Jump to content

I have something hijacking my browser


Recommended Posts

Hi everyone

This is my first post here and I hope someone can help me with this problem

Yesterday I picked up some virus purely from going to a webpage to look up some php syntax!

AVG reported a problem with a couple of DLLs AGM.dll and AcroDistDLL.dll which it cured and for some reason windows said my C: partition was almost full - I deleted some unneeded files to get a few Gb back

I then ran a full scan with AVG and it reported hundreds of infections with win32 zbot.g

I told it to fix these and rebooted - I then got a couple of errors on boot complaining about the missing dlls AGM.dll and AcroDistDLL.dll

I clicked OK on these alerts and the nthe PC decided to reinstall MSN for some reason (I don't ever use MSN on that PC I only use it on this one)

I ran a scan with MBAM which I had previously installed some months ago - this only found one infection (exploit.drop.2)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7892

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

07/10/2011 10:54:24

mbam-log-2011-10-07 (10-54-24).txt

Scan type: Quick scan

Objects scanned: 220188

Time elapsed: 32 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\nobody\local settings\Temp\0.3821660506052704.exe (Exploit.Drop.2) -> Quarantined and deleted successfully

I thought my PC was clean so I then looked up the two dlls (AGM and AcroDistDLL) and saw they were part of Acrobat Reader

I removed Acrobat Reader (it was V7.xx) and then found my system kept on trying to install Acrobat Reader 8.xx everytime I right clicked on some file to delete it!

I kept hitting cancel

I then tried to go to Acrobat site and could not. Likewise I can not get to Malware bytes site form that PC using Firefox (my default browser) or IE - which I rarely use, only to test pages I write for my own site for browser compatitiblity

I have found quite a few sites including this one that I either can not visit (page not found) or get redirected to for example www.channelpro.co.uk/advice/software/6007/antivirus-software-help-and-reviews

Other sites work fine as far as I can tell

So I had to use my other PC (on the same LAN) to register here and also to visit Adobe site to download Adobe Reader X

I then mysteriously found an acrobat X installer on the root of C: on the infected PC which I deleted. The PC kept trying to install Acrobat 8 - which I cancelled

I installed the acrobat reader downloaded with this clean PC and copied to the infected one and got a message from AVG complaining about win32 zbot again!

The install of Adobe Reader X did complete, and restarted the PC which still complains about the two missing DLLs

I ran another scan on the infected PC with MBAM and it reported no malicious items

I tried AVG which found two instances of zbot.g then for some reason tried to run Office 2000 installer

My browsers are still hijacked - how do I sort all this out?

Richard

Link to post
Share on other sites

No problem m8

My PC is infected with zbot.g which I also believe is known as Ramnit Virus

I did manage to remove it (I think) using rmzbot.exe from AVG which reboots the PC then runs on a blue screen (like the one you see when windows detects a dodgy hard drive on boot)

This took about 20 hours and my PC now reports clean when booted into windows - however my browser (Firefox) will still not allow me to visit sites such as this one and many other anti-malware sites - either giving page not found or redirecting me

I also lost around 20 exe files it seems as a lot of my apps on the desktop no longer point to an exe file and I cant see the exe file in the program folders either :(

I seem to have something of a mess on my hands here I am using one of my other PC to post here - not sure where to go next with this. Not even sure if I am rid of the hateful zbot thing or not seeing as my browser is still hijacked though my PC does report clean now

Oh one other thing - this virus somehow prevents me from booting the PC into safe mode, it just reboots / POSTs over and over though it boots in normal mode OK - any ideas about that?

Help would be appreciated

Rich

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.