Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Infected, Have Run Scans But It's Not Helping...


  • Please log in to reply
11 replies to this topic

#1 ees86

ees86

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Canada Eh!
  • Local time:03:52 PM

Posted 08 May 2006 - 02:51 PM

A few days ago my laptop all of a sudden started to be very slow and there was a warning that looked like a red circle with aline through it that would change to a green wheelchair symbol next to where the clock is on my desktop. It would pop up a warning saying "Your computer is infected" and it also directed me to a site for an spyware removal program. Also, when ever I start my computer and log into Windows XP a window pops up from Windows installer saying "getting reading to install" but it doesn't say what it is trying to install, and it will do this every so often even after I close it. And finally, even when I am not online there will be pop-ups for casino and adult websites. I ran Norton 2006, Ewido, and Ad-aware (all with the updated definitions) and they all came up with a few issues and was able to delete them but this didn't help my problem.

I also found another post by someone who had the same problem on this site and I followed the instructions from this post <http://www.bleepingcomputer.com/forums/topic47826.html> and it did not help either. The roguescanfix was able to force some spyware out but that was it.

Please help :thumbsup:

BC AdBot (Login to Remove)

 


#2 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:03:52 PM

Posted 08 May 2006 - 02:55 PM

What is this website/ad it directs you to? I'm out of time but I'll be back to help you later and I'm sure some other helpers will arrive. Please answer my question so we can further help you.
Stanford '14
B.S. Candidate | Computer Science

#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:52 PM

Posted 08 May 2006 - 03:38 PM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:52 PM

Posted 08 May 2006 - 05:35 PM

Before posting a log, there is one more thing we can try.

Go here and follow the instructions for using SmitfraudFix.
After using the tool reboot again in "SAFE MODE" and

Clean out your Temporary Internet files as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Then perform a scan with Ewido and reboot back to normal mode.

If that does not resolve the problem, then follow tg1911's instructions for posting a log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ees86

ees86
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Canada Eh!
  • Local time:03:52 PM

Posted 08 May 2006 - 05:37 PM

I installed hijackthis and did a scan, but when I saved the log to my desktop and opened it it was blank.

#6 ees86

ees86
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Canada Eh!
  • Local time:03:52 PM

Posted 08 May 2006 - 05:39 PM

Thank you quietman7, I did that and the infection warning is gone, but the other problems are still there.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:52 PM

Posted 08 May 2006 - 05:44 PM

OK now lets see if we can get a log. Did you follow these instructions?

1. Run HijackThis by double-clicking the hijackthis.exe inside its own permanent folder (C:\HJT); not from the desktop or a temp folder.
2. Choose "Do a system scan and save a logfile" and HijackThis will analyze your system.
3. When the scan is finished, a text file name hijackthis.log will open. Save the log to your HJT folder or to the desktop so you can easily find it.
4. Use Ctrl-A to "Select All", Ctrl-C to copy it, and Ctrl-V to paste the log into your post in the HijackThis forum.
5. Post the log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information.

Edited by quietman7, 08 May 2006 - 05:57 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 ees86

ees86
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Canada Eh!
  • Local time:03:52 PM

Posted 08 May 2006 - 05:59 PM

Thanks, I don't know why it was not working before. It just would not save properly b/c it was coming up blank. But I tried running hijackthis in safe mode and saving it and it works :thumbsup:

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:52 PM

Posted 08 May 2006 - 06:04 PM

OK. Now post your log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

Follow the instructions for creating a new topic and make sure you mention that the log was created in safe mode and why.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 ees86

ees86
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Canada Eh!
  • Local time:03:52 PM

Posted 08 May 2006 - 06:11 PM

here is the top of hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:50:45 PM, on 5/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

First the speed of my computer was slow and these there was a Spyware warning that poped up saying "your computer is infected" and it directed me to a website for a spyware removal program (I can't remember which one), then there were pop ups when I wasn't even online for online casino and adult websites, and the Windows Intaller keeps popping up trying to intall something, it won't say what. I have done several scans to try and figure this out on my own, for everything I always updated the definitions first. I have run Norton 2006, Ewido, Ad-aware and AVG. I also downloded and ran smitRem.exe , Roguescanfix, and smitfraudfix.cmd - these were able to get rid of the infection warnings and as far as I can see, the pop-ups but the performance of my computer is very slow and the Windows Intaller keeps popping up. And now Norton keeps alerting me to a virus, it says that it is deleting it, but then it pops up again saying that the same virus was found and deleted again.

#11 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:03:52 PM

Posted 08 May 2006 - 07:11 PM

As I said before, the name of the anti-malware program it is advertising could be the key to the problem. If the advertisment is Winfixer we need to know that NOW so that we can give you the proper and comprehensive Winfixer treatment and then continue with general malware removal.
Stanford '14
B.S. Candidate | Computer Science

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:52 PM

Posted 08 May 2006 - 07:41 PM

ees86

I'm not sure why you posted the top of the hijackthis log here along with your narrative. I just checked the HJT forum and do not see a new topic for you. You may have misunderstood me so lets try this again.

You need to click on this link: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Then click new topic.
Give your topic a relevant name.
Start with a narrative of what steps you have done, what problems your still having.
Mention that your log was created in safe mode and why.
Then post the complete log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users