infected with possible hijacker

Discussion in 'Malware Help (A Specialist Will Reply)' started by tom1979, Mar 19, 2009.

  1. tom1979

    tom1979 Private E-2

    I came home yesterday and my dad let me know right away that my mom was on the computer and she complained that something was wrong with it, I immediately knew she had clicked on a link that she should have not. The first thing I noticed was a strange noise everytime I loaded a new website, almost a ringing or ding noise, second I noticed that no videos were playing on any websites. It said that I did not have java installed which i clearly did. I use firefox with noscript addon so I thought that maybe she had accidently blocked scripts on some websites on accident. Unfortunately that was not the issue. I checked the internet history for today and noticed a couple of suspicious websites, one that was a maleware removal site that offered a free trial of a program (Regcure) to "clean out your infected computer". Mom being the computer noob that she is downloaded and installed this program, I immediately removed it but the problems did not go away. I also did a scan with spybot S&D and avg free edition with no results. I googled "regcure" and most of the searches that came back were also some suspicious websites claiming this program to be very good and helpfull. A small amount of searches came back saying this program is full of spyware and maleware. Some searches led me to download superantispyware and malwarebytes anti-malware, I scanned with both of them but the problem still persisted. I heard this program deletes registry files that its not supposed to in order to make you give them money to buy the full program. I also have strong suspicions that im infected with a browser highjacker and i cant seem to find/get rid of it. Later that night somehow websites started playing videos again but the weird noise when i load a new site is still there, im almost possitive im still infected somehow. I was the point of almost formating because im scared to log on any websites where i use any pw/cc numbers etc. Today i stumbled upon this website and here i am.

    *edit* the superantispywarescan log is from today not yesterday
     

    Attached Files:

    tom1979, Mar 19, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your logs are not really showing any major issues. Which browser are you using when you have problems.

    Let's fix a few minor items.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Spybot - Search & Destroy 1.4

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 23, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds