Browser Hijacker, Trojan

I hope someone can help me, I have a 32 bit laptop with XP Pro installed, and it is infected with a browser hijacker, I also had a problem with my pc clock not being recognized by a diagnostic program I use, and I think the hijacker caused this also.

I ran Malwarebytes and it found nothing, I ran HJT and it found noting, so I tried to run combofix, Combo fix downloads the microsoft recovery consol and says install was successfull, then it says scanning for infected files, this might take ten minutes etc etc, but it can sit for hours with the curser blinking, I eventually have to shut the laptop down using the power button. I also tried TDSSkiller but it would not run, I tried combofix and TDSS in safe mode but they still would not run.

Anyone any idea how I can clean the laptop.

 

Hi solarant,

Please read and follow this thread: READ & RUN ME FIRST Malware Removal Guide

If something does not run, just continue onto the next step.

 

I went through the steps as directed and I ran the GooredFix and I have attached the result text. I then tried to run the TDSS but it would not run, I changed the name of it to TDS123.com but still no good. So I went to the next step and ran the mbr check and attached the results.

 

Then I need the rest of the logs requested

• ComboFix
• MGlogs.zip
• RootRepeal
• SAS
• MBAM

 

Combofix installs and downloads back up files, it downloads recovery console, it starts to scan but locks up after running for a few minutes. The browser is still being hijacked.
If you need more scans done please let me know.

 

What about MGtools.exe? Was that blocked as well? See >> Using MGtools

And what about RootRepeal? Describe what happens when you try to run it

 

I had trouble locating the file on my hard drive.

I also ran the Kaspersky removal tool and it found nothing.
I ran Stinger and it found a virus called "Fake Alert" and deleted it.

TDSS wont run.

The browser is still being hijacked.

 

Please stop doing things you are not asked to do. This just delays the process of getting your computer clean.

YOU HAVE AN INFECTED MASTER BOOT RECORD (MBR)!​

_________________________________________________________________​

WARNING​

MBR infections are only worsening and sometimes (rarely) make the computer unbootable after attempting to correct it. We recommend that you back up your data before hand. Then continue with the below if you wish to attempt to remove this infection:
_________________________________________________________________​

Do you have your Windows XP CD? We need it to restore a clean MBR.
If you do not have your Windows XP CD, you can create one with the Recovery Console (which is really all we need), here: Download Windows XP Recovery Console

Then see if you can boot from this CD and get into the Recovery Console. See the second section in the below link where it says "How to use the Recovery Console"

http://support.microsoft.com/kb/307654

If you can get to the command prompt of the Recovery Console, type fixmbr and hit enter. After it finishes type exit to reboot and remove the CD to allow Windows to boot normally.

If you were able to run fixmbr, rerun MBRCheck and attach a new log. Also tell me how things are working.

 

I downloaded the ISO and burned it to a disc and booted from it, as soon as it boots I get a blue screen saying windows has to shut down etc etc.

So I remembered Combofix downloaded and installed the recovery console before locking up, so went to msconfig and looked in boot and it was there as a boot choice, I selected it and rebooted.
The laptop booted into recovery consule mode and I got the black screen as expected and I got the progress bar at the bottom of the screen, it got as far as the second bar in the progress bar and stopped and just sat there.
Amy idea on how to remedy this.

 

http://img833.imageshack.us/img833/7035/aswmbricon.gif Please download aswMBR by Avast! to your desktop.

• Double-click aswMBR.exe to run it (Vista/7 right-click and select Run as Administrator)
• Select No when asked Would you like to download latest Avast! virus definitions?
• Click the [Scan] button.
  Note: This scan should only take a few seconds to complete.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach items to your post)

 

It wont run, I tried it in safe mode also and still it wont run, the hour glass spins a few times then it quits.

 

Can you try this one: Hitman Pro

 

Hitman pro ran file attached.

 

Doesn't look like it detected your MBR infection. What BSOD error code do you get when you try to use the Windows Recovery Console CD?

 

When I run the recovery module it starts and freezes, I cannot run the recovery module from the cd rom as I said I get a bluescreen saying "Windows has shut down to damage etc etc" I can get it to start from the boot option as the recovery consule was downloaded and installed by combofix, but as I said it starts and then freezes;
I will run the recovery console from the cd rom and I will write down any codes it produces, I wont be able to this for a day, but I do appreciate your patience and expertise.
After running hitman pro for the second time all it showed was the
system32\mscomm32.ocx"

Saying iot was suspicious etc.

 

It's very hard to repair the Master Boot Record without the use of a CD, as you have seen. Most programs will not be able to run and others just won't detect an infection.

I have a feeling you are getting a BSOD when attempting to use the Windows XP Recovery console as it most likely doesn't include the drivers you need for it to detect your existing hard drive.

Please read the following for more information: How to Slipstream Your SATA Drivers Into a Windows XP Installation CD Using nLite

Also do not worry about the mscomm32.ocx file for now. Focus on getting the bootable CD to boot up without BSODing.