W32.tibick

Hello. I am infected with the W32.tibick. I read the other thread of the guy who was having problems but nothing worked for me. Could somebody please help me?

 

Hi Leon,

Please start HERE:
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

Note the steps that you can and cannot complete. Please make sure that you are in Safe Mode with System Restore OFF and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Also give OS and more specific symptoms.

Post back with the results from the above instructions and we’ll go from there.

Best luck
PP

 

Well, for starters, it won't even let me open that page. Can't run regedit. Can't view processes in task manager. Can't go to any site that has anything to do with "anti-virus". I was able to squeak by on Panda and I scanned, found 63 infections, 60 of them were negligible, 3 I believe were related to this. I can't run anti-virus software. I can't run Hijack This. On and on and on... I deleted svcnet.exe and I cleaned up c:\windows\system32\drivers\etc\hosts. I'm running Windows XP. Uhh.. if you need to know anything else just ask. My AIM name is Leon5465 if anyone feels nice enough to help me Or just give me advice on here. Either way. Oh, also I can't go to the Windows Update site.

 

Leon,
rename the HiJackThis.exe to

HiJT.exe and run it .. then post your log.

Also, can you get into safe mode with networking via the boot menu? (only do this if you're on broadband)

 

Still can't run it. I tried changing it to .com also and that didn't work either.

 

can you get to any of this stuff while in safe mode?

 

Nope.

 

Ok, I blindly closed stuff in task manager and I got the bastard. So I was able to run hijack this.

 

you need to update to the latest version of HJT
http://www.majorgeeks.com/download3155.html

then post a new log.

 

I thought that's where I downloaded it earlier, maybe not.

 

Hi Leon,

Do you know what these are?

C:\DOCUME~1\Book\LOCALS~1\Temp\~setuptmp1\irsetup.exe
C:\DOCUME~1\Book\LOCALS~1\Temp\~setuptmp1\irsetup.exe

You should Uninstall Wild Tangent if any of it remains.

BEFORE you start this, you MUST move HijackThis to its own Safe folder – C:\Program Files\HijackThis - This is Important!!


Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager for the following running processes and END them (if found):
svcnet.exe
drvsrv32.exe

Now scan with HijackThis and Check the Boxes for the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

F2 - REG:system.ini: Shell=Explorer.exe,drvsrv32.exe -shell

O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe

O4 - HKLM\..\Run: [WinService32] drvsrv32.exe -services

O4 - HKLM\..\RunServices: [WinService32] drvsrv32.exe -services

O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe

O4 - HKCU\..\Run: [WinService32] drvsrv32.exe -drivers

O4 - Global Startup: Reset.lnk = C:\WINDOWS\repair\reset.bat

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} - http://www.rovion.com/Controls/Rovion.cab?affiliate=WFMS

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

Now boot into Safe Mode and DELETE:
C:\Windows\System32\svcnet.exe
C:\Windows\System32\ drvsrv32.exe
C:\WINDOWS\about.htm

Reboot to Normal Windows and Scan with HijackThis and attach that log. Let us know of any problems you may have encountered with the above instructions and how your computer is running now.

Best luck
PP

 

Seems to be running great now. Thanks for the help.
I uninstalled some programs so it might look a little different.

 

Hey Leon - Looks good! Happy I could help

You ought to visit Windows Updates and get up-to-date. Also, take a look at Chaslang's suggestions HERE: How to Protect yourself from malware!

Best
PP