Cosmo2b
asked on
Massive Spyware Infestation- Can't open Control Panel- even in Safe Mode, excessive Pop-ups
Have already found and removed many things I recognize. Clearly, there are some remaining bugs to work out. Have run Spybot and Avast, Safe and Normal modes, Vundo and Smitfraud Fix, I'm sure there are processes I need to kill with Kill box, but am not confident enough to try that on my own.
Hijack This log attached. All help appreciated!
hijackthis.log
Hijack This log attached. All help appreciated!
hijackthis.log
sounds like your os has its fair share of holes, you could try scanning it with multiple antispyware programs like avgantispyware and an antivirus program such as nav then run a repair but if it were me and it were that bad i would back up backup what you need then reload windows... it will save you a world of head ache not unless you have a program you cant get ahold of any longer...
Might be worth taking the HDD out, installing it as a slave in another PC & throwing your Antispyware apps at it offline. Some of these nasties make themselves real difficult to remove otherwise.
be careful though, if you do plug the drive into another computer because i have seen some of the nasties hop over to the computer you are using to scan! it helps if you disable autoplay.
ASKER
Can you point out any nasties from the HijackThis log that you recognize as particularly harmful?
maybe, but what i generaly do is just scan then if the problem persists or i just cant shake that one nasty i scan in my linux box. I used to just scan in windows but we had a funny virus that was going around that would pop the cd rom open, turned out that that virus could also ruin a harddrive so after it jumped to my windows system i decided to take extra precautions from then on out... if your control panel wont open, and a system repair wont fix it then i would just reload, or if i didnt have any programs that were aggravating to install i would reload. the reason why is because allot of the time even once you get the nasties out they still leave some nice holes in the os and it will never work quite right.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i havent used superantispyware... but i do know avgantispyware and spybot s&d work wonders. like i said though i would try scanning in another box and a repair if you are desperate not to do a fresh load, but you will prolly catch it if you dont do one especially with the problems you discribe...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
the nasties that are showing in your logfile should be taken care of with Smitfaudfix.
1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
the nasties that are showing in your logfile should be taken care of with Smitfaudfix.
1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
And yeah 2 SDBot as well,
with those 3 tools, smitfraudfix, SDFix and Combofix, pc should be well again, :)
with those 3 tools, smitfraudfix, SDFix and Combofix, pc should be well again, :)
Yes what I think may have happened is Smitfraudfix was not able to do it's thing with all the restrictions in place, which SDFix should take care of...
Dave
Dave
Yeah I actually didn't see he already run it, he could also first fix the 2 entries below and regedit restrictions would be gone.
O7 - HKCU\Software\Microsoft\Wi
O7 - HKLM\Software\Microsoft\Wi
O7 - HKCU\Software\Microsoft\Wi
O7 - HKLM\Software\Microsoft\Wi
ASKER
Thanks for the great help and comments! I think the most significant difference occurred after running ComboFix and SuperAntiSpyware as willcomp said. After applying the instructions by IndiGenus (also recommended and summerized by rpgamergirl within the minute! ) I think the system is bug-free and running great.
Much thanks again!
Much thanks again!
Thanks, I was trying to get you back operable. rpggamergirl and IndiGenus are more savvy about malware than I am and I'm glad they jumped in :-)
SuperAntiSpyware is the best available freeware spyware/adware remover and compares well to the top commercial products.
SuperAntiSpyware is the best available freeware spyware/adware remover and compares well to the top commercial products.