Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

persistent malware, antivirus/antimalware tools don't work, internet doesn't work, multiple iexplore popups, won't run hijackthis nor let me rename it


  • Please log in to reply
No replies to this topic

#1 sandela

sandela

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 31 October 2009 - 03:05 PM

I'm having difficulty figuring out this persistent malware. I think it's likely that there are multiple issues.

I'm running Windows Vista.



The malware started off with "google redirect" symptoms, and disabling my Symantec software

Shortly following, I could no longer access the web. However, the malware itself would create an internet explorer popup every 5-10 minutes (not my default browser) that would go to "search sites" (none that I recognized....) and search for lewd topics. Running the taskmanager would show multiple instances of iexplore.exe running on my machine (one for each popup). The popups would have to be eliminated one by one using the task manager.

Trying to run a system restore, I discovered all restore points had been deleted.

I installed AVG antivirus and got it to run once which seemed to help the problem. However, upon restart, all issues were back and I could no longer run avg. Windows defender constantly pops up that a new trojan is attacking my machine.

At this point, I unplugged my internet connection and started using another machine. I had left my problematic computer alone for about a month.

Upon turning it on last night, each time I logged on, it gave me a warning that "Windows had encountered a critical error and will restart in one minute" and would restart. I tried running cmd (in that one minute) to intercept it, but the task manager would freeze if I tried to run it from there and explorer would freeze if I tried to run it from there. I also discovered my Guest account is not working.

I restarted in Safe Mode and ran msconfig and disabled all non-Microsoft services. Upon restarting my computer, I found I could successfully log on (although Guest account is still not working).

At this point I figured I ought to post a highjackthis log to a forum.

My computer would not let me install using HJTinstall.exe so I renamed it to HJTinstall.scr. After installation, highjackthis ran for about 1second and closed abruptly. My machine will not run highjackthis nor will it let me rename it. If I try to run it, it says that it cannot access the file, device or path and perhaps I don't have permission, and if I try to rename it, it says that I need permission to do so and asks if I'd like to try again. Right clicking does absolutely nothing. This is all the same in safe mode, although right clicking in safe mode will at least bring up the options.

I'm out of ideas. Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users