Jump to content

Recommended Posts

I was able to load malwarebytes from a thumb drive and changing the name of the file to tool.exe. The program loaded on my pc and created a shortcut on my desktop. I was also able to select the final prompt (update request) before the program completed installing. After that, I selected the malwarebytes shortcut on my desktop and nothing happens. Actually, I get the hour glass on my mouse pointer for a couple of seconds and then it returns back to the arrow pointer. I also tried to run the program from the start menu/run. Nothing happens. It seems like the malware is somehow preventing the program from running. My virus/malware is a google redirect affecting my firefox browser. I'm able to use my browser in msn without problems. If I use firefox and google it gives me my searches. However, when I click on a search results it takes me to suspicious and advertising sites and other search sites. I currently have bitdefender internet security 2008, which I keep up to date. The malware is not detected even with a full system scan using bitdefender.

Thanks in advance for your help

Link to post
Share on other sites

Hi tmack And Welcome to Malwarebytes!

Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

* HijackThis Uninstall List

* HijackThis log (new)

Link to post
Share on other sites

Kenny,

I have two separate computers one which is not affected by the virus. I download the hijackinstall on a thumbnail drive and copied it to the desktop of the infected computer. I attempted to start the application, but again nothing happens. I get the hour glass for a few seconds, but nothing happens. What's my next step?

Link to post
Share on other sites

Kenny,

I have two separate computers one which is not affected by the virus. I download the hijackinstall on a thumbnail drive and copied it to the desktop of the infected computer. I attempted to start the application, but again nothing happens. I get the hour glass for a few seconds, but nothing happens. What's my next step?

This is a bad sign. And I hope you do not have the Win32.Virut virus. If you seen this on any virus scans previously, let me know? Lets try Kaspersky Rescue Disk.

We can try and clean it up with Kaspersky Rescue Disk, but access to another computer is required.

On a clean computer, download ISO Recorder can do this too.

Here is a great tutorial on burning an ISO image here.

Setting your BIOS to boot from a CD may be required, go here for instructions.

Once Kaspersky Rescue Disk is burned successfully, reboot your computer, press any key to boot from cd and the following will appear.

dosbootscreen.png

Hit Enter to start booting from Kaspersky Rescue Disk.

Please pick your appropriate language and hit Enter

Kaspersky AntiVirus 2009 will appear, do not start a scan yet!!!!

kav2009.png

  • Click the Update tab, then on the Update now button.

  • When the update is complete, click on the Settings button.

  • Under Scan, set Security level to High and On Detection to Disinfection.

  • Under Threats and exclusions, click the Setttings, tab, and ensure everything is checked.

  • Click Apply then OK to return to the program.

  • Click the Scan tab.

  1. The scan can take a long time, so please be patient and allow it to run to completion.

  • When the scan has completed, click the Reports button.

  • Save the report to your C: drive as KAV2008.txt.

  • Now reboot your computer and remove the CD and log into Windows.

  • Navigate to your C:\ drive, and post the KAV2009.txt as an attachment in your next reply.

  • Any questions please post and i will reply as soon as possible. Thanks

Link to post
Share on other sites

ran into a problem. I was able to create the iso cd and change my boot priority. I attempted to restart the pc, but it took an unusually long time to shut down. Because of this, I did a hard reboot (unplug/replug). Restarted the pc with the cd in place. The black and white Kaspersky screen came up. Before I had time to do anything it began scanning. After it finished, it asked me for my language. I chose English. It then changed screens and gave me a warning saying my pc had not shut down properly and if I continued it could be harmful to my computer. So I canceled the process and attempted to let the pc start without the rescue cd so I could attempt a proper shutdown.

Now when I boot up the pc it brings up the windows xp logo, but then goes to a light blue screen with white fonts while it looks likes it is attempting to cycle to the logon screen. It charts its progress with a series of dots (ie. .......................................). After about 3-4 rows of dots it then brings me to the welcome screen. The problem is the only thing on the screen is the word "welcome". I'm unable to select anything or advance past this screen. Your thoughts?

Link to post
Share on other sites

Can you boot into safe mode?

I was able to boot in safe mode and exit properly. I restarted and booted from the kasp recovery disk. During the Kasp install I forgot I had unplugged my lan connection for safety reasons. I plugged it back in right before Kasp had finished its install. Kasp says database is obsolete. However when I click on "Start Update" I get a Kap's popup saying the database is obsolete with a link which says "update files now". However, when I select the update link in this popup it cycles for a split second and reappears, but nothing happens to update. My guess it that Kasp wasn't able to connect to the internet in the install process. What should I do? The current database release date is 5/14.

Thanks!

Link to post
Share on other sites

I never had this problem with Kaspersky Rescue Disk. Can you run Malwarebytes in safe mode and post the results?

I ran KASP again this time with my LAN plugged in before it installed. The program installed and this time I was able to update the database. I did as you requested changing the scan to high. The disinfection was checked already and grayed out as not an option to change. I ran the scan it took about 5-7 seconds before it was completed. It came back with a scan completed with the date and time. I clicked the report tab and saved to my c-drive. Kasp was reporting no infections on the status bar. I logged out of Kasp and restarted my pc. I looked for the report and was unable to find it.

I attempted to launch malwarebytes and highjack again from the desktop icons, but they would not launch. I also opened up firefox and tried a google search. Again, search results look correct, but when I click on a result I'm taken to alternative search and ads sites.

Is this malware only target is to redirect my google searches? Although bitdefender is not detecting it, will it prevent the virus from transmitting personal info (passwords, bank login, ect)? Currently, my bitdfender status is saying protected.

Greg, thanks for working with me as we attempt to resolve this issue.

Link to post
Share on other sites

Is this malware only target is to redirect my google searches? Although bitdefender is not detecting it, will it prevent the virus from transmitting personal info (passwords, bank login, ect)? Currently, my bitdfender status is saying protected.

I would not trust this PC for banking for now.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Link to post
Share on other sites

I never had this problem with Kaspersky Rescue Disk. Can you run Malwarebytes in safe mode and post the results?

I'm unable to run Kasp or Hijack in safe mode. This virus is driving me nuts! Why would someone take the time to write such malicious code to wreck havoc with someone's pc who they will never meet in their life...sorry, had to rant for a second.

Link to post
Share on other sites

We tried to rename tools and safe mode. And thumbnail drives, Kaspersky Rescue Disk. Nothing is working. Lets try the below Please.

try downloading and burning the following from another computer.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.
  • Download the
    Avira AntiVir Rescue System
    from
  • Place a blank CD in your burner and double-click on the downloaded file named
    rescue_system-common-en.exe

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files
    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner
    [*]
    Click on
    Start scanner
    at the bottom of the screen
    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings
The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Possible solutions to Screen Resolution and other issues
  1. Please see the post
    if you're unable to view the entire screen of Avira.
  2. You can also review this one

  3. Currently only the German keyboard is supported.
    http://forum.avira.com/wbb/index.php?page=Thread&postID=737024#post737024' rel="external nofollow">
    English keyboards require work arounds.

  4. Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning.

Link to post
Share on other sites

Greg,

For some reason I'm unable to copy the program to a cd. I went to 3 blank cds and the program was unable to write. I tried once with the ccburncd software provided in one of your links as well. I was able to burn the Kasp iso yesterday, but i'm not having any luch with this program. I'm doing this from a second non-affected pc. I used the last 3 of my blank hp cds. Both programs will start the initial burn and quit. If i try and reinsert the cd it says it not good.

Link to post
Share on other sites

Greg,

For some reason I'm unable to copy the program to a cd. I went to 3 blank cds and the program was unable to write. I tried once with the ccburncd software provided in one of your links as well. I was able to burn the Kasp iso yesterday, but i'm not having any luch with this program. I'm doing this from a second non-affected pc. I used the last 3 of my blank hp cds. Both programs will start the initial burn and quit. If i try and reinsert the cd it says it not good.

I feel you need re-install Windows. See the Guide to Reinstall of Windows as that is your best option at this point. tmack.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.