HSA...Go away ;X

Hi there.

I believe I have the HSA hijacker/popup malware. I get the stupid "ONLY THE BEST" popups as well as fake system error messages (which redirects to a website), fake windows security agent icon on the toolbar (another redirect), and the "search engine" inside the blank part of my broswer window (usually with a pretyped word like "soft" "visa platinum" or "mortgage"). I've downloaded the various programs and done virus scans/spyware scans. They usually will find DLLs or maybe some EXEs, but they always come back upon repeated scans. As an interesting note, this version of it seems to target and disable/corrupt the Microsoft AntiSpyware beta.

If that is of interest to you...the MS ASB will at first report a ton of different DLL and EXEs that are trying to place themselves in your run-processes. Even if you click "block" on all of them, it will be relentless until some odd change slips by "based on your past feedback". Upon reboot, trying to launch the MS ASB will result in you seeing the setup screen for the program, even if you have already config'd it/set it up. The program will not even launch now, giving me an error. So it seems the maker of this malware is specifically targeting not only IE but the MS ASB as well.

Anyways, here are the log files from HiJack This and the StartDreck.

Thanks.

 

Hello Ihategnomes,

Pelase do not post HJT logs w/o being asked and dont post untill you go thru the read me!

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Ok...I did all that...now the problem is worse ;/

Some file named javais.exe located in the system32 folder immediately starts eating %100 of the PC's processing power. To make matters worse, IE will no longer launch on my primary user account, instead completely locking the system. It does this even in safe mode /w networking. As a result, I am being forced to communicate via another account ;/

Here are the hijack this and startdreck logs.

 

Have to use Firefox now...IE is pretty much unusable ;/