Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


triple-threat - But are they related?

  • Please log in to reply
1 reply to this topic

#1 Aristol


  • Members
  • 1 posts
  • Local time:09:55 AM

Posted 15 April 2010 - 03:30 AM

Over the last 48 hours I've been locked in a heated battle. My poor computer has been the battleground. I'm running XP SP3, and it's been ugly. I will try to remember things as they happened, but I know there are gaps, and much I imagine has been blocked out in my brain from general trauma :thumbsup:

The first I can remember anything happening, I had been on some site and moused over an ad, causing a pop-up. I thought to myself, "Well, that was weird and annoying..." my computer started acting a little bit constipated and running slowly. A day or so ago, my internet searches started getting hijacked. It would randomly pop up a new tab for some advertisement site, which I would then close - and then I would click on a link to wherever (and later noticed especially when I tried to access sites about spyware/malware/antivirus) would redirect to another random site.
AVG wasn't picking up anything. Suddenly, Adaware wasn't running correctly either... I couldn't connect to update to the newest definitions. A good friend of mine, who I know to be very savvy about internet security and trust implicitly, basically told me "AVG sucks, get Microsoft Security Essentials instead and run a scan with that." The initial scan came up with 4 infections:

TrojanDownloader: Java/Agent.G.ldr
TrojanDownloader: Java/Agent.G
Trojan: Win32/Ircbrute
Worm: Win32/Pushbot.gen!C

I began the full scan, but then had to go to school all day until late. I wanted to play a game of League of Legends before bed, but suddenly the game wouldn't launch and I was getting strange error regarding javascript. I wondered if these errors were related to the fact that I was *still* getting redirected all over and getting popups. I found this guide:


for trying to fix the google redirect issue. Things were okay at first, obtaining DNS options were normal, etc. Once I opened the hosts file though, I saw that there were a ton of new IP addresses added! I deleted everything except the localhost, as instructed. TDSSKiller found a number of infections and rootkits, which it claimed to kill. (Now I wish I'd written down what they were!) Then I ran ComboFix (which I now read I shouldn't have... but i figured I'd fess up for the sake of transparency and getting my computer well again!) Things seemed fine when I went to sleep.

I woke up this morning with a veritable flood of Alerts from a program, XP Antivirus, that my computer apparently has more viruses than, well, nevermind - but a lot. I didn't recognize that program, and it was also telling me that my firewall was down, etc. At the same time, MSE was clearing out a bajillion instances of:

Virus: Win32/Alureon.H

Which it prompted me to disinfect and remove. Trusting MSE and knowing it was legit, I did so. Judging by the entry on the Microsoft security encyclopedia, it seemed the most likely culprit for my problems. I went to update MSE before doing another scan, and suddenly it couldn't connect to update either. But, I was still getting redirects! My friend used remote desktop while I was at work to try and fix whatever might be causing the problem. He texted me to say he thought maybe he'd fixed it, but wasn't sure.

When I got home from work, I had another flood of infection spam. Then I found out that this XP Antivirus program was *also* malware and totally fake, and was also capable of blocking things like that. I followed the guide on your site:


Again, once it was done, things seemed fine. I was going to do a little dance. Went out to hang out with some friends, come home and *still* getting redirects. Ran TDSSKiller again and it reported atapi.sys as being infected - It's suposed to fix it on reboot, but does not appear to have done so. Then, my computer pops up with XP AntiMalware 2010 spam (now it's a different version of the same thing!) I went through your guide again to remove it, but I'm still having redirect problems, and I'm afraid to do anything else to my poor computer without someone basically holding my hand.

I don't know if these things are inter-related problems, or if somehow my computer has become Typhoid Dave and just needs to be put down. But if there's any hope of fixing it, I'll do whatever it takes - I really can't afford to replace the machine right now, but still need to be able to use it.

Sorry that was so long, but the pinned posts said to be as thorough and clear as possible with the problems and steps already taken. I'm not afraid to retrace my steps, however, if that will somehow help. Thanks in advance for any help yall can provide.

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,011 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:55 AM

Posted 14 May 2010 - 12:00 AM


Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ concerning the use of ComboFix.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users