Post Malware Removal Issues.

I have WinXP, and I was just recently hit by the rogue Spyware Removal 2008spyware/trojan, which somehow downloaded itself onto my computer without me even doing anything. I was on Yahoo.com, and a new tab opened itself up saying "Warning this site contains links that may harm your computer." So I closed the tab, and boom, this Spyware Removal 2008 downloaded itself onto my pc.

At first it would redirect my browser anytime I would search for anti-virus, and I would be brought to a rogue anti-virus download site instead. I was finally able to get HJT and Malwarebytes via direct download links that were supplied to me as a friend. Then my computer no longer had any sort of WiFi, and the start menu went from normal looking, to old school windows looking. Whenever I got an alert popup, my computer would also make a loud beep noise, which had never happened before.

After running my pc in safe mode and renaming the programs to iTunes and Firefox, I attempted to run them. HJT successfully ran, however malwarebytes did not. With HJT, I used the house computer to read the actions necessary to perform on my laptop via this site, and got all of the malicious files off of my computer.

Now the issue is, my windows start menu still appears old school looking, regardless of having the modern appearance in my appearance customization area in the CP. I still have no WiFi on my laptop now, that beeping noise is still occurring, and I'm getting a little balloon from windows telling me I have the trojan-spy.win32@mx spyware/trojan infecting my computer.

What further steps do I need to take if I cannot download any working malware removal onto my laptop? It won't even read discs or flash drives.

 

Welcome! to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

• READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

I have already tried this. The boot was unsuccessful, and as I said before my computer will not read CDs or Flash Drives. I can't post any logs because the infected computer has no internet access, and it won't read any CDs or Flash Drives to put them on.

 

What do you mean by this? What did you remove?

 

I have the log on my other computer, which won't let me put it on a disk or flash drive, so all I can really tell you is I had this site open next to my laptop and went through the guideline to remove any malicious files that were found via HJT.

After that I tried editing the registry where I had several infections. I had a Cryptex trojan, WinCtrl32.dll, Prunnet.exe Trojan, then there was some qMBefDB.exe or something along those lines. I deleted them all out of the registry, but they did not go away.

 

http://forums.majorgeeks.com/showthread.php?t=177475

This guys thread pretty much sums my problem up in a nutshell, it's the same exact thing happening to me. Only extra thing is that I have winXP but it's running as though I have Windows 98.

 

What all did you remove with HJT? Keep in mind, not all items in HJT are bad, you should only remove items if requested by an expert.

Try to download ComboFix, but before clicking "Save" rename it to something such as "CF" and save it to your desktop.

Once downloaded, click start > run > type in the below:

"%userprofile%\desktop\combofix.exe" /killall

If you're able to run it, attach the log to your next post if you can.

 

I can't download combofix because my infected computer cannot connect to the internet with this virus. Also, if I put it on a CD or Flash Drive mt infected computer will not read them.

I had HJT fix the following things

O4:
spywareguard.exe
services.exe
xqbbdmcf.dll", b
prunnet.exe
winloggn.exe
csrssc.exe

09:
Extra button: (no name) - http://www.servicemenutool.com/redirect.php (file missing)


O20:
AppInit_DLLs C:\PROGRA~1\google\google~2\goec62~1.dll, imryln.dll, avgrsstx.dll, jxcysf.dll

O21:
ieModule.dll
wldzipinyj.dll

O22:
rsekd83jde.dll

 

Do you have another system you could put your infected hard drive in to run a scan on?

 

yea, that won't infect the other system though right?

 

also, how would I go about doing that?

 

No, it will not hurt anything.

 

Well, first you need to be sure it can work, if it's a SATA drive then the make sure the system it's going into supports SATA. If it's an IDE drive then be sure the system has IDE slots.

The best way, is to first power down the system, unplug the CD Drives and plug up the HDD as Primary on the Secondary IDE Slot or Secondary SATA slot depending on what the HDD is.

Then just boot up and run scans on the infected drive.