Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting & XP firewall corrupted by "Anti-Spyware Soft"


  • Please log in to reply
4 replies to this topic

#1 bucklearbre

bucklearbre

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 06 June 2010 - 03:28 PM

Hi,

(This may be more of use as info, but i thought i should share my experience even if i can't get a fix)...

About a week ago, I got infected by the rogue hoax going by the name of AntiSpyware Soft, its exactly as described here......

http://www.2-spyware.com/remove-antispyware-soft.html

It had already hit my PC about a month ago, and I managed to disable it by taking out the auto-startup .EXE files (that would lock me out) using CCleaner / and editing the Startup progs. Then I ran Malwarebytes, Spybot, Adaware, AVG and cleaned the whole system -- all seemd ok.

This time, I did the same thing, disabled the onStartup .EXE progs ~~ but there were about 16 this time ~~ and after running same spyware apps as above and I deleted whatever it found - again many more Trojans / Rogues. The EXE files were installed into (for example:) \Documents and Settings\My User\Application Data\Local Settings\Temp\huifksh.exe... but I managed to get them all out.

I also reset the LAN Settings / Proxy bit that prevented me connecting thru my browsers.

This all seemed to work, and I was up and running again,,,, BUT THEN,,, the Microsoft Just-in-Time debugger window kept popping up, and i exited out of that like 6-times every time it appeared. Then Firefox would randomly start a new instance of itself, and load up several tabs that looked like phishing / hack sites, sometimes an Ask Jeeves site.

Also -- nearly every Google search result link i clicked on, sent me to some completely random search site, sometimes looking dodgy, quite often sent to "Ask Jeeves".

I then noticed that Windows XP Firewall had been disabled, and presumed that I was getting attacked from outside, which was why the FIrefox window kept popping up, or some script was trying to run, prompting the Just-in-Time debugger window.

At this point, I thought "Ok -- time for a reinstall", but as i'm a budding PC technician & software programmer, i really want to get to the bottom of this.

I cannot get Windows Firewall / ICS service to start again -- it gives an "Error:2 File is Missing" message, but doesn't tell me what file.

So I installed ZoneAlarm Free, and that has stopped the JiT-Debugger popping up, and the spurious Firefox window with random/dodgy looking search sites & phishy sites like "Work from home & earn $300/hour".

HOWEVER -- i cannot get around the redirect issue, nearly all links in Firefox get redirected to Ask Jeeves or some other random search site (v3.0.19 -- yes I know that's old but I regularly use RealPlayer Recorder Plug-in to record video content from myspace -- that doesn't work with Firefox 3.5)

Internet Explorer v6 -- old but i prefer it) has no problem with redirecting issue // Opera 9.24 gets redirected, but not as heavily as Firefox.

And I still can't get the Windows Firewall running.

I have rerun Malwarebytes Antimalware and nothing comes up // AVG only reports "runtime packed mew" on a couple of files, but these are classed as low-priority and (according to other web reports) misnomers/ not real threats.

This is a pretty comprehensive disabling ~ as I said I fix PC's & laptops for a part-time living, and have not seen anything this devastating for a long time. My usual response would be to reformat & reinstall windows, but curiousity and my sick/sado-masochistic side doesn't quite want to give up on looking for the culprit just yet.

Anyone got any helpful ideas ???
Thanks!!!!

Buckle

EDIT: Moved from XP to Am I Infected forum ~ Hamluis.

Edited by hamluis, 06 June 2010 - 05:40 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:32 PM

Posted 06 June 2010 - 03:39 PM

Well...files tend to become damaged in the process of being infected and neutralizing such malware attacks.

And...there is nothing which users normally employ...which finds everything.

I suggest that you either initiate a new thread in the Am I Infected forum...or have me move you there...or do a clean install of XP.

Broken bones heal...but they tend to often leave arthritis to those who suffer such...it's probably the same with computers/Windows.

Louis

#3 bucklearbre

bucklearbre
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 06 June 2010 - 05:23 PM

hi Louis,

Thanks for the reply. Indeed, i fear there are some crumbling bones in the OS, where once all was cutsie-clean and strong marrowed-bliss!

I would like to attempt to fix the re-directing issue, which seems to be the only ongoing problem now.

Can you move me into a new thread -- not sure how i'd do that, as this is me first topic.

Thanx,
Buckle

#4 bucklearbre

bucklearbre
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 07 June 2010 - 09:07 AM

For Info - - just had ZoneAlarm ask permission for a file called

"q5xok.com" which was living in "c:\windows\fonts"

a novel place to hide a nasty executable..... I denied it, killed the process and then deleted the file.


! Still having redirect issues, and the Just-in-Time debugger pop-up is back!

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:32 PM

Posted 08 June 2010 - 08:30 PM

Hello bucklearbre,

Please follow the instructions in ==>This Guide<== starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users