Jump to content

Recommended Posts

Hey all,

As of yesterday, I noticed that my Google.com search results were getting redirected to new pages without modifying the address in the address bar. Some of the titles of the sites appeared to be "SpywareSecurityProtection.com," "validClick," "4dayaweek.com," and "ForLess.com." If I directly type an address into the address bar, then this rerouting does not occur.

Logically, I started pulling up the anti-spyware/malware programs and HijackThis. HijackThis did not open and posted an error message saying, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I was running the 2.0.2 version of HijackThis so that I downloaded the newer version and I got the same response.

I have Spybot - Search & Destroy and tried running that next. It opened, I was able to update it, and the scan showed "Microsoft.Windows.RedirectedHosts." I fixed this file and rebooted, but I was still having the same issues.

I next tried running the On Demand Scan from McAfee and that will not even open and the On Access Scan is permanently disabled despite me trying to enable it.

I opened my copy of Malwarebytes and I am able to update it, but the scanner disappears and will not reopen after about 15 seconds. When I try opening the program again, I see "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Despite this, Malwarebytes appears to be running in the background and shows up in my Taskbar.

Ad-Aware is having similar issues. The message I get when trying to open that program is "System error: 1810 has occurred. Description: Service is not online. Application terminates."

I downloaded Windows Defender and that application will not open. The error message I get is "Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually." Obviously, restarting did not help this problem.

The next program I downloaded and tried was SUPER Anti-Spyware. The error message I get for this one is "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I tried running this programs in Safe Mode to no avail.

I was looking at some similar problems on the threads here and I came across exehelper in hopes of getting the anti-spyware/malware programs to run. I ran the program and rebooted, but that did not seem to help. Here is my log:

exeHelper by Raktor

Build 20100414

Run at 15:34:41 on 08/31/11

Now searching...

Checking for numerical processes...

Killed numerical process 2021518833:236094087

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

As you can see, the 2021518833:236094087 process (uses a constant 480 K of memory) bothers me in my Task Manager, but I cannot get the program to stop running, nor am I able to find/delete it manually.

I am currently running the Virus Detection online from Symantec and I will report if it finds anything new.

In summary, Google.com searches reroute to other websites without changing the address in the address bar; Malwarebytes, HijackThis, SAS, Ad-Aware, McAfee, and Windows Defender all will not open or will not allow me to do a system scan; and Spybot - Search & Destroy runs the scanner but does not detect anything that fixes the problem.

Can anyone help me with what I should do next?

Thanks!

Best,

Maelski

Link to post
Share on other sites

Hello, and Welcome to Malwarebytes

Sorry to hear your infected.... you can try and follow the steps located in THIS FAQ to see if you can remove the infection yourself, or if you prefer to have an expert help you one on one, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the
Malware Removal forum
so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    , skipping any steps you are unable to complete. Then post a
    .

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE:
Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
or
.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.