Referral from Malware--Help!

I've just spent a couple weeeks trying to remove what I thought was a trojan
from my computer. The person helping me reviewed a number of anti-malware
programs and decided my computer is clean. My list of problems is at least a
page long and I don't know where to begin. To list a few: after a full format
removal of the BIOS battery for 5 mins. and installing a new, legal copy of
Vista, very few A/V programs are able to update although the computer is
connected to the net. While trying to install progs, it reboots at random intervals,
fails to recognize many antivirus programs, after I access the F: drive (SD card)
a few times it fails to recognize the card. The CPU runs at 100% every few minutes, Explorer redirects MSN to a Facebook site, on boot up a dialog box
pops up saying that my copy of Vista is not genuine and the options box with it
doesn't allow any choices.
I have another page of problems.
This all began when an email downloaded Live Security Platnum (Win32:Hobliq-B
[Heur].

Any help or ideas will be greatly appriciated.

 

Whatever browser your using, try another,
>When installing the new programs /or/ programs you already had,

>Try installing these in safe mode, if they'll let you,

>And always remember to reboot after every install and every change made to your system,

>Some might say no to this, but, i use it as a good rule of thumb, so that your comp is remembering every change you make during and without the changes !

Good Luck

>P.S As for it not recognizing your AV Program, try turning off your Windows Firewall & Defender just till you get setup!!!!!!

Rustyjack !

 

Thanks for responding. I tried Chrome this morning and things seems better.
Rootkit programs that reboot to check the boot sector either can't seem to find it,
or can't do it without shutting down completely, so that's something I haven't been
able to check. I'm still not convinced there's not a virus somewhere.
Your suggestions do seem to be helping, though.

Thanks again

 

Try flushing your DNS Cache to help your browser problems,

Open CMD as admin type in ipconfig /flushdns


Then try this to help stop redirections :

1. Disable Redirecting in "Mozilla Firefox"
   
   
   • 1 Click "Tools."
     
   • 2 Click "Options."
     
   • 3 Click the "Advanced" tab.
     
   • 4 Click the "General" tab.
     
   • 5 Check the box next to "Warn me when websites try to redirect or reload the page."
     
   • 6 Click "OK."
     
   Disable Redirecting in "Internet Explorer"
   
   
   • 7 Click "Tools."
     
   • 8 Click "Internet Options."
     
   • 9 Click the "Security" tab.
     
   • 10 Click "Custom Level."
     
   • 11 Scroll down to Miscellaneous and click "Disable" under "Allow META-REFRESH."
     
   • 12 Click "OK." and "OK." once more.
     
   Disable Redirecting in Google Chrome
   
   
   • 13 Click on the "Customize and control Google chrome" button. This is pictured red as a wrench.
     
   • 14 Click "Options."
     
   • 15 Click "Under the Hood."
     
   • 16 Click the box next to "Enable phishing and malware protection."
     
   • 17 Close the "Options" tab.
   • Mozilla Firefox currently has an add-on, "NoRedirect" that can take further steps on preventing website redirection. Please check this out !

Also, just for peace of mind, try running your AV in Safemode if it will allow you,

Another suggestion is to, uninstall any browsers you no longer intend to use, and double check your Hosts file.
But will no doubt been checked when you where over in MG's malware dept, but here's the instructions anyway !



Checking the hosts file

• Open Windows Explorer
• Click on Tools, Folder Options, View tab
• Uncheck Hide Extensions for Known File Types
• Select Show hidden files and folders
• Click OK
• Navigate to \Windows\System32\Drivers\etc
• Open the file hosts (no extension) in Notepad (for example, right-click hosts and select Send To, Notepad)
• Verify that it looks like this:

http://www.tech-pro.net/images/hosts.gif​

The lines beginning with # are just comments, and their actual content is unimportant. The lines that cause names to be associated with IP addresses are the ones that do not start with #. Normally there is only one such line, which reads: 127.0.0.1 localhost.
Note that some anti-spyware packages may replace the hosts file with one containing other items. The only way to be sure if this is the case is to ask the publisher of the software. However, if in doubt, it is very unlikely that any harm would be done by replacing a modified hosts file with one containing the original contents.



P.S Don't forget reboot after anything carried out !

Rustyjack

 

One more thing, click this link and download Revo Uninstaller,

http://majorgeeks.com/Revo_Uninstaller_d5706.html

and uninstall any obsolete software from your machine !!!!!!

 

The redirect is still there, it's only a problem in that we hate things on our
computers that don't work as they should.
I ran Kaspersky Security Scan and it found the attached errors. I don't know
if this is causing problems or not.
This is a new install of Vista and there's nothing valuable on it, so I guess
this is an academic exercise, but I still would like to clean it up.

I do appreciate your help.

 

You say you found the attached errors after running Kaspersky ?

What are the errors ?
Which browser is redirecting ?

 

Start > All Programs > Accessories > System Tools > Disk Cleanup.... Delete all automatically ticked items and then delete all those files.
Also click start type %temp% and delete everything from that folder, keep doing this till it's empty and reboot !

You will or should have Ccleaner downloaded if not click this link : http://www.majorgeeks.com/CCleaner_Standard_d5125.html
then run the reistry cleaner component of it, i know it's not usually advisable to use registry cleaners, but if you are, use Ccleaner it will prompt you to back your registry up, which is advisable !!!!

Try using your browser without any addons and see if it still does it if it does then its one of your addons causing the redirects !

 

I guess my attachment didn't make it. I'll try again.
What ever is wrong changed the attachment from txt to rft and your attachment
thing wouldn't accept that. It now refuses to recognize removable drives.

 

Try using your browser without any addons and see if it still does it if it does then its one of your addons causing the redirects !
If it is keep restarting your browser with each different addon enabled until you find out which one is causing the problem !

IMHO though, forget about IE and Chrome for that matter, and download Firefox, i find it to be a much more efficient browser !

If your insistent that you have a rootkit, and you run Kaspersky, click this link http://support.kaspersky.com/faq/?qid=208283363 and follow all the instructions carefully !

Try and run SFC /scannow to check all your files !

 

I do hate to keep going on, but if you've already been over to the malware dept, those guys over there don,t mess about, they go through everything with a fine toothcomb, and if you did have a rootkit or any kind of virus within Windows Vista itself, i'm sure they would have found it, and as for rootkits they're only used to compromise systems to steal your banking details, or anything valuable, most of the time, and you have pointed out that there's nothing valuable on your system as it is a fairly new install of Vista.

But , on that point i have found a good read for you about rootkits , click the link ,

http://www.omninerd.com/articles/r00tkit_Analysis_What_Is_A_Rootkit


If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach.

 

I wish there was a do-over
in this forum. On my first cup of coffee, I seem to be mistake-prone.

Lets try this again.

 

Good Morning Jack,
This is in reply to your message #11. I should be trying to fix my computer issue by issue,
instead of a mass attack.
Along those lines, When a program asks to reboot, intending to continue on after, this PC
reboots, but shuts off during, cancelling the original program. On a regular reboot, it does
reboot, then returns to O/S. I hope you understand what i'm tring to say,
communication isn't my primary language. Kasperisky Security Scan, for example, tries
to reboot to examine the boot sector, then continue on. This machine reboots, but a full
boot, so KSS is cancelled so it can't continue. What fault in Vista's programming could
cause that?

When I install a new HDD, clear the BIOS, and install a fresh copy of Vista, the PC works
almost normally, just a few strange dialog boxes. When I connect it to the internet, it beguins the redirect, and many other instances of misbehavior. What would you think?

Thanks for your patience and expertise.
the redirect

 

( QUOTE ) I do hate to keep going on, but if you've already been over to the malware dept, those guys over there don,t mess about, they go through everything with a fine toothcomb, and if you did have a rootkit or any kind of virus within Windows Vista itself, i'm sure they would have found it ( UNQUOTE )

I'm not being cheeky by saying it like that, But all i'm trying to work out is, that you followed the rules to the book and, you didn't miss anything out !

 

Try this if you can with your browser :

-Try "HIJACK THIS", you can download it from the link http://www.majorgeeks.com/Trend_Micro_HijackThis_d5554.html
-run & install the setup
-click on DO A SYSTEM SCAN ONLY
-when it completes the scan, you'll find a list of file names with the path & registery items
-maximize the screen & select those which show (NO NAME)
-select browser helper objects (BHO)
-remove them by clicking on FIX CHECKED
-when it's done, click on MAIN MENU button
-click on OPEN THE MISC TOOLS SECTION
-click on OPEN ADS SPY
-uncheck on all three check boxes
-click on SCAN button
-select every scanned option
-click on REMOVE SELECTED
-restart the machine & check...& you are done.

Please Please ! only use the feature mentioned above then uninstall HJT !

 

Run a chkdsk /r from command prompt.

When prompted to schedule it on next boot, say yes, then reboot.
This will check any bad sectors if any !


( QUOTE ) When a program asks to reboot, intending to continue on after, this PC
reboots, but shuts off during, cancelling the original program.( UNQUOTE )

Does this happen with all programs or just certain ones ?

 

It usually happens with programs that try to access the boot sector.
I've been trying to clean this thing for a month now, and haven't had any
luck yet. I wish you could see this after it connects to the internet. I've
replaced everything but the motherboard and I just bought another one.
This computer is four years old and due for an upgrade anyway.
Four malware experts have told me it's clean, but it's not. I hate to keep
wasting everyone's time, I know you have others that need help.
I'll let you know how it turns out.

Thanks for everything.