Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware, cleaned some of it, need help removing the rest of it.


  • Please log in to reply
No replies to this topic

#1 thejestre

thejestre

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 13 August 2010 - 02:06 PM

So I was browsing around and went to the Encyclopedia Dramatica entry for 'Chan' and the Sun Java splash screen popped up... Knew I was screwed because I had disabled Java [to the best of my ability] in Firefox. I tried yanking the ethernet cord and shut the computer down as quickly as possible but it was too late. On reboot I had one of those fake virus scanners that want you to pay to 'activate' them so they will clean all the 'infections' they detect.

I tried to open Malwarebytes' anti-malware but got the message that it was infected [nice touch there]. SO I used a non-infected computer to make an UBCD image. All I found with it was Cool Web Search and restored some system settings with SpyBot.

Then I booted into safe mode and started AutoRuns. I saw a file that was set to run on login named ygycxkyshdw.exe and I was unable to uncheck it from running at login, so I renamed the file ygycxkyshdw.ex_ . I was then able to boot without the faux scanner running. I updated AVG and Malwarebytes [they were maybe a week overdue] and scanned. Found and cleaned 5 things total but I don't think I'm in the clear yet. Proxy settings were changed on all my web browsers [IE, Opera, FF] so I set them back to normal.

I am currently unable to update SuperAntiSpyware and get the error: "There was an error trying to retrive definitions. Make sure your firewall is not blocking SUPERANTISPYWARE.EXE from accessing the Internet." Also I am not able to install the FF addon here: http://www.fileresearchcenter.com/whatsrunninginstallff.html

I get this error when the install fails: "Firefox could not install the file at

http://www.superadblocker.com/activex/sabffx.xpi

because: Install script not found
-204"

Can anyone here help me fix my computer the rest of the way ;)?

I am on an XP HOME SP3 computer using Windows firewall.
Thanks in advance,

_theJestre

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users