Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack.run et al


  • Please log in to reply
3 replies to this topic

#1 anino

anino

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 30 March 2010 - 12:52 AM

I'm using windows XP pro SP2, I'm infected with hijack.CMDPrompt; Hijack.Regedit; Hijack.Run; and Hijack.TaskManager (based on the result when i used Malwarebytes' Anti-Malware). it didn't solve it, i still cant use the run utility, and I cant access task manager. I ran Malwarebytes' Anti-Malware on the premise that my anti-virus (AVG free edition) was not able to block a virus from an infected USB flash Drive. The first thing I noticed from the virus is that it took may wallpaper away, and my computer system wont post another when i tried. I have also used Spybot S&D and the results displayed were: Microsoft.Windows.DisabledCMD, Microsoft.WindowsSecurityCenter.RegistryTools, Microsoft.WindowsSecurityCenter.TaskManager, and DoubleClick, I think Malwarebytes and Spybot detected the same virus, Spybot was not able to fix the problem. I cannot also restore to an earlier date because when i tried to the computer shuts down at once and displays a RUNDLL32.exe error, which i was able to to locate at C:\WINDOWS\Prefetch, I think this is a rouge file because i've read that the good one is the one in the windows sytem32 folder and its in all capitasl letters. One more thing, whenever i try to access run, a window pops up saying "this operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator", and whenever i tried to access task manager it says "Task Manager has been disabled by your administrator. I am the administrator and I haven't disabled anything. The problem only existed when I used an infected USB (unknowlingly infected), before that my computer is running smooth and fine. please help....tnx....

EDIT: Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP

Edited by Budapest, 30 March 2010 - 01:01 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:35 AM

Posted 30 March 2010 - 05:08 AM

Hello, its possible we are dealing here with a nasty file infector. Lets see if we can confirm that.

KASPERSKY ONLINE SCAN
-----------------------------------
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 anino

anino
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 31 March 2010 - 03:16 AM

tnx elise025, my system was fixed using Ccleaner, Autorun virus remover, and re-enable, was so desperate i wasn't able to wait for a reply, i'm sure your solution (different though it maybe) would have worked the same magic... tnx again....

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:35 AM

Posted 31 March 2010 - 04:03 AM

Good to hear that :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users