New strand of about:blank???

Discussion in 'Malware Help (A Specialist Will Reply)' started by skd44, Mar 20, 2008.

  1. skd44

    skd44 Private First Class

    I believe my computer may be infected by a new strand of the aboutblank malware. My homepage has been changed to a page called securitypills.com, and my homepage on my internet options says aboutblank. I have run the Read and Run first, and tried some other suggestions I had gotten in the past with the aboutblank strand. What would be my next option? Thanks everyone.
     
    skd44, Mar 20, 2008
    #1
  2. Lev

    Lev MajorGeek

    If you have read and worked through the Read and Run Me First step by step, then you need to post up the logs requested so that an Authorized Malware Fighter can take a look and help you.
     
    Lev, Mar 20, 2008
    #2
  3. skd44

    skd44 Private First Class

    OK Lev, I have been on here quite often, but in the past I was used to waiting for the logs to be requested before I posted them so as not to bog down the administrators. Thank you, and I will post as soon as I can.
     
    skd44, Mar 20, 2008
    #3
  4. skd44

    skd44 Private First Class

    Here are the logs that you requested. I thought I was going to have run hijack this and the other programs on my own, this new way is great!!!
     

    Attached Files:

    skd44, Mar 20, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It looks like SASpyware cleaned out the malware ...are you still having problems?
     
    TimW, Mar 21, 2008
    #5
  6. skd44

    skd44 Private First Class

    I realize you checked my SAS log and it seems I am clean but it has gotten much WORSE since I posted the logs. My computer has restarted on its own more than 5 times, I have been trying to get on here to reply to you and I keep getting kicked off Internet Explorer and every page I try and navigate to. My desktop display has been changed, my desktop items are the same but the background now has a blue background with a message stating my computer needs to be scanned, there are 3 fatal errors on my computer and to click here to scan my computer for spyware. I also keep getting two other messages that pop up. One says I have no more virtual memory and the other is telling me to install TrustedAntivirus to scam my PC for malware. I have been trying o get new logs to post for you and just finished, but don't know if any of it worked correctly. Here they are. It won't let me run a new SAS scan, so the only log I have is from yesterday, the one you said is clean. I start a new SAS scan, and it stops about 10 minutes in.
     

    Attached Files:

    skd44, Mar 21, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Dang...what did you do?

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Mar 21, 2008
    #7
  8. skd44

    skd44 Private First Class

    I'm writing from my blackberry because the steps below did not seem to work, and now isn't even get online at all. My wieless internet connections are now gone from the system tray, but worse than that, the only way I could even get on was to boot in the last known configuration that worked. After I finished the steps you asked me to follow, my machine kept rebooting and rebooting over and over, it wouldn't boot normall, or in safe mode or any other mode except for the one that says boot with last known good configuration. Once I did that, my machine is no longer able to connect to the ineternet and if I try anything else, the machine just reboots over and over. I have a very bad feeling that my lapto is shot, and I hope I can at least transfer my outlook express and all my word files onto a portable drive if I need a new computer! Any thoughts?
     
    skd44, Mar 21, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What happened between your last clean logs and what happened today (or rather early this morning)? Your system just blew up with malware that wasn't there the day before.

    First I would try doing a repair install to at least get you back up. (Pulling the harddrive and slaving it to save your info would be a last resort - unless you can easily do that, but I would be hesitant with all the malware on it).

    If you get into last known good mode without internet and you ran the fixes...do they produce a log that you can put on a thumb drive and get them to me?
     
    TimW, Mar 21, 2008
    #9
  10. skd44

    skd44 Private First Class

    I hadn't done anything since I first posted logs, the machine just got really bad. I don't knor how to do the 2 things you said I should try, and now the machine is just frozen completely. Internet explorer had 37 windows open, but none were on any web page bc internet connections are not available. I don't even have a jusk that I could put in to restore the machine to factory, and I really don't want to lose my files, I have A LOT of work stuff on my laptop. Is there anything else I can try. Sorry it took me so long but I can only write you on my blackberry.
     
    skd44, Mar 22, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your previous message started that you hoped you could transfer info from the hard drive via a portable device...that would be exactly what I meant about getting the logs from running my last fix and then attaching them to your next post.

    You have to tell me exactly what is going on ...you can get it up with problems, but just can't access the web.....can you run programs...can you get to system restore ....were you able to do the fix I gave you....can you manually ( using windows explorer) find and delete the files that I want removed in the fix?
     
    TimW, Mar 22, 2008
    #11
  12. skd44

    skd44 Private First Class

    I did do the fix youn requested I do with the cutng and pasting of files and the avenger program and after I did that reboot, that is when I lost internet connections from my system tray. I also might not be able to do the portable device because the only other computer is my work one and I can't access your page at work. System restore does not work, and I can get the machine up and running, but no web access and SAS won't let me create a new log. I tried rerunning your fix and nothing seemed to happen, the computer just kept rebooting over and over like last time.
     
    skd44, Mar 22, 2008
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Can you get into safe mode ...does it also reboot if you do? If you can't get out of the boot loop .....I would suggest you post in software to get you back stable and then we can try getting you clean.
     
    TimW, Mar 22, 2008
    #13
  14. skd44

    skd44 Private First Class

    I can get into safe mode, but I still don't have web access even when I do it in safe mode with networking. Is there any other way I can connect to the internet to try and get you logs again? I have a linsys router connected to my cable modem and my laptop usually just picks up the signal. I have a 2gb usb portable drive. Will that be enough to transfer my outlook express over to a new machine or to get you the logs??? How would I got about resetting my machine to factory without a disk? I never got one with my gateway laptop.
     
    skd44, Mar 23, 2008
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you can get into safe mode....can you do the fix I gave you? All of them will work in safe mode as long as you disable your virus and ant-spyware programs first.

    If you have problems with doing it ...then remove the files manually.

    And you could use the external drive to transfer, however I would rather you do or try to do the fix without the external drive attached.
     
    TimW, Mar 23, 2008
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds