Malware plague (error fix caused?)

I think I'm in urgent need of assistance here. In a fit of complacency, I downloaded a perhaps suspicious exe file called Error Fix and I have since been hit by a number of symptoms.

To begin with, I noticed that my internet would not operate correctly so that when I typed up a search in Google and clicked on the link, I was bumped on to one of a number of really crappy search engines and 'offer' sites, one of which was 'www.findstuff.com'. Others led me to other registry and virus sites such as 'Stopzilla' and back to 'error fix' ( http://errorfix.com/ ). Although I was able to continue surfing as long as I cut and pasted the link into my address bar, it's nonetheless affecting my surfing.

Far more worrying though was the fact that I observed that I could not back up my files on DVD using Nero Premium 7. The option for choosing my drive was not open to me and, when I accessed it by playing a DVD, which worked, the option appeared in the drop-down bar but the button to press for burning the DVD was unclickable. Now I cannot back up my files.

So I tried using the 'system restore' option, only to discover that it too was inaccessible. I managed to access the program and choose a restart point but when I clicked 'next' in order to reset, nothing happened!

I did, however, succeed in finding a bogus account via my control panel which I have currently disabled but, apart from my own account (which I have now passworded), there was some kind of account that had the words ASP.net in the title which, I believe, is some sort of network....?

I've tried to use my free edition of AVG to neutralise the threat but my PC tends to cut out when I reboot in order to verify the changes made by updating my settings. I found advice about running a scan in safe mode but the only time I tried this (last night), the scan seemed to reach my copy of Photoshop and then stop dead.....I'm not particularly hot with technical stuff. I usually through but so far this has defeated me.....

....please help!:cry

 

Help! This piece of **** is really screwing things up for me...

 

Okay, I'm reading through the Malware instructions but I can't download the Sun Java RunTime Update. This may be because of the Trial version of Norton I just installed but I have no idea because Norton looks really complicated and I don't know where to go to to change the options.

 

Now I can't download CCleaner....:cry

 

I read the stickies and stopped posting when I noticed the bumping message and have just been chewing my nails since....down to the bone now....

I've been through the whole guide but the main point is what I was saying: I cannot download ANY exe files! That means that I can't download the Java Update (I think it's up to date anyway), CCleaner or any of the scanning tools at all.

I think I figured out straying onto Porn Tube 2.0 has caused it...not nice to admit but there you go. There's a blog here that describes it: http://tek-tips.nethawk.net/blog/tag/porntube-20 although I didn't see any links like this. I just ended up on a main page and downloaded a video player exe file. Perhaps the Error Fix program just made it worse. Anyway, all of this happened on Friday 5th June and I made my first post on Saturday.

My only hope is this AdAware log. It's the only program I know of that I own and can put together a log this kind.

This is crippling my work and much of my social life as well. Thanks for helping but it's looking pretty bad!

 

Christ! How do I avoid bumped posts if I can't even edit my last one?

Anyway, Norton just popped up to tell me I had a Trojan Horse on my system that it couldn't remove and sent me here: http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99&tabid=3 . I just wondered if this was the real source of the problem or whether it's more serious. Stopping system restore seems drastic if it means losing my earlier restore points.....

I've also attached a Scanlog from Norton that I ran earlier to the one posted below. I may even have done this before coming here....not sure.

 

I have to update (I still can't edit my posts) because I managed to successfully transfer the exe files across from a different PC using a USB device. Details as follows:

• Ran SunJava Update – I’m already up to date.
• Ran CCleaner and everything went smoothly.
• Installed SAS but could not launch the program as the same message came up that came up when I tried to install SAS before renaming it from ‘SuperAntiSpyware’. This error message was: “SuperAntiSpyware Application has encountered a problem and needs to close. Sorry for the inconvenience.” followed by the typical MS option of submitting an error report (which I could see but not get a copy of).
• I tried using this: http://www.superantispyware.com/supportfaqdisplay.html?faq=50 but the setting was already at ‘not configured’.
• Malware AntiMalware failed to respond to having the Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware checkmarks ticked and did nothing. I also tried double-clicking the desktop icon and loading via the Start Menu, but to no avail.
• Likewise, ComboFix would not respond when the exe icon was double-clicked on the desktop.
• I ran through MGTools and have attached the logs.

The problems (including being 'bumped' elsewhere on seach engines, not being able to burn DVDs and not being able to use system restore) are still occurring.

 

Gah! I couldn't find your reply earlier.....Anyway, I wasn't aware that my copy of Windows was illegal. A while ago my old version got corrupted and I repaired it with another disc...maybe that's it...:confused

I'm now unable to boot up in normal mode and am typing this response in safe mode whilst I conduct a scan using the Kaspersky virus removal tool. However, it's now reached 1% and is saying that it will be over ten hours before it has finished...?!? This 'finish time' is also rising. Given the fact that my PC tends to reboot itself randomly at times due to another error I was unable to fix (this goes back months and months) then I feel the need to post this as soon as possible and will return later.

In the meantime:

• I am running Kaspersky now...
• I couldn't find TDSSserv.sys but I did find something that worries me: C-Dilla. There seem to be reports about it on the internet that are not good and I have no idea how it ended up on my system.
• I uninstalled Norton as you suggested and am now feeling even more vulnerable...I thought you only had to shut down virus protection if you had more than one protection system...?
• Yes, I renamed it to mbam.exe
• No, I didn't try the Alternate start method for SUPERAntiSpyware. I had no idea it existed! I will try it after trying others.

I now have ComboFix on my desktop and will try running it as soon as Kaspersky is done.
I don't think Kaspersky ran except now in Safe Mode. I will try to get the others (I have to download them from another PC and transfer them across via USB) and submit reports.
Likewise Trend Micro.
Regarding C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job , I could see no such file even with the option of viewing hidden files and folders...

 

Too late. It took out my internet connection a while back followed by my USB drives and various other stuff. I lost a shedload of data. I would recommend anyone in the same situation to just migrate files to another PC ASAP by whatever means and then to do a complete reinstall. This, for me at least, was a waste of time. Nonetheless, I'm not criticising your expertise and thank you for your efforts....I'm more than just a little unhappy about my situation though.