Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked


  • This topic is locked This topic is locked
49 replies to this topic

#1 StephSVA

StephSVA

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 04 November 2009 - 10:13 PM

Hello!

I have a browser hijacking redirecter virus and possibly other issues.

I was getting help from the UnHackMe program support people. After the support having me download and run Malwarebytes, HijackThis, UnHackMe, BootLog XP and RegRun Reanimator the support asked me to run the RegRun in Safe Mode, well I can not reboot in safe mode. It attempts to start but gets stuck and stops. The UnHackMe support person said my HijackThis log and UnHackMe log were clean but I was still having problems. Which is why she asked me to run the scans of RegRun in Safe Mode.

When I emailed back to the other support about my being unable to start in Safe Mode, they abandoned me. We were communicating daily and now I have not heard back in 10 days after several attempts by me to contact them. I even paid for that program and support.... :thumbsup:

So I still need help, my browser is still being redirected.

I am running Windows XP with Service Pack 3, I have AVG Free 9.0 which keeps finding the viruses and says they are healed infections but we remain infected.

Any help would be appreciated. It is going on 2.5 weeks of being infected and not being able to do any Google searches is frustrating and I think every time I am on the internet it is downloading more viruses.....

Thanks, Stephanie!!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 04 November 2009 - 10:30 PM

Run a quick scan with Malwarebytes and post the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 StephSVA

StephSVA
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 04 November 2009 - 10:39 PM

Hello!

Here is my Malwarebytes Quick Scan results:

Malwarebytes' Anti-Malware 1.41
Database version: 2979
Windows 5.1.2600 Service Pack 3

11/4/2009 10:38:20 PM
mbam-log-2009-11-04 (22-38-20).txt

Scan type: Quick Scan
Objects scanned: 99083
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 04 November 2009 - 10:43 PM

Download and run this file:

http://download.bleepingcomputer.com/sUBs/...otKeyRepair.exe

Then see if you can boot into Safe Mode.

Edited by Budapest, 04 November 2009 - 10:43 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 StephSVA

StephSVA
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 04 November 2009 - 11:04 PM

I downloaded and ran the file, I saved the log it produced and can post if needed.

I then attempted to boot into Safe Mode and it stuck in the same place as before. I took a picture of that place with my cell phone and can post that if you want.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 04 November 2009 - 11:09 PM

Try this scan (skip the part where it says to boot into Safe Mode and just try the scan in Normal Mode).

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 StephSVA

StephSVA
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 05 November 2009 - 12:01 AM

Ok I ran the ATF Cleaner and SuperAntiSpyware.

Here is the SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2009 at 11:58 PM

Application Version : 4.29.1004

Core Rules Database Version : 4231
Trace Rules Database Version: 2129

Scan type : Complete Scan
Total Scan Time : 00:34:04

Memory items scanned : 479
Memory threats detected : 0
Registry items scanned : 4828
Registry threats detected : 0
File items scanned : 38854
File threats detected : 0

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 05 November 2009 - 12:17 AM

Right click on the C drive in Explorer and go Properties > Tools > Check Now (under Error Checking). Check both boxes then click "Start Now". A message will pop up saying that Error Checking will run after you restart the computer. Restart the computer and Error Checking will run automatically after the restart. After itís finished it will restart into Windows automatically.

After the scan is finished see if Safe Mode will now work. Note that the scan can take a long time.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 StephSVA

StephSVA
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 05 November 2009 - 12:20 AM

Thank you I am going to start the scan, if it takes too long I will have to leave for work but will be back to report the findings as soon as I come home.

Thanks!

#10 StephSVA

StephSVA
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 05 November 2009 - 01:37 AM

The scan finished and I attempted to restart in safe mode.

No luck by pressing F8 it was stuck in the same place. So I turned the computer off waited a minute and started it up and tried to get it into Safe Mode by using the MSCONFIG way just in case it worked better than the F8 way.

It would not start in Safe Mode at all either way and will not come on at all now. It is stuck on the Windows Logo screen. When I hold the power button in to turn off and then restart it starts to the screen that says Sorry your computer did not boot properly pick a starting option. I have tried Last known good configuration with no luck and tried Start Windows normally both do nothing the computer stays stuck on the windows logo screen. :thumbsup:

I now have to go but will be back in several hours to see if there is something else for me to try.

Edited by StephSVA, 05 November 2009 - 01:51 AM.


#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 05 November 2009 - 03:32 AM

Can you please post the pic of what happens when you try to boot into Safe Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 StephSVA

StephSVA
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 05 November 2009 - 08:38 AM

Here is what was happening when I press F8 it stays there and did not advance.

I have let it hang on this screen for 30 minutes and it does not move.

Posted Image

Here is what it is doing now, the last thing I did was try to safe boot in the MSCONFIG area by checking the /SAFEBOOT option in the BOOT.INI area. The computer has not come on since then. I have tried to boot in all the options shown on the first screen but all of them take me to the second screen and then it just stays there.

Posted Image Posted Image

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 05 November 2009 - 04:01 PM

Using MSCONFIG to force a Safe Mode boot is never a good idea when you are having virus problems. See the following tutorial:

How to start Windows in Safe Mode

Scroll down to the section: "Problems that can occur by forcing Safe Mode using the System Configuration Utility"
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 StephSVA

StephSVA
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 05 November 2009 - 05:24 PM

Oh well that is a total bummer, I figured that is was just looping and looping to boot to safe mode which is why it will now not come on at all. Bad on me. :thumbsup: Sorry.

I can not enter Windows Recovery mode from the Windows CD. I get to the blue setup screen and have 3 options Windows set-up press enter, Recovery Console press R and exit press F3.

So I press R so I can change the name of my boot.ini and the following screen comes up:

Posted Image

So it looks like it can not find the hard drive?? I am getting a sinking feeling about all this.....

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 05 November 2009 - 05:29 PM

Try creating your own Recovery Console disk with this file:

http://www.thecomputerparamedic.com/files/rc.iso

You must burn this file to a CD as an ISO. Post back if you need more information on how to do this.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users