machine, so if anyone else is having problems, here is what happened and what I did to fix it
Here is a list of the issues I had and the steps I took to fix them. Hopefully no one will need to do this..............

-- My IE and Mozilla browsers were hijacked
-- Access to boot in SAFE MODE was disabled
-- Access to regedit was removed
-- Access to see processes in Task Manager was removed
-- Access to System Restore was removed
-- Restore points were deleted (this cannot be fixed, but I will be making it part of my backup now)
-- All types of porn icons were placed on my desktop

1 -- fortunately I was able to turn off system restore by right-clicking My Computer and turning it off from there.

2 -- I was not able to boot to the SAFE MODE. The entries in the registry to be able to SAFE BOOT were removed. I was able to fix this by recreating those needed entries. The easy way to perform this measure can be found at: http://blog.didierstevens.com/2007/02/19/r...ith-a-reg-file/

3 -- Once you are able to boot in SAFE MODE with networking, you can then logon on as Admin, and startup/update your virus/adware applications. I ran Malwarebytes, SuperAntiSpyware and Avast

4 -- Access to the registry was disabled. When I ran Malwarebytes is discovered an entry in the registry and gave me the message that it needed to access the registry to repair the problem. I OK'd this and that also provided me access to the registry as well. (Lucky)

5 -- The TaskManager was disabled also, CTRL-ALT-DEL produced a message box that basically said Task Manager has been disabled by your administrator. I repaired this by going to the HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System key and deleted the DisableTaskMgr key and reboot the machine

Once I completed all of this, I turned System Restore back on, rebooted and ran all my virus/adware applications again and it appears to be clean. I then created a restore point and added the restore folder to my daily backups.

Hopes this helps someone that may need it.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users