|
|
Post by jingles7491 on Apr 4, 2010 18:05:02 GMT
Hello my lap top is on one it is throwing up pages i havent asked for and when i type a suggestion in to google it throws up diffrent serch engin pages and web sights , I have also found my email has been sending emails to all my contacts (from me )NOT trying to get them to go to web sights and it is running very slow please help  |
|
|
|
Post by nike on Apr 4, 2010 22:00:48 GMT
Download and install the free version of SUPERAntispyware from www.superantispyware.com , update it first before you run it. If it won't update, you have a problem.
Also download and install the free version of MalwareBytes from www.malwarebytes.org/mbam.php ... Update and run it as well.
If you find that you have trouble updating either of these, try doing it in safe mode. If that doesn't work, the only remedy is a total reformat after backing up and saving your documents.
You didn't mention what Anti-Virus program you are running. If it's disabled, then a re-format may well be needed. If your laptop has a recovery partition, you can do that from there.
A little more info on the brand and model of laptop and the A/V program may help us to help you better.
|
|
|
|
Post by ken on Apr 5, 2010 2:39:29 GMT
If you have to use Safe Mode, remember to select Safe Mode with Networking or they still wont update.
These 2 apps normally clean the Restore Files, but if it does come back turn the System Restore off and try cleaning again in Safe Mode. Dont forget to turn the Restore back on afterwards when your sure its clean.
|
|
|
|
Post by nike on Apr 5, 2010 5:10:15 GMT
If it's the trojan I think it is, nothing short of a re-install will fix it.
I've come across this one many times in the last few weeks, and a re-install is the better option. 95% of my computer repair work involves virus removal.
|
|
|
|
Post by ken on Apr 5, 2010 10:39:09 GMT
Thats why I think that SAS Pro is great Kev, it grabs these things before they can get on and estabished. Anyone running Win7 should make sure they have Windows Backup running, then a reinstall isn't too painful and it only takes a few minutes.
|
|
|
|
Post by jingles7491 on Apr 5, 2010 14:33:03 GMT
every time i try to show hijack log pc disconects from internet
|
|
|
|
Post by jingles7491 on Apr 5, 2010 15:20:38 GMT
i type in google Steven lang and it thows up teach me taxidermy ?
|
|
|
|
Post by ken on Apr 5, 2010 15:22:10 GMT
It sounds like its infected Malwarebytes to protect itself. Unless you can bring that log up, there is no way for MBAM to remove it. You could try System Restore, install the 2 apps again and try it. If its disabled MBAM its probably disabled System Restore. You dont say what your OS is, if its Windows 7, you can use a system backup image to restore your system. Otherwise you will have to reinstall, by whatever means you have got. Some laptops have a reinstallation partition, others have disks you make. Or you will have a Windows and driver disks.
|
|
|
|
Post by jingles7491 on Apr 5, 2010 15:37:26 GMT
How can i post a hijack log every time i try it disconects me
|
|
|
|
Post by jingles7491 on Apr 5, 2010 15:40:09 GMT
Xp pro on dell insperon 1100
|
|
|
|
Post by jingles7491 on Apr 5, 2010 15:51:22 GMT
Xp pro on dell insperon 1100
|
|
|
|
Post by jingles7491 on Apr 5, 2010 15:57:17 GMT
I could send the hijack in an email ? but to who
|
|
|
|
Post by ken on Apr 5, 2010 16:01:17 GMT
Me and you are talking about 2 different logs. We already know you have got a hijack virus, thats why we recommended you run Super AntiSypware and Malwarebytes AntiMalware. They are the only things that MIGHT get rid of it.
|
|
|
|
Post by Roz on Apr 5, 2010 20:07:30 GMT
|
|
|
|
Post by nike on Apr 5, 2010 21:56:33 GMT
Is this the one Jingles......
Dell Inspiron 1100
REVIEW DATE:05.27.03
Product: Dell Inspiron 1100
Price: $999 direct
Specs: 2.0-GHz Celeron, 256MB DDR SDRAM, 20GB hard drive, DVD-ROM drive, 14.1-inch display, two USB 2.0 ports, 7.6 lbs. system weight
Company Info: 800-388-8542, www.dell.com
I think i'd be looking at more ram if it is, and it's running XP.
|
|
|
|
Post by Lynnrose on Apr 7, 2010 18:57:57 GMT
From Jingles....
the trojan I first found was Hiloti I have reinstaled malware what do i do now . it wont let me send logs or emails which have anything with words like log or hijack or trojan it shuts down the pc , I am doing this via my dads please help as I cant afford to take it in
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:22:53, on 05/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [F5D9010] C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe"
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267113287068
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7005 bytes
|
|
|
|
Post by ken on Apr 7, 2010 19:41:01 GMT
To speed things up I would uninstall AVG and replace it with Avast. Get rid of Zone Alarm and replace it with Comodo. I have never reckoned Spybot and I would uninstall it and put Spyware Blaster on.
Get rid of anything in the list with Java on it and get rid 016 - DPF Adobe and Facebook.
|
|
