User Profile hijack, Spyware program hijacking, etc.

Hi Ravenquille,

1) The MG Username / Password is connected to a cookie. When you run CCleaner, you clear all the cookies and that includes the one you set here with us. If you tick the Remember Button, that will hold your username and password until the cookie has been deleted again, so if during your work here, you close your browsers to run CCleaner, then you will have to tick the Remember Me button again when you log on. Do you think this might be the problem?

2) Your date/time is set for military or european time, i.e. on the 24 hour clock. Have you tried going to Start / Control Settings and click on Regional & Lanuage. In the window that opens up on the first page Standards and Formats, and click on the arrow at the right side of the country entries and choose English (USA). Accept the change and see if this changes your date back? Normally Combofix changes this back, but not always.

3) I'd like to come back to the icon problem now. A lot of sites have their own icons which appear in the address bar of the browser. I tried looking at your screen shots of the browser address bar, but I can't see what you are trying to show me. I have several questions. First of all, does the same icon appear in all browsers for the same address? For instance, if you go to a site with a certain icon that appears when you use Internet Explorer, does it also appear when you use Firefox? Opera?

4) Does the same icon appear for completely different sites, like the same icon appearing on your computer for both Major Geeks and for Google and for Wikipedia? In other words, is this problem of the icons one which is specific to your computer or is it specific to each website?

Generally each address will have its own icon, for instance, Google will have one which should be different from another search engine like Copernic. When you do a search for a website, if that website has an icon, when you click on that website, the icon will change. Is this what you are referring to? Or are all the icons in the address bar the same?

5) I believe we talked about desktop icons as well. If you are referring to icons which appear in both the browser address bar and others which appear on the desktop, please help me by separating these two pieces of information. Also, if you make screenschots that are too big to upload because of the restrictions we have, try zipping them as .doc or .jop in a zip file. I might be able to get a better look at what you are trying to describe.

abri

 

Hi Abri,

1) Forum Cookie:

Yes, I know about cookies and removal. No, this would have nothing to do with that.

* I sign in directly, typing in UN and PW, each time.
* If I go to 'manage attachments', or proceed to 'post reply', I am suddenly no longer logged in; even though I DID log in, directly. This happens all the time. ( I have never had this happen on any Forum, before this whole situation happened with my computer. )
( It's no big deal; I prefer to type UN and PW directly, as opposed to leaving UN and PWs 'remembered'. )

2) Military Time:

* The ComboFix change of this, previously, DID change back to normal; but so far, no setting I have done has KEPT it set, as of now.
( Yes, I did the Settings you mentioned, previously; but not for quite a few days. Helped for a few hours, but did not HOLD the settings.
I just reset date/display format and time configurations in both Regional area, and Desktop clock; we shall see if it will hold the settings this time around. I am not crossing my fingers......
*( That was at 7:45 PM; now at 11:21 PM, the time is still ok, but the date display format I set, has, again, been changed. I just changed it back. U.S. measurement, has jumped back to 'Metric'; too. Apparently, not 'holding' settings. )


3) Icons, Browsers, Search Engines:

Sorry, you couldn't see the Icons in the photos I took.

* IE: I tested using Copernic, Mama, Yahoo, Google.
Specific Searches in all, will display the exact same Icon for the exact same website. But, there are many different Icons being displayed.

*Firefox: I've tested Specific Searches in Google only, so far. Same situation: exactly the same Icon for the exact same website. But, there are many different Icons being displayed.

**I know that some websites have their own Icon Design. I hadn't run into alot of these; but I have seen a few.

*I realize that some websites have a Webdesigner create these 'Logo Icons'. There is also a site called 'Favicons' which offers this sort of Design. There is a Shareware Program on that site, as well as a Freeware Program available from that site; if someone wants to design their own custom website search Icon.

* As I mentioned above, I have not seen alot of these custom 'Logo Icons'; just a few, then, SUDDENLY, I began seeing a flood of them.

* MOST websites show up with the standard IE 'blue e/gold diagonal ring'; in IE.
*In Firefox, apparently, the standard is a 'white page with the top left corner turned down'.

*HERE IS THE PROBLEM:

1) The first Icons I discovered were OurChurch.com, my website hosted there; and quite a few other websites hosted there. ( NOT every website, however; whatever this is, it seems to be selective. )
( OurChurch.com and websites hosted there, so far, have one of three Icons: either the red block with thick white cross, white square with thin black cross, or square with thick red border top and bottom/white middle with unreadable black words on it. )

2) I next noticed all the Icons suddenly appearing on website searches for 'Christian-oriented' websites NOT in OurChurch.com's Directory:
( churches, ministries, christian directories, christian hosting, christian blog sites, etc. )
Many of these I am familiar with and have periodically visited. ALL of them previously had only the standard IE 'blue e' Icon; then, SUDDENLY, they all had new and different Icons.
( These icons are mixed: The two crosses I mentioned, a 'Logo grab' kind of Icon which uses some part, or some letter of website's Logo, a blue square, an orange square with an A, a red flower made of red circles, a black gear with a diagonal line of red circles going down into it, a chipmunk face with a hat and sunglasses ( profile facing left, smiling ), an orange square with a circular design in yellow, etc. )
Again, NOT every site has an Icon.

3) I, then, checked general, random kinds of subject searches:
I found some sites with Icons, some with the usual IE 'blue e' Icon.
Again, NOT every site has an Icon.

*NOTE: I ASKED OurChurch.com if they were providing the new Icons; or if this was something optional in their NE1 Web Builder Program.
They told me that they DO NOT have an Icon for their site; and they do NOT offer this as an optional feature in the NE1.

* Someone is creating Icons, and deliberately assigning them to, first: Christian sites in OurChurch.com, Christian sites not in OurChurch.com, numerous other, random sites ( THIS may be happening to sites I visit, after I visit them. )

**I surfed on my husband's computer to see what might happen with the Icon situation:
Interesting.
At first, for OurChurch.com, my website there, and any other website hosted at OurChurch.com that I tested:
*page could not be found
*"unable to access database, check back in 10 minutes" ( as if this was coming from OurChurch.com! )
*Finally opened; when opened, all sites had the Icons displayed, same as in my computer.
*NO general search had any other Icon than the usual IE 'blue e' Icon.
* ALL searches NOT OurChurch.com or Christian-oriented, opened ALL pages, and opened quickly!

****I would say, that seems to indicate that the 'Iconery' is being enacted from MY computer; ( with some different mechanism in operation in my husband's computer ), rather than in the websites themselves. The Icons obviously have some function; they are doing something. That 'something' and the 'way' they are operating, has apparently, not been detected by any of the Diagnostics we have used so far.****



Ravenquille

 

Hi Ravenquille,

1) First to the cookies question. There is a way to set your browser to accept session cookies only. This will do just that. It will maintain a cookie for the duration of your visit to a website and erase it as soon as you shut down that website. Then there is the "Remember Me?" button which has a different function from one website to another. If you use this function with Yahoo, for instance, it will maintain the cookie for 2 weeks (as long as your browser is also set to allow for it to be maintained that long). If you use it with the Major Geeks website, it maintains the cookie for as long as your settings are set for, so if your settings are set to use it as a sessions cookie, it will maintain it for that session. If your settings are set to maintain it for 4 days, it will maintain it for 4 days. In other words, your browser setting on your computer will override whatever the website says. If you don't click on the Remember Me button at Major Geeks, you'll have trouble with the Manage Attachments button.

2) The time... Did your computer stay in U.S. time when you switched it this time? If not, this sounds like a mechanical problem somewhere in the registry. Did you notice if it switches back only after you reboot? Or after you run a certain program?

3) I need to sort out a few things regarding the icons which are not solid in my memory. Thanks for being patient.

• First of all, did the desktop icons go away - the ones you showed screen shots of?
• Are the icons you describe as showing up in the browser address line the same icons which showed up on your desktop? Do they look exactly the same?
• If you go to an internet cafe or a friend's house (some computer unrelated to any of those you have at home) and do a simple google search for OurChurch.com, do you get the icons from that computer? On any browser? Or any other search engine?

abri

 

Hi Abri,

1) TIME/DATE:

After I made sure to reset the time display format, the date display format, United States measurement instead of Metric; it has, now, held the Settings HAVE finally held. Everything I specifically set last night, is still intact.

( I did notice it only after ComboFix was used the first time; the first time, the Settings came back, but after that they did not. They would not hold the Time/Date Settings if done from the Desktop Time Display area; and, at first, I didn't closely everything in the Regional/Languages area. )

2) COOKIES:

Yes, I know 'the keep me logged in for 2 weeks' Yahoo format. I try to make a habit of not 'staying logged in'; just login as I need to.
( I don't allow a UN/PW to be 'remembered/saved', for example, in the Admin access to my website. )

* My Browsing History/Temporary Internet Files Setting is 'automatic', and save/keep in history is set for 7 days; which are Settings I have always used.
( I realize that CCleaner, for example would eliminate all this kind of saved history. )

With that Setting, if I enter my UN/PW on this Forum, IF I clicked 'Remember Me', that info should be held for 7 days.
( Let me know if there is another setting you are referring to. )

I have never had a problem, until now, with just signing in with UN/PW directly ( without using an option to 'save this info/keep me logged in' ) on any Forum. No problem with posting Replies or New Topic Posts, DURING a session.

**?? Do you mean that if I DON'T hit 'Remember Me' in MajorGeeks when I log in,
I will have to KEEP logging in each time I want to 'Manage Attachments' or 'Reply' DURING that same session?

3) ICONS:

* The Icons on my Desktop associated with my Ministry Website at OurChurch.com are STILL there ( the red box with thick white cross ).
I have tried deleting them, and creating fresh links for my Desktop; using various Search Engines. Same results all the time.

* The Icons on my Desktop associated with my Ministry Website are the SAME Icons which will show up in a Search, yes.

* This SAME Icon also shows up with OurChurch.com, and many websites hosted by OurChurch.com. I have noted ONLY 3 different Icons within the OurChurch.com member sites I have checked ( not ALL of them have Icons other than the standard IE 'blue e' Icon; however )

* There are MANY different Icons showing up in major 'Christian-oriented' sites ( Churches, Ministries, Missions, Christian Web Hosting sites, Christian Directories, Christian Blog sites, Christian 'MySpace', Youth Ministries, etc. )

* There are MANY different Icons showing up in general search subjects, now, as well; but not ALL sites, EVERY site. AND, in searches for Webmail Providers; which is interesting
.
( It MAY be that if I visit a site, it then, will get an Icon; I am not sure about this. I have seen it happen with some; but NOT with ALL I happen to visit. )

** I have asked a few friends to do the same Searches within OurChurch.com, and the same general Searches as I have done, in order to find out if other people are seeing the Icons. NONE of them have reported seeing these Icons.

**I did general Searches on my husband's computer last night to find out if his computer will find the Icons on Searches; Copernic, Yahoo, Google, Mama:
Odd behavior:

* No Icons when I open any of his Favorites, or his Searches in Search history. These all open quickly.

* At first, I found no Icons in general Searching; all opened quickly.

* OurChurch.com, my website, other OurChurch.com member sites would NOT open at all at first; either 'Page not Found', or very locked down, dragging, opening function which finally brings you to 'Page not Found'.

* Then, I got a weird message that the 'Database cannot be accessed. Try again in 10 minutes. Or check this link to see if there is any information available ( not exact wording on this sentence; which referred to OurChurch.com, as though it was being generated by OurChurch.com, which I don't believe. )

* OurChurch.com websites FINALLY opened; WHEN they finally opened, the SAME Icons I see, were there.
( It seemed as though his computer wasn't going to be allowed to access OurChurch.com sites, OR other general Christian-oriented sites (???); but, then, after a number of tries, it COULD.....but with Icons. )

*** This particular Icon Situation, is obviously emanating with MY computer; but also effects my husband's computer, to some extent.
It has NOT been duplicated with anyone else's computer, so far. ( It might certainly be happening to other people, but not to any who have run investigative searches for me. )

I am guessing that it is aimed at trying to steal Credit Card #s, Bank Account Numbers; but I NEVER make any Online Transactions, and do NOT store any of this information in my computer at all. They might find my address/phone number; but that's all public information anyway.

It may be simply trying to monitor where I go online, to possibly keep a step ahead of me ( I am a Paralegal, and have done some online research and reporting regarding some suspicious 'Ministers, Ministries, Churches, Schools, Orphanages, etc., stated as being in various parts of Africa. I did this for myself, and for a few other Ministries; which resulted in a few of these fake Scammers being exposed, reported to OurChurch.com, and the FBI. I sent emails and posted on various Ministry sites, warning them of these kinds of 'Christian Scammers'. People fall for this right and left; which amazes me. )

Whatever it is, I would like to get it out of my system and keep it blocked; of course.


I am going to start the Cleaning Process on my husband's Desktop today.
I will investigate it a bit before I begin; and will write down anything I think may be important. ( Will create a new post for this one; but will do all the recommended Cleaning Procedures on the list, in order, before I post anything. )


Thanks,
Ravenquille

 

Abri,

NEW HORRORS!

I downloaded and installed Thunderbird.

1)**In the midst of setting up accounts ( had NOT used it, or downloaded any email, or imported anything ), Thunderbird Error comes up. Close or Debug, I kept choosing to Debug, but it kept closing Thunderbird anyway.

* I finally looked at the details of the generated Error Report: really bizarre stuff!
( Some of this may well show clues to what is going on and possibly how it is doing what it is doing. I could not copy it, but took some notes. I won't list all of what I wrote down, just a few:

Locked files, files not found, unknown compression, unknown header flags set, schema locked, database table locked, bogus virtual array access, bogus Hoffman table definition, unresolvable SYMLINK, File Read only, Cannot convert data, No device space, Name too long, File Corrupted, Disk full, File does not exist, File Directory not empty, XPConnect System has been shut down, etc. etc. )

File Thunderbird wanted to include in Report:
C:\DOCUME~1\Deborah\LOCALS~1\Temp\8b75_appcompat.txt


2)**Tried to uninstall via Add/Remove:
Avast 'permission screens' for Thunderbird to uninstall: first screen said it was trying to access a certain temp file. It looked suspicious, so I blocked it. It contained an 'Au_.exe' at the end of the file.
After I blocked it, screens came up for EVERY LETTER IN THE ALPHABET with the 'u_.exe' ending ( Bu_.exe, Cu_.exe, etc. etc. ) I blocked them all, closed all windows from the 'X'.
Cannot use, OR delete Thunderbird.

3)**It also instantly blocked my access to this Forum ( from MY computer );
both the email link in post notification, AND via Search. Website opens, but not Forum!!
( I am posting from someone else's computer )

I am running DrWeb Complete Scan at the moment; to see if it catches anything.


Ravenquille

 

Hi Ravenquille,

I went to the websites you mentioned and they all have the icons you describe. The red icon with the white cross appears in the address bar of the website OurChurch.com and the rings you showed in your screen shot appear in the Gospel.com website. The flames appear in the website that uses the flames, so I think these are all right. Whoever gave you the information at OurChurch.com was not giving you correct information. It's also possible that if you put a link of the website to your desktop, that the same icon will appear with it.

We've spent a lot of time on malware scans and haven't really come up with much in the way of malware. The problems you've described since the beginning of your thread point at problems in your operating system. You can attempt to run sfc /scannow in the Start / Run and see what repairs can be made. The scan will attempt to replace damaged files with correct ones from your computer itself, or it will ask you for yoiur Windows cd and retrieve them from there. Looking at what happened with Thunderbird, it appears that your computer has serious problems with the operating system and a simple sfc / scannow repair may not work, but it's worth a try. If this does not work, the only thing you will be able to do is a complete reinstallation.

Go to Start / Run and type in sfc /scannow (note the space after the c ) and then click on okay and allow it to run.

Let me know how this goes.

abri

 

Hi Abri,

1) Icon on Desktop Shortcut to website:

Yes, I know that any Logo/Favicon IF there is one, will show on the Desktop link anyone creates. These Icons had previously been only the standard IE small blue e Icon; and would remain so, unless they were changed deliberately ( either by the website owner directly, or by someone else deliberately changing them. )

I actually suspected that this would be happening soon. Whatever 'it' is, has now ( just recently ) done something to make them visible to EVERYONE doing a Search.

*These Icons appeared only a few at at time.

*The Icons started with Christian-related websites ONLY.

*More Icons have been being constantly added.

*The Icons were ONLY visible during a Search from MY system, at first:
*NOT visible when Searching from my husband's computer, when I first checked.

*NOT visible to 4 people I had running checks for me ( 3 in different U.S. states, one in another country ), when I first asked them to check.

*NOW, they are also visible when Searching from my husband's computer, as of yesterday.

*NOW, you are reporting that they are also visible to you.


2) OurChurch.com:

No one gave me incorrect information at OurChurch.com.
I spoke to those who have complete responsibility for the company and all operations: ( The servers, the website, the website design, the member NE1 website-builder program, etc. etc. )

*They DO NOT have any kind of Logo/Favicon created, or authorized, by THEM, which is appearing on their websites.

*They DO NOT have an Icon Logo/Favicon 'option' built into their NE1 website-builder program.

( They had no idea what I was talking about; because, at the time, they had never seen these Icons. )


TODAY: Further Developments on my system:

1) Ravenquille Email Account:

*The Email Account ( in Outlook Express ), which I am using for this Forum, is now, being controlled; apparently, to keep me away from this Forum:

*Links on posts from you ( The Forum ), if clicked on, will now totally lock up all functions in that Email Account. I have to close it.

*This, so far, is NOT present in other Email Accounts in Outlook Express.

2) IE/Copernic Searching:

Searches are found quickly, normally; but I have been experiencing the following: ( none of this was present LAST NIGHT )
Appears to be attempting to keep me from being able to Search, or go to Websites.

*Very slow to open most pages ( new thing, never present before )

*Often get 'Page not found/cannot open page'; or 'Not found on this Server' errors

*Often get a fake website 'holder' when I try to visit a website
( by this, I mean a black page with a window in it, which has the website name at the time, but no info about the website at all. Has some misc. unrelated search links, and a searchbar to 'search'. SAME page showing up for many sites ( website name being different, only ). )
These are websites which DO have theiir own websites; which I have visited before. Some of these websites were visible LAST NIGHT, but had this happening today. )

*Searches for OurChurch.com, My website, or any website hosted by OurChurch.com which I have tested, will totally lockup Copernic/IE, error screens, and it must be closed! TODAY, not last night!

*Could not get to MajorGeeks.com via IE/Copernic
( error, had to close Copernic )


3) Firefox Searching:

*So far, have been able to get to MajorGeeks.com via Firefox.

*Some other Searches in Firefox, also got the SAME fake website 'holder' page ( exactly as described above ); NOT all Searches have been affected, so far.

*NOTE*:

*I have been watching the lights on my cable modem and wireless router, as well as watching the firewall screen ( internet connections ) in Online Armor, when these things are in the process of happening:
All functions stop dead
( normal light movement on both cable and router, when these 'blockings' are not happening; and functions resume to normal in the Online Armor Firewall (connections ) screen


MALWARE/VIRUS vrs. OPERATING SYSTEM PROBLEMS:

1) There was no problem with my Operating System; there may not be one now.

2) These things are happening IN RESPONSE to my attempts to clean my system; they are SPECIFIC and DELIBERATE.

3) They want to prevent the use of Thunderbird; and have done so.
This tells me that they are monitoring my Email, specifically, for some reason.
( Note: Thunderbird downloaded fine, installed fine. Accounts were set up fine. This happened JUST as I was about to test/use these Accounts! )

NOTE: Avast caught and identified 26 different things trying to block the UNINSTALLATION of Thunderbird! The SAME file every time, except that with each one the end of the file ( ( a capital letter )u_.exe, the capital letters went from A all the way to Z!
These flew up instantly, as soon as I blocked one, the next one came up. They have effectively blocked the Uninstallation of Thunderbird, via Add/Remove.

*You must realize that my system is not going to suddenly, out of the blue, do THAT!

*Also, what I will be reporting about my husband's Desktop verifies that this is NOT a problem with merely my OS. ( started on it yesterday: full of bizarre things )
( I'm not trying to be nasty or insulting to you in any way; I just want you to realize what is going on here. It is something very unusual, and very malicious. Master Hacker kind of stuff. )


***Whatever this is, it is most definitely NOT being detected completely; BECAUSE it is corrupting programs, either in Download, Installation, or Update.
( Not every program catches the same thing, of course, but 'it' apparently fears the programs we have tried to use; and it fears MajorGeeks.com! )


I am absolutely certain that there was no problem with my system itself; I tend to think that there is not at the present time. It is obvious that various functions are being Monitored and Controlled.
*Is there permanent damage being done to my Operating System?
Maybe so, maybe not.

***As to the suggestion of using sfc /scannow:

Should I attempt this anyway, considering that I DON'T HAVE my WinXP CD?
( My friend's shop lost/misplaced it; so I have none ).


Ravenquille

 

If your system has been compromised to the degree that you no longer have control over it and all of your programs are being compromised, then it's unlikely our usual procedures are going to be able to recover your system for you. It's possible the only thing that will help will be to wipe your harddrive altogether.

Yes. Windows XP often has a set of files in reserve that it can draw on to replace those that are corrupted. If it can only find them on a cd, you can use the cd of someone else, but it needs to be the same level as your operating system. In other words, if you have XP Pro, it needs to be XP Pro. If you have SP2, it needs to be with SP2.

Let me know how this goes.
abri


Ravenquille[/quote]

 

Hi Abri,

I have WinXP Pro SP2.
( I have a WinXP Pro SP1, which has never been used; my husband also has his XP Pro SP1 CD. )
I know no one who has one; so, at present, I do not have access to a WinXP Pro SP2 CD.

I doubt if it would do any good anyway, based on what I discovered when I tried to run sfc /scannow.


1) scf /scannow ( on my system )

This command is apparently being controlled.
This is what I got:

*a box: Windows File Protection
"Please wait while Windows verifies that all protected Windows files are intact and in their original versions.
(scanline starts a tiny bit, does not continue, due to the next group of boxes popping up )
*next box:
Icon of Cd, and: "Files that are required for Windows to run properly must be copied to teh DLL Cache. Insert Windows XP Professional Service Pack 2 CD now."
Has 'Retry', 'More Information', and 'Cancel' boxes

*Select 'More Information':
Windows File Protection
"Possible reasons for this problem:
You have inserted the wrong CD
i.e.: a different Windows product than the version installed
The CDROM Drive in your system is not functioning


*Select 'Retry':
Windows File Protection
"The CD you provided is the wrong CD. Please insert the Windows XP Professional Service Pack 2 CD in to your CDROM Drive.


Now, the boxes get hard to close. Select 'Cancel' and you get:
"If you cancel, Windows might require you to insert a CD later. Are you sure you want to skip this file?
Boxes for 'Yes' and 'No'.
When you try to hit yes to cancel, or try to close from the bar, you get the same boxes coming right back up.
Finally, will close from the hitting close on each one on the startbar ( seems to be a specific number of 'box popups' before they will give up and close )

( NOTE: I never tried to use a CD. These boxes pop up automatically, when no CD drive is being used at all. )

2) Tested sfc /scannow on my husband's Desktop:

*Same exact behavior as mine.


Ravenquille

 

Hi Ravenquille,

During scf /scannow you are asked to insert a cd. This means that your harddrive was checked for copies of the valid files and they weren't found, therefore your computer needs to see the repair disk. When you don't put the disk in, it gives you the message that possible reasons for the problem are because the wrong disk has been put in or that the cd drive isn't functioning. What happens if you actually put the disk in? It's important to only put it in after you reach the point where it's requested, otherwise your computer will try to boot up from your cd.

abri

 

Hi Abri,

*I know how it should progress.
It never gets past the command line being entered; these 'request for CD boxes' come up immediately ( on two computers tested, exactly the same ). It does NOT do a preliminary scan at all.
( Normally, you would get the scan process starting, and progressing to some point; which would differ from one system to another. )
No scan begins. The message boxes keep flying up, no matter what you choose ( Retry, More Information, or Cancel ); for a specific number of times, then, it will permit itself to be closed.
( Normal Windows behavior would allow you to close the message window and the process. )


If I put a CD in:

*I don't have a WinXP PRO SP2 CD.

I tested with a Windows XP Resource CD, and a music CD, just to see if there was any change with the message boxes, or if I might be able to trick it. The messages are the same with no CD, or a CD. Messages are just 'set' to come up as the reaction if you try to run sfc /scannow; controlled.


I downloaded Secunia PCI Scanner

Interesting program. Installed ok, and runs ok.
Fixed some security holes it found.


2) I downloaded a-squaredHiJackFree.

Cool program. Shows very interesting Processes, Ports, and entries under 'Others'.
Installed ok, and will run ok.
I have not found any way that I can copy the results though; far too much to type entry by entry.

3) Downloaded both a-squaredFree (the one with the scanner), and a-squared Commandline Scanner as well.

Both appeared to download ok, but neither of them will open.
The Commandline Scanner gets a flash of the black screen; and the a-squaredFree can't be opened at all.
Tried to trick it, by uninstalling and reinstalling them into different locations; no change, they are being prevented from opening.

I am going to see if Emisoft has any idea how to get around this; I have a feeling these programs would be very helpful.

Ravenquille

 

Hi Ravenquille,

I was afraid of that. You may have some luck with further antimalware programs, but it just sounds like you have a lot of issues which can only be resolved by reformatting. I had hoped the sfc /scannow might work, but I was not sure.

abri

 

Hi Abri,

I have so much that cannot be lost, that I am going to try my best to wipe this thing clean; or just do what I can to get around this for awhile without the reformatting, if possible.

a-squaredFree and a-squared Commandline scanner either would not install, or would not run once installed.
1) I installed Dial-a-Fix, rebooted
*Both installed after this, but only a-squaredFree would run.

2)a-squaredFree found and quarantined 17 things; but not nearly what was found in the a-squared online analysis. I printed out the log.

*CHODE-J Worm
*GAOBOT.ADV
*DIALER-YI
*LOVGATE Worm variant
*EHU Adware
*AGOBOT-ADD
*TACTSLAY-A Trojan
*an un-named Chinese-originated adware
*Ctfmon32 parasite variant
*SPYHOAX-A Trojan
*RAIDYS Trojan
*Win32.Jeefo.a
*Email-Worm.Win32.Sober.z
*Win32.Netsky.d
*Email-Worm.Win32.Sober.p
*Email-Worm.Win32.Sober.o
*P2P-Worm.Win32.VB.at
*Trojan.Zapchas.ac
*NetSpy
*Maverick's Matrix
*RemoteStorm
*Back End
*Executor
*Hooker
*RingZero
*LogiGuard LLC
*IamBigBrother
*SentryPC
*Supremtic

Ports compromised:

80 TCP
1025 TCP
25 TCP
38 other ports with unknown items

*4 questionable Explorer and Browser Add-ons
*57 questionable 'Tricky and Other Autoruns':

( All this is in addition to all the other things we removed or quarantined! )


**NOTE: All THIS when I have always had Firewall programs, Anti-Virus/Anti-Spyware/Malware programs; AND always cleared out Temp Files, Cookies, and ran scans often!

Well.....back to the drawing board....


Ravenquille

 

Hi Ravenquille,
Thanks for your post. Please attach a copy of the log from A-squared.
abri

 

Hi Abri,

Had to split it up due to size. 2 parts here, have to divide the others. Will post in a few minutes.


Ravenquille

 

Hi Abri,
2 more parts of the a-squared analysis

 

Hi Abri,

3 more parts of the a2-squared online scan

 

Abri,

2 more parts of the online scan

 

HI Abri,

3 more.

 

Hi Abri,

Last 2 parts.




Ravenquille.......
........who just scorched the blasted chili, lol!

 

Hi Ravenquille,

To begin with I only saw your most recent post and only after looking through those logs and finding all the entires legitimate entries that you need for the functioning of your computer, did I realize there were several more logs which preceded it. Let me try again. I found one log which concerns me very much. It gives the following description of Realshed, which in fact, is a file we often remove from your 04 entries in HijackThis. The description in your attachment is as follows and is inaccurate. realsched.exe is not malware:

[/FONT]


First of all it surprises me that aSquared would print such a thing in their log, as they are a reputable company, and I'm inclined to think, in fact, that they did not report what you attached.

Our reason for removing the realshed entry from the 04 items in people's HijackThis log, is because it doesn't need to load at startup and causes the startup time for people's computers to be slower than it needs to be. It has nothing to do with it being malware. aSquared must know this or they wouldn't still be in business, therefore I have to think that you added these things to the log yourself.


There are several reasons why you come to a forum like this for help and why you do not alter the information people need to help you. One of these is because when people google realshed to find out what kind of a file it is, they could be misled were we to produce the kind of information you've just shown me in this supposed log of aSquared.

In the last 70 posts, we've discussed the state of your computer and what may or may not be malware-related, but nothing has yet been uncovered to suggest that the problems you're having have to do with anything but the original version of Tweak UI which you installed and used. It appears your operating system sustained some damage and that the best way to resolve the problem would be to reformat.

We are finished. This thread will now be closed due to inaccurate information in the attachments which could lead posters who come here for help to take steps which could result in damage to their computers.

abri