Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is under attack and my anti-virus isn't working


  • This topic is locked This topic is locked
49 replies to this topic

#1 drmario23

drmario23

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 27 June 2010 - 09:15 PM

I don't even know what happened. I was googling info on the game Battleship and all of a sudden my computer was under attack. It won't let me run Malwarebytes, Super Anti Spyware, or ComboFix. I have no idea what to do. Please help me ASAP. Thanks.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 30 June 2010 - 11:03 PM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 drmario23

drmario23
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 July 2010 - 03:49 PM

I actually got malwarebytes to run. I'm still having problems though. I'll try running that thing you suggested. Here is my most recent malwarebytes log in the mean time.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4264

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/1/2010 4:41:06 PM
mbam-log-2010-07-01 (16-41-06).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 286783
Time elapsed: 2 hour(s), 40 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by drmario23, 01 July 2010 - 03:50 PM.


#4 drmario23

drmario23
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 July 2010 - 07:04 PM

I ran TDSSKiller. It didn't give me a log. Was I supposed to get one? Here's a Super Anti Spyware log, if that helps.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/26/2009 at 05:27 AM

Application Version : 4.29.1004

Core Rules Database Version : 4410
Trace Rules Database Version: 2243

Scan type : Complete Scan
Total Scan Time : 01:46:21

Memory items scanned : 732
Memory threats detected : 0
Registry items scanned : 7695
Registry threats detected : 0
File items scanned : 30408
File threats detected : 5

Adware.Tracking Cookie
C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Cookies\joseph@content.yieldmanager[2].txt
C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Cookies\joseph@atdmt[1].txt
C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Cookies\joseph@content.yieldmanager[3].txt
C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Cookies\joseph@doubleclick[1].txt
C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Cookies\joseph@ad.yieldmanager[1].txt

Edited by drmario23, 01 July 2010 - 07:04 PM.


#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 01 July 2010 - 07:08 PM

Did TDSSKiller say it deleted anything?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 drmario23

drmario23
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 July 2010 - 07:12 PM

I took a screen shot of what TDSSKiller said.

Posted Image

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 01 July 2010 - 07:13 PM

That looks good.

How's your computer running now?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 drmario23

drmario23
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 July 2010 - 07:28 PM

I'm still having problems. I still have a search redirecter and I keep getting this pop up telling me that "The host has stopped working" or something...

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 01 July 2010 - 07:29 PM

Please download HostsXpert 4.3
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make ReadOnly?".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 drmario23

drmario23
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 July 2010 - 08:02 PM

This is what happened after I clicked okay at the confirm box.

Posted Image

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 01 July 2010 - 08:05 PM

What browser do you use?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 drmario23

drmario23
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 July 2010 - 08:11 PM

Firefox

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 01 July 2010 - 08:12 PM

Try this:

http://forums.majorgeeks.com/showthread.php?t=182559
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 drmario23

drmario23
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 July 2010 - 08:20 PM

Here's the GooredFix log.

GooredFix by jpshortstuff (08.01.10.1)
Log created at 21:18 on 01/07/2010 (Joseph)
Firefox version 3.0.18 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
browserhighlighter@ebay.com [13:33 26/04/2009]
talkback@mozilla.org [00:49 16/10/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:41 09/03/2009]

C:\Users\Joseph\Application Data\Mozilla\Firefox\Profiles\g4dnas4x.default\extensions\
staged-xpis [04:51 15/07/2009]
toolbar@ask.com [14:59 10/10/2009]
twitzerTiny@shorttext.com [04:51 15/07/2009]
{71d2cf9e-34e4-4401-8841-f4fc3f3edc32} [19:32 20/05/2010]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [20:09 18/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:14 08/08/2009]

---------- Old Logs ----------
GooredFix[01.17.19_02-07-2010].txt
GooredFix[22.07.50_29-06-2010].txt

-=E.O.F=-

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 01 July 2010 - 08:21 PM

Did that fix the search re-direction problem?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users