another opinion...

Discussion in 'Malware Help (A Specialist Will Reply)' started by don't_know, Jan 2, 2007.

  1. don't_know

    don't_know Private E-2

    Hey Everyone
    I'm new to this and i'm sure I'll probably break all the rules but I'll give'er a go anyways. I know that there is something wrong with my computer.
    I opened an attatchment on MSN and now my homepage has been redirected to virushelpzone.com/, and now I my updates on Norton will not work. I download spybot search and destroy and it did find a couple files that it removed, but when I ran it again the next day the same files came up as threats again. My Norton says everthing is ok but i don't believe it either. Also my C-drive is full of all this Krap that I have no idea where it came from.
    I've tried using the following to catch this:
    Norton (obviously)
    Spybot search and destroy
    Spyware doctor
    Some smartkiller thing but It won't load and
    Hijack this
    Can anyone else give me some advice on what to do before I have to take it in somewhere to be cleaned up?
     
    Last edited by a moderator: Jan 3, 2007
    don't_know, Jan 2, 2007
    #1
  2. don't_know

    don't_know Private E-2

    Re: another opinion...more info please help

    I don't know if this will help anyone out but I just ran spybot search and destroy 3 times and each time I keep getting the below come up,and then it fixes them and they just come right back up on the next scan:
    fakemsn8beta
    c:\windows\system32\taskkill.com
    c:\windows\system32\netstat.com

    HKEY_LOCAL_MACHINE]systme\currentcontrolset\services\wscvc\start!=w=2
    +microsoft.windowssecuritycenter_disabled
    Microsoft.windows.redirectedhosts

    I've also run a suggestion that came off another forum to:
    Firstly you need to enable viewing of hidden files as follows:
    1) Go to My Computer, and click on the "Tools" menu
    2) Click "Folder options"
    3) Select the "View" tab
    4) Make sure "Show hidden files and folders" is selected
    5) Make sure "Hide extensions for known file types" is unchecked
    6) Make sure "Hide protected operating system files (recommended)" is unchecked

    You can/should change this back when you are all clean (in case I fail to mention it again)


    Either navigate to; or search and find the HOSTS file located here --->>C:\WINDOWS\system32\drivers\etc\HOSTS. Right click and rename it HOSTS.old for now.

    Get on-line and go HERE and read the page; then download and run stinger. When it is done, click on file (in stinger) and choose save report to file.

    Reboot; then download Hoster from here: HOSTER
    Press 'Restore Original Hosts' and press 'OK'
    Exit Program.

    but that didn't work either...confused
     
    Last edited by a moderator: Jan 4, 2007
    don't_know, Jan 3, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: another opinion...more info please help

    Welcome to Majorgeeks!

    Things you mentioned in message number 2 are all things covered in various sticky thread procedures here on MGs had you taken the time to read them. Also the Hoster program is downloadable here on MGs too and we prefer to have links refer to our download pages first as it is how these forums are supported. Thus I changed your link to our download page.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    chaslang, Jan 4, 2007
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds