Need Help Virus Has Disabled My Internet

Discussion in 'Malware Help (A Specialist Will Reply)' started by jchag1718, Feb 10, 2014.

  1. jchag1718

    jchag1718 Private E-2

    Comp: Dell Dimension 2350, 2.3 GHz Pentium, 1 GB Ram

    OS: Windows Home XP; Serv Pack 3

    This problem started out with Yahoo hijacking my default search engine in Chrome. I thought it was attached to spigot, I deleted, but it didn't help.

    Now my browser won't even access the internet. This post is being done from my laptop. The problem is on my desktop.

    Major Geeks Administrator TimW helped me with a similar problem on the same computer 2 years ago. That time it was some sort of trojan that my antivirus was finding and getting rid of, but it would keep coming back.

    This time all of my antivirus (avg and maleware antibytes) are not picking up anything.

    I have followed all of the instructions in the Run Readme First section and will attach all of the needed scan logs.

    Please help me resolve this problem.

    Thank you.

    Jeff
     

    Attached Files:

    jchag1718, Feb 10, 2014
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding anything significant in your logs. Rerun Hitman and have it remove all that it found.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.
    What about other browsers? Do they work?
     
    TimW, Feb 10, 2014
    #2
  3. jchag1718

    jchag1718 Private E-2

    Neither of my browsers will work. (explorer and chrome) Chrome says resolving host (tried multiple websites) and the page not available. Explore loads with this in the address bar (search.yahoo.com/?type=198484fr=spigot-yhp-ie). My default homepage should be aol.com. I tried other websites and it still says internet explorer cannot display webpage. I will try what you have suggested and get back to you. Thanks Tim.
     
    jchag1718, Feb 10, 2014
    #3
  4. jchag1718

    jchag1718 Private E-2

    Still no change except that the search.yahoo is gone in ie address bar. Still cannot access the internet. I'm attaching the (2) log files from the last step. Thanks. Jeff
     

    Attached Files:

    jchag1718, Feb 10, 2014
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You didn't remove what Hitman found.
     
    TimW, Feb 10, 2014
    #5
  6. jchag1718

    jchag1718 Private E-2

    I ran it again and deleted the 6 files that it found. A little bit of a learning curve. Didn't realize you had to change the action beside each one from ignore to delete. So I changed all of them to delete and finished the program.
    I can run it again to double check?
     
    jchag1718, Feb 10, 2014
    #6
  7. jchag1718

    jchag1718 Private E-2

    I was reading thru my post from 2 years ago and it seems I had a fake partition, missing afd file and corrupt ip.sys. If this helps any. IIRC it was quite involved.
     
    jchag1718, Feb 10, 2014
    #7
  8. jchag1718

    jchag1718 Private E-2

    I just opened Hitman Pro and went to the History tab and it shows the 6 files as being deleted.
     
    jchag1718, Feb 10, 2014
    #8
  9. jchag1718

    jchag1718 Private E-2

    Well the internet is back up and the yahoo hijacking my search engine is gone. So far so good. Everything seems to be stable.
     
    jchag1718, Feb 11, 2014
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know. If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
     
    TimW, Feb 11, 2014
    #10
  11. jchag1718

    jchag1718 Private E-2

    OK. Completed the final steps. All is still running well. Thanks for your help.

    Jeff
     
    jchag1718, Feb 11, 2014
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. ;)
     
    TimW, Feb 11, 2014
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds