Computer Hope
Software => Computer viruses and spyware => Topic started by: xiahoudas on May 06, 2008, 07:18:11 PM
-
My computer is being hit with some REALLY annoying popups and my desktop background was changed to some ad for spyware removal. I tried to follow the instructions in the before you get started thread and I found that some of the apps listed are being blocked by the administrator, which is me but I didn't block them. Task manager is also disabled.
So here's what I've done so far:
1. Nothing suspicious in add/remove programs
2. CCleaner did it's thing
3. Blocked from installing SAS
4. Was able to install and run Malwarebyte's (Log at end of post)
5. Found I have java 6.4 but blocked from updating
6. was able to run Hijackthis
Could someone please tell me what I need to do to at least get this mess fixed? Thanks
[recovering space - attachment deleted by admin]
-
Welcome to CH.
Download SDFix.exe (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
- Finally add the contents of the Report.txt in your next post along with a fresh Hijackthis log.
-
ok
[recovering space - attachment deleted by admin]
-
Looks good so far. Still some work to do.
Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)- Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
- Link #2 (http://subs.geekstogo.com/ComboFix.exe)
- Link #3 (http://www.forospyware.com/sUBs/ComboFix.exe)
Important! Combofix.exe MUST be saved to and ran from the Desktop.- Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
- Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
- Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
- Double click combofix.exe & follow the prompts.
- Choose Yes to accept the Disclaimers.[
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall- If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
.
If needed, see this Combofix tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) with screenshots that will detail the downloading and running of combofix more thoroughly. Still be sure to rename combofix as detailed above.
Next post please add:
Combofix log