Spyware.Possible_Website_Hijack

I could do with some advice here. Spyware Doctor detected 109 infections - all under "Spyware.Possible_Website_Hijack" - only on full scan, but it cannot remove the items.

Spybot S&D and McAfee do not identify "Spyware.Possible_Website_Hijack".
I have read READ & RUN ME FIRST. Malware Removal Guide and have used CCleaner to remove the "crap" from all users (using Vista) and defragged the C drive using IObit Smart Defrag.

I followed the directions on Vista Cleaning procedure - and downloaded SUPERAntiSpyware, Malwarebytes Anti-malware (renamed mb.exe), and Combofix.exe (this one to my Desktop - the previous two to my Download folder) and MGTools.exe (to my C: drive). None of these were opened.

I then re-ran Spyware.Doctor & McAfee - mainly to re-check the problem was still reported (these scans take a few hours and were done overnight).
Spyware.Doctor still reports 109 infections but the McAfee has quarantined Generic!Atemis (Trojan) (2 files) and Combofix.exe was now unaccessible in my download folder and is missing off my Desktop:mad.

I deleted Combofix from my Downloads (intending to re-download) and now Firefox will not open the Combofix.exe link (File Not Found - Firefox can't find the file at http://download.bleepingcomputer.com/sUBs/ComboFix.exe.)
It seems I've been a bit stupid!

My intention was to post a thread with the relevant attachments but now cannot use Combofix.

My computer seems to run okay - occasionally it will hang when I try to logon with my user password. Usually works okay after I switched off the mains power and re-booted.

Do I have a problem with these 109 infections that need cleaning?
How should I proceed?

Thanks for any advice & sorry for the trouble.

Stuart

 

I know I shouldn't reply to my own post but I've just happened across a website that indicates that Spyware Doctor tends to detect "Possible Website Hijack" in the HOSTS file (which mine does) and that this is a false detection.

http://www.mvps.org/winhelp2002/hostsfaq.htm

They indicate that:

"There is no known infection that only affects the HOSTS file."

If someone could confirm that for me (that there is no "infectuion") I'd be pleased to close this thread!

Stuart

 

problems getting logs (esp Combofix):

SUPERAntiSpyware runs and indicates nothing found, but, 1st time, no log is created; 2nd time I ran it again indicated no problems; log created but not able to open or view. As both these scans ran overnight, I moved onto SpyBot.
SpyBot indicated no problems.
Malwarebytes Anti-Malware ran okay, indicated no infections, and log created okay.

Combofix is problematic - I note that your instructions indicate that McAfee can interfer with it. Upon running Combofix (after disabling Virus and Firewall protection) I get no Autoscan window; instead the screen has gone into "sleep" or "power save" mode; it has been like that for 6 hours now! Is this normal? Should I interrupt, and, if so, how?
Thanks for advice.

Stuart

 

similar problem here again - MGtools cannot make MGlogs.zip - it seems not to have permissions; I have disabled McAfee antivirus & firewall and disabled the User Account Control.

I get an error message regards HiJackThis

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.

If that happens you need to edit the file yourself. To do this click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes) and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose Run as Administrator"

I run Vista but have not downloaded HijackThis, and have no icon to click.

Any suggestions?

Stuart

 

I have re-run SUPERAntiSpyware.exe (no problems found), SpyBot (no problems found) and MGTools.

I didn't bother with Combofix again as I had so much trouble last time.

Logs appended.

Computer running fine.

Stuart

 

I now find that Combofix is not on my Desktop (although I thought I "dragged it there" from my download folder) - probably explains why I had problems running it (assuming McAfee hasn't interfered with it).

I can only find "Combofix-Download.exe" in my C:\Combofix folder, along with loads of other files and stuff.

I have reenabled UAC & tried to uninstall HijackThis (but it seems to already have been uninstalled) & removed MGTools.

I haven't looked at the System restore yet.

How might I best remove Combofix?

Thanks.

Stuart

 

All sorted.

Many thanks for all your help.


Stuart