Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surf Sidekick/infinite Looping Norton/who Knows What Else Crippling Computer


  • Please log in to reply
4 replies to this topic

#1 Alex Powers

Alex Powers

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 14 June 2006 - 01:59 PM

Hello all,

Before you ask, I have not followed all the suggested instructions for posting a HijackThis log, but that is because this adware/spyware/virus/whatever is preventing me from even using the computer, for the most part, so I can't run anything at the moment. Here's what's going on:

A few days ago a coworker complained of pop-ups on her computer. 3-4 IE windows would open every few minutes with ads. I immediately installed Ad-aware, Spybot, and Firefox, told her to stop using IE, and ran Ad-aware, deleting what it found. Problem not solved.

Ran Spybot, removed what it found, also got the "could not remove all, some still in use" message. Told Spybot to run on next startup, which it did after a hard reset. One of the things it still could not remove after the second scan was Surf Sidekick 3, which I googled and ended up here. Strangely enough, about this time I also lost ability to use Task Manager, getting a "Task Manager has been disabled by your administrator" message when I try to bring it up. I saw a Windows Update message on bottom right and naively thought "I'm sure SP2 can solve this," and tried to install it. That's where everything really went downhill.

During the install of SP2, Norton froze everything, opening dozens of warning windows (I counted 83). I had to do a hard reset.

After the reset, a lovely little program called BraveSentry popped up, and I gave it the okay to scan. Suspicious of a misspelling I noticed, though, I checked it out and sure enough found it was rogue. I ended that but Norton kept popping up with dozens (maybe hundreds) of warning windows. Somewhere in there I also saw a "Norton has expired" window. Isn't that helpful.

So, every time I hard reset, I cannot get past the seemingly endless Norton windows that are clogging the computer. This makes it impossible to run any antivirus or HijackThis, and I'm not even sure that Norton is usable anymore. Where should I start? Can it be saved?

Thanks in advance,

Alex

BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:12:20 PM

Posted 14 June 2006 - 02:39 PM

Welcome to BC! :thumbsup:

You have your hands full there!

My instinct says you can save this computer without reinstalling Windows, or at least it is too early in the process to decide really. But that being said, let me ask you: Do you have your Windows disk just in case?

I'm sure SP2 can solve this

Installing SP2 on an infected machine is not going to solve anything, it is not going to install properly, as you have found out.

You need to get help from the experts here in the HiJackThis forum, but it sounds like in order to get to that point we have some work to do.

FIRST
Temporarily disconnect this machine from the internet.

NEXT
Go to Start > Control Panel > Add/Remove Programs and uninstall BraveSentry. Like you mentioned, this is considered a Rogue program on the list of Rogue programs found HERE.

I would also probably uninstall Norton, as apparently it has become corrupted. You can reinstall Norton after cleaning up the machine.

Also, study each entry in the Add/Remove Programs panel and remove any others that don't belong.

NEXT
Boot into safe mode by hitting the F8 key repeatedly at bootup, and choose Safe Mode from the booting options list you will be presented with.

Run your Ad-Aware and Spybot in Safe Mode, rebooting into safe mode inbetween. In fact, it may not be a bad idea to run them several times this way.

NEXT
Follow the instructions in the BC tutorial on how to remove Surf Side Kick 3 found HERE.

NEXT
Follow the instructions for posting a HiJackThis log found below:

FIRST
Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

NEXT
Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

FINALLY
If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.

You are in good hands! Good luck!

Edited by Albert Frankenstein, 14 June 2006 - 02:43 PM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 Alex Powers

Alex Powers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 15 June 2006 - 08:28 AM

Update:

Thanks for the help Albert Frankenstein. I stayed late at the office running scans until 10 p.m., but a combination of Ad-Aware, Spybot, and Ewido in safe mode plus the linked instructions managed to remove Surf Sidekick (I think.) I'm not sure if BraveSentry has been removed or is just disabled by Ewido but the "Your computer is in Danger!" messages have stopped at least.

I haven't been able to run HijackThis yet nor any antivirus but will get to it soon. The computer is still crawling along so I'm sure there's work yet to do. Hopefully the HJT folks can help me a bit :thumbsup:

Thanks again, I'll keep you posted.

Alex

#4 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:12:20 PM

Posted 15 June 2006 - 10:22 AM

Good job Alex! You are making progress. And as long as you are making progress you have a chance at cleaning the computer.

When you get to the point of posting a HiJackThis log, give a little description of the problems you have been having AND A LINK TO THIS THREAD. That will aid the helper to know what is going on and what you have done so far. The URL to this thead is:

http://www.bleepingcomputer.com/forums/t/55489/surf-sidekickinfinite-looping-nortonwho-knows-what-else-crippling-computer/


Edited by Albert Frankenstein, 15 June 2006 - 10:24 AM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#5 Alex Powers

Alex Powers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 16 June 2006 - 03:27 PM

In case you want to follow:

HJT Thread for my wonky computer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users