Computer Hope
Software => Computer viruses and spyware => Topic started by: fullbug on August 20, 2008, 08:31:12 AM
-
I'm on a WIndows XP Pro Desktop, SP3
Last week my girlfriend downloaded something, and it installed XP Antivirus 2008 on our system, what a nightmare, running Malwarebytes Anti-Malware it found about 50 trojans, or malware of some type, same thing with SuperAntiSpyware....
I ran both of these programs in safe mode, using the guide found here: http://www.computerhope.com/forum/index.php/topic,46313.0.html
Anyway, this program still seems to be around in some form or another, for example when I'm on google and do a search, and click on any result, it redirects me to some other website, usually some unknown search engine, or in some cases to a site that starts up another xp antivirus 2008 online scan, of course I kill that quick....
I have run Malwarebytes Anti-Malware and SAS again, and it finds nothing, not sure what I can do from here....
Also, this happens on any browser I use, but firefox is really bad, besides the search problem, I also get 'connection has timed out' or 'page cannot be displayed' 3 times out of 4....
And alot of my desktop icons have disappeared....
Suggestions, besides me wanting to throw my computer off my 6th floor balcony?
-
If you followed the guide to the letter, you should have posted the three logs.
When you post them, we will be able to help you.
-
Running the scans again, should be done soon....
One problem though, since my desktop was fresh installed a few months ago, up until now I havent needed HJT, so I try to install earlier and get the following error....
c:\documents and settings\administrator\desktop\hjtinstall.exe is not a valid win32 application
I get this when I download any programs now and try to run them, so have no idea how I can even post the log....
-
Try installing it again after the SAS and MBAM scans are complete and the computer has been freshly restarted.
If you can't get it to install let us know and we will use another tool.
-
restarted -didnt do any good....
Here are the logs
[recovering disk space -- attachment deleted by admin]
-
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
I cant even download that from my desktop, whenever I go to the link I just get 'page cannot be displayed', tried a number of different links.... >:(
I'm going to try emailing the program through my laptop to my desktop, not sure if that will work though.....
Its weird how some sites will work and some dont....
-
Try this then see if you can download. You may need to restart the computer for it to take effect.
Go to download the program HostsXpert (http://www.funkytoad.com/content/view/13/)- Unzip HostXpert to your Desktop
- Open up the HostXpert program.
- Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.
- Click Create Back Up
- Then click on Restore Microsoft's Host Files
- Close the HostXpert program
Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.
-
Ok, I emailed myself ComboFix, but when trying to install I get 'Some installation files are corrupt. Please download a fresh copy and retry the installation.'
I was able to download HostsXpert, but when unzipping with 7-zip I get the error 'cannot open file as archive.'
This is not looking very good is it? This problem is far worse then I realized....
Thanx for your help so far evilfantasy.....
Should I run 'chkdsk' or something? I'm reaching I know....
-
Download Deckard's Association File Tool (DAFT) (http://www.techsupportforum.com/sectools/Deckard/daft.exe) and save it to your desktop.
- Rename daft.exe to daft.com and double click on it to run.
- Read the disclaimer and click OK.
- Click on the Scan button.
- If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in the boxes in question.
- Click the Fix button.
.
See if you can install anything now.
You can try chkdsk, it can't hurt.
-
I could only email the file, but the worked, ran it and it found 2 entries, fix them, but still can install anything, tried all the programs and the same errors came up....
Next? ;D
-
Try chkdsk.
Do you have an XP CD?
-
Tried chkdsk, it didnt do anything....
Yes, I have an XP CD, I'm hoping a reinstall wont be necessary....Mostly because the stuff I need to back up, I'm worried if I hook up my laptop to my desktop it might get infected too....That and its a royal pain to reinstall everything already there.....
I gotta step out for an hour, but advice in the meantime would be great.... 8)
Thanx again for the help.... 8)
-
Place XP CD ROM drive the and follow the instructions below:
- Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
- Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
If you want to see what was replaced, right-click My Computer and click on Manage.
In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.
-
We followed what you said and this window comes up. We do not know what to choose
1. Install Windows XP
2. Learn more about the setup process
3. Install optional Windows components
4. Perform additional tasks
5. Check system compatibility
Thanks
-
Would this be a better guide to follow?
Although I forget how to set windows to start from the CD-Rom.....
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx
-
I didnt have the option of a repair, just fresh install, screw it, going with that and I hope everything is fine after that....
-
Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
That will start the file checking utility.
-
That doesnt work, all that happens is the windows cd starts running and after that the options I mentioned above....
And when I try to install I get this....
"Setup cannot continue because the version of windows on your computer is newer then the version on the cd.
To erase the newer version and install the old version restart the computer , boot from this cd and follow the instructions for a new installation.'
I did that but the same screen comes up over and over, I cant even seem to reinstall windows.....And the CD-rom is only a year old....
-
Go to Add or Remove Programs and uninstall SP3. The disk will only work with SP2.
-
Go to Add or Remove Programs and uninstall SP3. The disk will only work with SP2.
That worked, thanx....
I tried a repair install, but the same problems are still there, so trying a fresh install....
However, it says 'you choose to install windows xp on a partition that contains another operating system. this might cause the other to fuction improperly.
CAUTION - Installing multiple operating systems on a single partition is not recommended.'
So is it safe to install over the old one? All I want is a total clean start....
I guess I should delete the old partition? Just want to be sure I know what I'm doing....
-
There are more steps to it then just putting the disk in and installing.
That said I have only done it a few times. Please ask in the Windows forum here at Computer Hope so the techs that visit that forum can give you better details then I can.
-
OK, thanx for all you help Evil.... 8)
-
Hope you get it sorted out. Now and then one of these virus will render a PC un-useable.
-
Hope you get it sorted out. Now and then one of these virus will render a PC un-useable.
Well thats comforting.... ;D
No luck so far.....
-
I don't know the exact procedure by memory but you need to format (fdisk) and then install. You might get some good instructions from google. Try re-install xp or something similar.
This site has a lot of methods for installing and repairing. http://www.michaelstevenstech.com/format_XP.htm