Posted 25 July 2010 - 02:03 PM
Malware has hijacked my internet connection.
My desktop is a Velocity Micro Pentium 4 3.0 ghz, with 1.49 gb RAM. 46% of the 120 gb hard drive is free. The OS is MS Windows XP Pro v.5.1.2600, Service Pack 3, Build 2600.
Recently my wife began complaining about an apparent redirection when attempting to access one of her favorite sites. My daughter was still able to access the same site with no problem, so I assumed her Firefox profile had been corrupted. Since everyone but my wife has migrated to laptops, I was in no rush. However, a couple of days ago, she complained that her favorite web site was coming up “Server Not Found”. After checking on my laptop that the site was available, I decided it was time to do something.
I began by saving her Firefox profile and bookmarks in preparation for creating a new profile for her. However, when I logged onto my user account on the desktop and was unable to reach the site (also getting “Server Not Found”), I decided something more insidious was going on. At that point, I knew bad things were going on, but it seemed to be limited to this one site, as every other site I went to was accessible.
The desktop firewall/antivirus was expiring, so I renewed it and upgraded to Norton 360. That download and installation seemed to go okay. Figuring I'd need more help, I decided to download and install Malwarebytes. However, typing the URL of Malwarebytes.org produced “No Server Found.” I wound up downloading it to a USB stick attached to my laptop, and copying it to the desktop. It seemed to install okay.
When I ran Norton 360 it found 9 problems, 7 tracking cookies and 2 viruses. It took care of them. I immediately ran Malwarebytes which found 19 problems, in the registry, folders and files. Some of what it found were Rogue.AntivirusSuite, Rogue.Virus.Rescue, Trojan.Zlob, Hijack.DisplayProperties, Hijack.WindowsUpdates and Trojan.DNSChanger, among others. I had the program “fix” the problems and got a window that everything had been cared for and I needed to reboot. Which I did.
When I restarted the computer, I found that I had no web access. Firefox, Chrome and IE all were unable to connect. Firefox reported “Server Not Found”. Chrome reported that “The following page(s) have become unresponsive. You can wait for them or kill them.” Selecting “kill” did nothing. The IE tab showed “Connecting.....”, but it never did. Instead of automatically connecting through my wired network (a Linksys router and cable modem), a “Dial-up Connection” dialog box popped up with Chrome and IE7.
On my laptop I did a Google search for “malware preventing internect access” and found a link to this bleepingcomputer forum. I read several of the posts and replies which other people had documented. I decided to try the fix suggested on 6/2/10 by Blade Zephon: I downloaded TFC and SuperAntiSpyware to a USB stick and copied them to the desktop. I ran TFC, no problem. After reboot, I attempted to run SuperAntiSpyware in Safe Mode and found that double clicking the icon caused a process to run, but no program window ever appeared. I found a SuperAntiSpyware process running using 768-788 kb, but no interface or program window ever appeared.
Instead of further “backyard mechanic” attempts (replacing parts until I stumble upon the faulty one) to fix this thing, I'm asking for guidance on how to rid my computer of this malware. Any suggestions, anyone?