Nasty problem - help please!!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Beagle, Mar 27, 2007.

  1. Beagle

    Beagle Private E-2

    Hi all!

    I've been having a problem since the weekend - my internet connection throws me off after a few minutes and when I reconnect half of my regular websites are 'unavailable'. (I'm on XP SP1, using Firefox). Sites that before I disconnected were fine.
    I suspected I had a virus, but after running my AVG, SpyBot, and Adaware the problem remained. So, I thought I'd try Hijack This - but is doesn't work. I double-click on the .exe and it appears for a second then quits, and my Windows looks like it 'restarts' - it goes blank and then reappears. I've tried to download a new version of Hijack This but when I search for it using Google my browser quits. It even quits when I click on the link to HJT on this site! Basically, any site that seems to have a connection to HJT causes my browser to quit - this happens on both Firefox AND IE.

    I've followed your removal instructions as best I could - obviously I can't include a HJT log (it fails to run even in 'safe-mode') and C Cleaner doesn't work either - when I click on the installer, Windows 'resets' in much the same way as it does when I try to use HJT.

    Anyway, I've included logs for Panda, BitDefender, CounterSpy, Newfiles and Runkeys.

    Here's the first 3.
     

    Attached Files:

    Beagle, Mar 27, 2007
    #1
  2. Beagle

    Beagle Private E-2

    and here's the next 2 logs.
     

    Attached Files:

    Beagle, Mar 27, 2007
    #2
  3. Beagle

    Beagle Private E-2

    Update:

    It's got worse, lol...this morning, CounterSpy flagged up a file called 'ssucqimo.log, so I quarantined it. Now, whenever i start the computer I get the desktop but it is totally blank, no taskbar, no icons - nothing apart from my wallpaper and cursor. If I right-click, nothing happens. All I can do, is access the Task Manager by pressing Ctrl-Alt-Del.

    If i start in 'Safe Mode', I get the same problem.

    Anybody seen this before?
     
    Beagle, Mar 28, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sounds like a combination of a couple of infections. Possibly Haxdoor and also a form of Virtumonde.

    You did not get a proper log from GetRunKey. You need to make sure you installed it properly and ran it from outside of the Zip file like you did with ShowNew. Then try to get me another log.

    Did you rename hijackthis.exe to analyse.exe? If not, rename and try to run it.

    Your logs are not giving me enough info to find all the problems. If may well be that you have a rootkit part of Haxdoor that we will need to scan for and remove. If you cannot run things the normal way, you will have to run them from Task Manager by clicking File, New Task (...Run).

    I'm not sure how much of the below you will be able to do. It depends on your problem and on your experience level. Let's go for it and see what you can do. Just do everything that you can and tell me when you come back what you could not do.


    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now reboot into safe mode and run Windows Explorer (make sure you did step 2 of the READ ME) and look for the below files and delete any that you find:
    C:\WINDOWS\system32\regscan.exe
    C:\WINDOWS\system32\taskmgn.exe
    C:\WINDOWS\system32\dcxjpbwp.exe
    C:\WINDOWS\system32\dhtbqyoz.exe
    C:\WINDOWS\System32\klogon.dll
    C:\syscilb.exe

    Now reboot in normal mode and see if you can do the below!

    Please download Blacklight Beta
    • Download blbeta.exe and save it to the Desktop.
    • Once saved... double click blbeta.exe to install the program.
    • Click accept agreement and Click scan
      This app too may fire off a warning from antivirus. Let the driver load.
      Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that starts with fsbl....big number
    Please attach the BlackLight log.
     
    chaslang, Mar 29, 2007
    #4
  5. Beagle

    Beagle Private E-2

    Thanks for your reply Chaslang.

    Before I had a chance to read it however, I tried one last thing - I realised that I could run Retrospect from Task Manager, and remembered that I had an entire boot drive backup on my external HD - so I tried to restore this. Worked a treat - my system is now clear of all bugs. However, it's also a year out of date, so I'm updating Windows again, and ensuring that it's still clean and de-fragged before I do a new back-up.

    Thanks again for taking time to reply. (sorry to waste your time! lol...)
     
    Beagle, Mar 30, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Mar 30, 2007
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds