I tried on my own BUT ....

Discussion in 'Malware Help (A Specialist Will Reply)' started by Optical_Myth, Jan 3, 2007.

  1. Optical_Myth

    Optical_Myth Private E-2

    I just do not know enough yet. I am now coming to you asking for help. I have read alot looking for clues, mostly from your site and have tried the general suggestions. I have kept a log of all I have tried and the problems I have encountered.

    Problems noted:
    These Problems I am trying to fix started when my daughter was sent a link thro Windows live messenger ..
    she did not click on the link but it still went thro her contacts and started these problems on our end

    ~ Home page gets taken over going to "virushelpzone.com"
    ~ Security fire wall in Windows gets diabled
    ~ Windows auto save (Restore points) gets turned off and loses all previous restore points
    ~ many problems with my internet explorer. Having trouble connecting to pages, downloading helpful
    antivirus, malware, spyware programs
    ~ Seems to have a really big issues with downloading, loading, or just opening the "hijackThis" file even after renaming the program
    ~ Will not let me open anything to locate the "MSNVirrem" program
    ~ msconfig window will not stay up.
    ~ Process Explorer will not open

    1. Googled "FakeMSN8beta" which I had found yesturday in spybot.

    2. Visited "http://forums.spybot.info/showthread.php?t=122"

    3. Followed the steps as outlined to fix teatimer and ran spybot again.

    4. Spybot finds "Microsoft.WindowsSecurityCenter_disabled" and "FakeMSN8Beta" again
    Log #1

    5. Googled "Microsoft.WindowsSecurityCenter_disabled" and from what I am understanding from the posts its not something spybot fixes, just a warning flag. From what I read, *I do not disable my firewall manually nor do I have another firewall program I am aware of*

    ~ enabled windows firewall again and removed windows live messenger from the exceptions list. also turned restore point back on. Can not access any old restore points :(

    6. Ran online virus scanner "http://www.pandasoftware.com/products/activescan.htm" Had trouble getting this to run, explorer seems to have issues. Took many attempts to get it to run
    Log #2

    7. Rebooted into safe mode .. Running Spybot again. Scan says no problems found.

    8. Tried to load "HiJackThis" but the computer closes all windows

    9. Uninstalled "Windows Live Messenger"

    10.uninstalled :Internet explorer 7"

    11. Tried "HiJackThis" again but will not stay up

    12. Reinstalled internet explorer 7 and rebooted

    *Trying majorgeek site for help*

    13. Went to check on msconfig settings .. this window will not remain up but it was up long enough for me to notice it was set on normal startup.

    14. Turned all hidden files & folders on to view

    15. Turned on spybot, made sure teatimer was off and ran immunize than scan.
    Log #3

    16. Ran Counterspy not in safe mode Quarintined 2 infections.
    Log #4

    In Safe Mode in Administor

    17. Ran CCleaner
    Log #5

    18.Ran Spybot - No Threats

    19. Ran Counterspy
    Log #6

    20. Reboot into normal Windows mode

    21. Turned system restore and Windows firewall on (again)

    22. Unable to load online virus scanner for BitDefender

    23. Ran panda Active scan
    Log #7

    24. Ran "Getrunkey"
    Log #8

    25. Ran "shownew"
    Log #9

    26. Read info on properly getting Hijackthis and followed instructions. Renamed file. After many attempts finally got a log
    Log #10

    27. Disabled system restore .. note: did not prompt for a system reboot
    Rebooted and enabled System Restore

    28. Downloading spy sweeper trial, installed and scanned
    Log #11

    29. Downloading Ewido, installed and updated, scanned
    Log #12

    30. downloading Ad-aware SE, updated and scan
    Log #13

    Logging in safe and repeating scans #28, found Winlogon (tojan) and other issues
    Log #14

    31. Tried to run Process Explorer, just shuts off even after renaming file

    32. Ran Pocket Killbox, turned off until I renamed the file

    33. Could not load Trend Micro's Free Online Virus Scan page

    34. Could not load ZoneAlarm Spyware Scanner

    35. Reset IE7 to default

    36. Many attempts but finally got a Hijack Log
    Log #15

    Anyways as you see I am lost .. I will post my last Hijack log #15 with this message.. I have the others saved if you would like to see them.

    I appericate the time you spare me and any help you can suggest for me to try next.
     

    Attached Files:

    Optical_Myth, Jan 3, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please attach ALL the logs that were requested in the READ ME! You only attach the very last one requested and we don't want it unless the others steps have been completed (which means logs are attached) first.

    Here is what the READ ME requests (only attach logs that are requested):

    CounterSpy
    AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
    Bitdefender - from step 6
    Panda Scan - from step 6
    runkeys.txt - the log from GetRunKey.bat
    newfiles.txt - the log from ShowNew.bat
    HijackThis
     
    chaslang, Jan 4, 2007
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds