Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all sites opening except antivirus, microsoft setc.


  • Please log in to reply
7 replies to this topic

#1 metalickaah

metalickaah

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 07 January 2010 - 04:12 AM

i'm unable to open the antivirus sites, microsoft, computer technical forums.
seems the browser has been hijacked.

my norton is not up to date so it doesn't sense anything wrong, i installed spyware doctor, but unable to update that too.
this way i can't update both, can't download update files rfom symantec site.

i've checked the hosts file in windows/system32/drivers/etc/hosts/

it's also as it should be.

though there are dll files running along with rundll32.exe namely:

USA USA RUNDLL32.C:\Windows\TEMP\exemsxm192z.dll,w

keeps coming back after deleting

just once, if i cud run liveupdate for norton, all this wasn't a problem, but that's not just happening

Part of start up list:

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
odqlmj = RUNDLL32.EXE C:\Windows\TEMP\msfplkqs.dll,w
qblkho = RUNDLL32.EXE C:\Windows\TEMP\msztucot.dll,w


CAN I PASTE HIJACKTHIS LOG FILE HERE for you people

thanks

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:48 PM

Posted 07 January 2010 - 09:37 AM

DDS/HijackThis logs are not permitted in this forum. The HJT Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. Referrals are made to the HJT forum if we cannot assist you here and we need to use more powerful tools or you don't mind waiting.

Please download Malwarebytes Anti-Malware (v1.43) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- If Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it here so the research team can investigate.

-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. If MBAM will not install, try renaming it first.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe. If that did not work, rename it explorer.exe.
  • Double-click on the renamed file to start the installation.
  • If that still did not work, then try changing the file extension. <- click this link if you do not see the file extension
    If using Windows Vista, refer to these instructions.
  • Right-click on explorer.exe and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on explorer.com (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe and rename it to wuauclt.exe.
  • Double-click on wuauclt.exe to launch the program.
  • If that did not work, then change the .exe extension in the same way as noted above.
  • Double-click on wuauclt.com (or whatever extension you renamed it) to launch the program.
-- Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. One way to resolve this is to:
  • Download and install Malwarebytes Anti-Malware on a non-infected computer.
  • After installation, open Windows Explorer and navigate to the C:\Program Files\Malwarebytes' Anti-Malware\ folder where mbam.exe is located.
  • Copy the mbam.exe file to the Desktop and rename it to wuauclt.exe or explorer.exe.
  • Save the renamed file to a usb flash drive or CD and transfer to the infected computer.
  • Place it in the C:\Program Files\Malwarebytes' Anti-Malware folder, and then double-click on it to run.
Alternatively, you can download a randomized renamed mbam.exe version (i.e. jdRjuT7Hk.exe) from here and use that.

Note: If installation coninues to fail in normal mode, try installing and performing a Quick Scan in "safe mode". Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a safe mode scan, reboot normally, uninstall MBAM, then reinstall it and perform another Quick Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 metalickaah

metalickaah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 07 January 2010 - 12:24 PM

thanks a lot for such a reply but as i told you it doesn't download, the site does'nt open. anything related to virus, malware etc. doesn't open

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:48 PM

Posted 07 January 2010 - 12:39 PM

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 metalickaah

metalickaah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 07 January 2010 - 12:51 PM

i got it, but after installing the malware folder in program files is empty and a file rules.ref is in program data/malware, i'm trying to get norton updates thru torrent or other means, but they also may have viruses. isn't there any manual process to remove the domain restriction problem, help me, thanks in advance

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:48 PM

Posted 07 January 2010 - 01:07 PM

You need to remove the primary malware that is putting restrictions otherwise it will do no good as the malware will continue to keep them in place.

-- Some types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors such as code 2...system cannot find the file specified or mbam.exe - Application error.

One way to resolve this is to download and install Malwarebytes Anti-Malware on a non-infected computer.
  • After installation, open Windows Explorer and navigate to the C:\Program Files\Malwarebytes' Anti-Malware\ folder where mbam.exe is located.
  • Copy the mbam.exe file to the Desktop and rename it to wuauclt.exe or explorer.exe.
  • Save the renamed file to a usb flash drive or CD, then transfer to the infected computer.
    • Alternatively, you can download a randomized renamed mbam.exe version (i.e. jdRjuT7Hk.exe) from here and use that.
    • Another option is to upload the file somewhere so you can download it later to the infected computer.
    • If you do not have access to another computer, ask a friend to email or upload a renamed mbam.exe for you and provide a link to download it.
  • Place the renamed mbam.exe in the C:\Program Files\Malwarebytes' Anti-Malware folder on the infected computer, then double-click on it to launch the program.
  • Check for database definition updates through the program's interface.
  • Then perform a Quick Scan, check all items found for removal and reboot afterwards.
  • Failure to reboot will prevent MBAM from removing all the malware.
  • When done, click the Logs tab and copy/paste the contents of the report in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 metalickaah

metalickaah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 08 January 2010 - 05:54 AM

thanks, i'm downloading this file from another computer
please tell me if this (mbam) fixes or only scans the malware. i mean is it free ?
i'got norton updates also, but when i ran them, the ususal info& confirmation appeared and disappeared after clicking OK, i.e it don't update the norton

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:48 PM

Posted 08 January 2010 - 08:51 AM

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

MBAM is free for personal use and it will scan/detect/remove what it finds unless the malware or another security application interferes with removal. The paid version includes real-time protection that helps with prevention of an infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users