Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked


  • Please log in to reply
3 replies to this topic

#1 Johnsboro

Johnsboro

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 19 April 2010 - 01:53 PM

I have a computer virus that I have not been able to get rid of, even though Iíve done scans with numerous ant-virus/spyware programs. What a huge amount of time this thing has taken so far. Itís driving me nuts; an awful thing.

With this kind of thing happening, how does any have any confidence that anything is safe on the computer, such as online banking or buying things online with credit cards. I hope someone will be able to help. Iíd really like to know how this thing has been able to evade getting cleaned up. Iím seriously considering wiping the computer clean and re-installing the operating system.

I don't know how to insert pictures in this post. I thought I could paste them in or it would prompt me for an image on my local disk, but it wants a URL. I don't have a web site into which I can place images.

Description of issue:

Browser (Internet Explorer) search results get hijacked. For instance, if I Google, for instance, "facebook" and click on the link that is supposedly the login for Facebook (www.facebook.com/login.php), instead I get re-directed to a site like this: http://www.hostway.com/promo/...

- Browser keeps reporting that its default search engine has been changed (image available)

- Browser sometimes freezes before it displays default page

- Get pop-ups out of nowhere that computer is infected and to click to get help. (Unfortunately, I dismissed these without getting screen shots and now itís not doing it while Iím preparing this post).

- On occasion, navigates away from the page you're viewing all by itself.

- Notice that the process, "s7443XlK.exe" is running and numerous Internet Explorer instances get started by themselves. Deleting this process in memory and on disk works for a while, but it somehow comes back. (I have a screen shot of the s7443XlK.exe process running)

- Windows Scheduled Tasks get loaded with scheduled entries like this: At1, At2, ... At24. I deleted these, but they come back after a while. They're trying to run a program in the c:\Windows\Fonts folder. (Screen shot available of this and of the properties of one of the scheduled items)

- Donít know if this is related, but XPís fast user switching isnít working now. What I mean is that if youíre logged in a one user and then you leave that user logged in and then try to log into a second user, the screen at first changes to a blank screen as if itís about to bring up the desktop of the other user, but then goes back to the user selection screen. This was working fine yesterday. I donít know if this is due to my having installed so many different anti-virus programs or due to shutting down some services that I know I donít need (at least right now) (listed below where I list things Iíve done).

- Another oddity is that Windows Task Manager shows the ďUsersĒ column, but the user name of every column is blank except for System Idle Process. By contrast, SysInternalsí Process Explorer does show the user names.

- Windows NVDM.exe process runs with high CPU usage and eventually errors out (see screen shot).

***********

- Operating system: Windows XP Professional, SP3
- Computer: HP Pavilion dv8327us notebook

***********

Things I've done/ settings:

- Browser pop-ups option is turned on.

- Reset browser to default settings

- I have disabled all browser add-ons that aren't identified as a company that I know.

- Windows Defender and McAfee are running with real-time protection

- Cleared out the Recycle Bin

- Ran HijackThis and saved a log. (Wonít post this unless itís requested).

- Turned off unneeded services like SQL Server 2005, World Wide Web Publishing, FTP Publishing, Message Queuing, Message Queuing Triggers, and Visual Studio 2005 Remote Debugger.

*************

I've run all of the following scans (with the exception that Windows Defender never finishes: when I come back to look at it, itís gone.):

- Verizon's Radial Point Antivirus (just got rid of this and switched to McAfee)

- McAfee (Scan came up with a few viruses, Trojans, etc, but didnít fix the problem Iím having now).

- Microsoft Malicious Removal Tool

- Windows Defender (never finishes its scan. Having it run real-time protection, but eventually gets killed off somehow)

- Malwarebytes (found several issues, but not the one thatís the subject of this post)

- SUPERAntiSpyWare (Found a few items, including some software are not malware (unless itís spoofing them), such as HPís CD quick launch and a component form InterSystemsí Cachť database product).

- AdAware (did not find anything)

- Ran a HijackThis log

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 AM

Posted 19 April 2010 - 03:36 PM

Best this now is to make a new topic.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Johnsboro

Johnsboro
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 21 April 2010 - 09:22 PM

I tried to run GMER, but it caused a blue screen a minute or so after you click the scan button. So for overnight, I ran another McAfee scan. In the morning, McAfee said it found 4 infections and it needed to reboot. So I re-booted and now my computer is hosed. It comes up, but most of the services don't work. No networking, can't copy and paste. Won't network even in network safe mode, even with a wire connection. McAfee and Defender won't run at all. I think at this point, the computer's going to need to be wiped clean and the operating system re-installed. Fortunately, the DOS command prompt still works and I can copy data files to an external drive. Is there any reason to post (in the other forum) what the DDS log found?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 AM

Posted 21 April 2010 - 09:45 PM

You can post that there is you want them to clean this and straighten out the PC without reformatting.
If reformatting is not a problem ,I recommend that.

Should you decide to reformat and you're not sure how to do that or need help, please review:
ēHow to partition and format a hard disk in Windows XPēPrepping for a Clean Install Windows XP.
These links include step-by-step instructions with screenshots:
ēXP Clean Install Interactive SetupēHow to reformat your computer in case of a severe malware infectionēReformat & Clean Install Windows XPVista users can refer to these instructions:
ēWindows Vista Clean InstallēHow to Do a Clean Install and Setup with a Full Version of VistaēHow to Do a Clean Install with a Upgrade Version of VistaDon't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq, Toshiba, Gateway or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. Also be sure to read Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

Reformatting a hard disk deletes all data. Should you decide to reformat or do a factory restore due to malware infection, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.

Also see How to use Ubuntu Live CD to Backup Files from your dead Windows Computer. Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you need additional assistance with reformatting or partitioning, you can start a new topic in the appropriate Windows Operating System Subforum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users