Jump to content
Sign in to follow this  
Cloud

A Spyware 'Assault' help anybody

Recommended Posts

Yes, he scheduled a boot time scan, which is one of the 2 reasons I love Avast.

 

Ah cool, so within windows but before the user profile is loaded. cunning; that would explain why its not being inpeded by haxdoor. I'll remember that, cheers :)

 

Hat's off to Avast!

Share this post


Link to post
Share on other sites

When you set the scan did you select 'Advance Options'? Shown here:

 

avastboot.jpg

 

And did you chose Delete and Delete/Move? If not I'm not sure what happens, it may ask you what to do, it's best just to delete it all.

 

Oh, and did you update Avast before running the scan? I don't know if you could.

Share this post


Link to post
Share on other sites

No - I couldn't update it:-(

 

The scans just completed. I deleted about 40 + trojans [Trj]

 

Some of them were in the windows folder - I read the file but I could not determine the importance so I tried to repair the file.

This didn't work so I deleted these too.

 

The computer is still infected (presumly with haxdoor)

 

There are still wierd documents such as wdcev on the desktop.

I still can't open any software in windows. Explorer doesn't work.

 

I guess were out of ideas???

I'm running the rootkit right now. It shoing up all these registry entries ??

Share this post


Link to post
Share on other sites

Rootkit should show up registries, some good ones and probably in your case some bad ones too.

 

What do you mean explorer doesn't work?

 

I've just thought of something, you can't access the computer by going onto your normal user account (even in safe mode), however when you log onto Administrator you can do some things... is that all correct?

 

And maybe you can update Avast by getting this:

http://www.avast.com/eng/update_avast_4_vps.html

putting it on your USB thing and transfer it to the other computer.

 

And we're not out of ideas!

 

Now that Avast has got rid of some stuff what works that didn't before?

 

1) Try that update, re-run Avast boot time scan.

2) See if you can connect to the internet, if so:

Update Avast

Update Ad Aware and run that

Get Spybot Search & Destroy (update + immunise + scan)

3) Post HijackThis AND Rootkit logs.

Share this post


Link to post
Share on other sites
I still can't open any software in windows. Explorer doesn't work.

 

What do you see when you log on? Can you see the taskbar, start button, and icons on your desktop etc?

 

Also, could you leave the logs that you post up please. I was going to go back and have another look-see at your last HJT log, but it's gorne :(

 

Also, if you know the site that installed all this crap, could you PM me the address please. Needless to say, dont plonk a link up in this thread or anything.

Share this post


Link to post
Share on other sites

If I could take a screen capture I would.

 

What I can see is pretty much normal. All the icons and start menus are there. However there are wierd icons and files on desktop and of course the big sign in the middle saying:

 

Warnining! Spyware detected on your computer!

Install an antivirus or spyware remover to clean your computer.

View the list of top software removers here

 

When I try to go to properties on the desktop to change the wallpaper etc -

There is only one tab - a general tab - and it says

 

Protocol: File protocol

Type:HTML Document

Connection: Not encrypted >>> etc

 

_________________________________________________

 

Ok - now things have gotten worse.

 

First of - I can't install/deinstall anything now. If I try -the computer restarts.

Second - I can only set up a virus scan AT BOOT if I reinstall the antivirus program.

 

Seriously - I will need to go much deeper to solve this problem. I can't just run programs. Its not that easy.

 

PS to post: The site that installed the crap was probably a warez site. I don't know the url.

Share this post


Link to post
Share on other sites

If you could post up a rootkit revealer log, then that'll give us the info needed to start fixing your computer.

 

Run rootkit revealer

 

click 'scan' in the bottom left

 

after the scan has finished, click on 'file' and then 'save' to save a log file.

 

post the log file up into this thread.

 

Also, a new HijackThis log please.

Share this post


Link to post
Share on other sites

Right now - I'm in the process of saving my files by putting them in large chunks of 100 mb on my USB and transported them to the Desktop computer I'm using now.

 

That would mean around 20 trips (100 MB X 20 = 2 GIGS) to the desktop computer.

 

 

I'll do the rootkit scan ASAP.

 

OK the scan is running - What does enumerating C: mean ?

Share this post


Link to post
Share on other sites

Bad news Dak

 

The scan worked. When I went to save it and error came up saying that the program need to close.

 

Now I can't access it anymore (to run another scan.)

Share this post


Link to post
Share on other sites

I play around with my computer a lot, changing registries and editing system files, when I screw up there are 2 things I can do:

1) Try to fix it - this can be very hard/time consuming when Windows doesn't work.

2) Reinstal Windows.

 

Sometimes it's just simpler and quicker to reinstal Windows.

 

In your case sometimes it is simpler to just start again... format (ie. delete everything) and start from new.

 

If you are backing up your data now and it all works you will then have nothing on your computer that is needed that isn't elsewhere. So deleting everything wouldn't cause any loss to you.

 

Everytime we try something another problem evolves, you have many problems and just as many different causes.

 

If you can't run virus scans then you'll have to do it manually... if you can't get HJT or Rootkit logs then we can't tell you how to do it manually. This leaves you with 2 options:

1) Do it yourself

2) We tell you how to remove everything (because we don't have enough info (ie. from the logs) to tell you how to remove specific things (ie. the viruses))

 

If you want to format then says so and we can tell you and little reminders (like you'll need to reinstal stuff like printers and maybe speaker drivers so make sure you have the CD etc.) and see what Dak thinks as well. It's almost like cheating just to format, but it will be easier, less time consuming and unless things improve the only thing we can help you with.

Share this post


Link to post
Share on other sites

Ok - I've been thinking about 'reformating' since the very beginning.

 

I'll install the fresh OS since there's nothing much else I can do.

(Unless I become an expert overnight)

 

Thanks for your professional help and time

Dak and 5614

 

Other forums (such as computer hope) were not that helpful at all.

 

If you have any developments or anything more to add then be my guest.

 

(but post within the next 3 hours before I go ahead with the wipeout)

Share this post


Link to post
Share on other sites

If you want to avoid a reformat, i dont mind trying some more stuff, but 5614's right -- a reformat's possibly the easyest option right now.

 

If you cant get rootkit revealer to work, then try this:

 

 

Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

 

Next, please reboot your computer in SafeMode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

 

 

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

Wait for the tool to complete and disk cleanup to finish.

 

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

 

 

Open Ad-aware and do a full scan. Remove all it finds.

 

 

Run Avast!, and fix everything that it finds

 

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

 

Reboot back into Windows normally

 

 

make a new HJT log, or post up the old HJT log you made last time if you cant run HJT to get a new log, and i'll give you some suggestions.

Share this post


Link to post
Share on other sites

You should have backed up everything you may want from that computer by now (whatever you decide to do).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.