I've gone through hell trying to figure out what was wrong with my computer, and just finally got HijackThis installed by renaming the file and installing in safe mode.
Whatever is on my computer is blocking all attempts to update every virus and malware scanner I've tried, and all my other software, I can't run scandisk or defrag, and I'm blocked from almost all helpful support web sites and help forums (thankfully not this one :)
Step One: Clean with ATF Cleaner - CHECK
Step Two: Scan with Kapsersky WebSacanner - CAN'T ACCESS THE SITE
Step Three: Update Windows XP if necessary - SP3 - CHECK
Step Four: Reboot your computer - CHECK
Step Five: HijackThis:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:09:57 PM, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Originally posted by hgodsoe: I'm blocked from almost all helpful support web sites and help forums (thankfully not this one :)
Can I ask why? :)
Please reboot your computer into Safe Mode With Networking by doing the following:
? Restart your computer
? After pressing the power button, repeatedly tap the F8 key.
? Instead of Windows loading as normal, the Advanced Options Menu should appear;
? Select the option to run Windows in Safe Mode With Networking, then press Enter.
? Choose the administrator's account.
Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
? Click on the tab Settings.
? Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
? Click on the tab Update.
? Press the button Check for Updates ? Wait for Malwarebytes to be fully updated.
Scanning Time
? Click on the tab Scanner.
? Check Perform full scan and click on Scan ? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
? A text box will pop up after the removal process is over. Post the contents of the text here. ? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed. Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing. To be or not to be; thats a dumb question.
Thanks for your reply. I've already tried to install Malwarebytes Anti-Malware (in both safe mode and normal) but it gets 50% installed and then freezes the machine on 'Extracting Files'. I tried it again after reading your post, just to be sure. The only thing I've manager to get installed since is HijackThis. I'll repost my HiJackThis log below.
Re: the blocked sites -- the Malwarebytes website, and lavasoft, majorgeeks, support.microsoft, etc, etc...) are all dead when I click on them. Nothing happens. If I open the link in a new window, I get a black browser page with no url. I have no idea why, but the effected sites are -all- related to viruses and tech support. The only sites that work are CNET and you brilliant guys.
Same with AVG, Adaware and all my other updateable software. They just don't connect to anything anymore....
Harold
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:09:57 PM, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Hmmm.... do you have a second computer? If so, can you install Malwarebytes on a different computer, and then transfer the program files (C:\Program Files\Malwarebytes) over to the infected computer? Be sure to rename mbam.exe to kw200.exe before running it.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed. Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing. To be or not to be; thats a dumb question.
Originally posted by cdavfrew: Hmmm.... do you have a second computer? If so, can you install Malwarebytes on a different computer, and then transfer the program
Hey Cdav,
My only other computer is a Mac, and Malwarebytes won't install there. I'll try harvesting the program files from another computer tomorrow.
In the meantime, is there anything that can be learned from my HijackThis log?
I managed to get the malwarebytes program files from another computer, renamed mbam.exe to kw200.exe, ran it and ... nothing. It crunches for two seconds and then just sits in memory, doing nothing -- just like its installer, and Hijack's. In safe mode it's similar, but there's a runtime error.
Hmm... sounds like a bad nasty. We'll try one more thing before using a last resort.
Note: If you can't download this tool, try downloading it from a different computer.
Please reboot your computer into Safe Mode With Networking by doing the following:
? Restart your computer
? After pressing the power button, repeatedly tap the F8 key.
? Instead of Windows loading as normal, the Advanced Options Menu should appear;
? Select the option to run Windows in Safe Mode With Networking, then press Enter.
? Choose the administrator's account.
Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
? Open the extracted SDFix folder and double click RunThis.bat to start the script.
? Type Y to begin the cleanup process.
? It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
? Press any Key and it will restart the PC.
? When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
? Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum) ? Finally paste the contents of the Report.txt here.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed. Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing. To be or not to be; thats a dumb question.
I had to get SDFix from another computer, renamed it, rebooted to Safe Mode with Networking and ... nothing. Same as all the others -- it just hangs in memory.
I downloaded a couple of misc programs from download.com as tests, and each one installs fine. It's just the useful ones that aren't working.
It took three tries to even get to safe mode. The computer kept freezing on the black screen with 'safe mode' written in all four corners...
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed. Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing. To be or not to be; thats a dumb question.
