Jump to content

Hijack Infection blocks Malware / McAfee & others....


Recommended Posts

Somehow I've been infected with a nasty bug that won't let me identify it or remove it thus far. I first noticed an issue this morning when both IE and Firefox browsers starting getting hijacked to random websites. I ran Malwarebytes and the window just disappeared after the first 4 or 5 seconds of a scan. I went back to try and re-run it and the icon has changed to a generic blank windows icon and i get the following error message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

McAfee won't start a virus scan either. I was able to use their web-based scanner and it showed my windows files as clean. Spybot S&D has the same issue as Malware, it crashes after starting a scan and then i get the invalid path or file error on trying to re-open it. Windows Defender is dead also, with a "Application failed to initialize: 0x800105ba. A problem caused this program's service to stop...."

I tried a program called McAfee RootKit Detective and it will start to scan but then after a few minutes reboots the computer. Its the only thing so far today that does a reboot instead of an error.

The hard-drive itself checks out fine and other than annoying browser hijackings and the inability to to scan / remove the culprit, everything else seems to be running ok.

I tried to download and run a copy of HiJackThis, and it starts to scan and then disappers as well. It gives me the same 'cannot access' error on trying to go back to it. The only way to access Malware / Spybot / HighJackThis again is to remove and reinstall. After doing some reading, I tried to rename them with random words and that still didn't get around them being killed. The same issues happen in SafeMode or normal. Oh, I'm running Windows XP SP3. I also went back to a System Restore point from a few days ago before it started acting up and that didn't correct the problem either.

I'm about ready to format the drive and start over, but I really don't want to do that. Especially since I'd have to copy off my docs and then transfer them back and with how this thing is protecting itself I don't want to transfer it back to a clean install.

This has been an all-day fight so far, I'm willing to try just about anything at this point. Thanks!

Link to post
Share on other sites

Welcome to Malwarebytes! To get you fixed up, please follow these instructions:

follow these instructions & post it in the HiJackLog Forum please

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Link to post
Share on other sites

RammaR

If you feel as though its resolved, you don't necessarily need to do the following, but I highly recommend doing so:

I would recommend posting in the HJT forum anyway, with both your ComboFix and any MBAM and/or HijackThis logs you have so that an expert can look them over to make sure that there is nothing remaining in the background.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.