Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help identifying malware

Started by replayed , Aug 26 2008 01:59 PM

  • Please log in to reply

#1
replayed
Posted 26 August 2008 - 01:59 PM

replayed

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I'm looking for some help identifying the malware that has infected my computer. I can post a Hijackthis log on request, but I didn't want to do that before being asked.

I have a Toshiba laptop (a Tecra M5) running Windows XP SP2. (And no, I don't have any restore points I can fall back on. My mistake).

Yesterday, while I was surfing with Firefox 3, I suddenly got a popup telling me my machine was infected. My screen background got hijacked for anti-malware ad, and my screensaver got replaced with a fake blue screen of death. I ran Symantec AntiVirus (which found one infected file) and Spybot Search & Destroy (which reported a couple of malware detections). I also ran Hijackthis, which showed a couple of clearly suspicious entries, which I (yes, I know) deleted.

After cleanup, the screen background and screen saver are okay, but my machine still feels sluggish and my TCP/IP stack is definitely compromised. The scans look clean, but here are some symptoms I'm still seeing:

- Host names like geekstogo.com, www.safer-networking.org, etc. (basically anti-malware sites) always resolve to localhost. I can override them in C:\WINDOWS\systems32\drivers\etc\hosts, but the host names are being hijacked someplace deeper. It's not a DNS hijack by the way. The DNS resolutions (via nslookup) are correct, so the names are being hijacked even before that.

- At boot time, I always get a pop-up from Intel's Wireless PRO software saying it couldn't load a plugin and is exiting.

- Firefox 3 is compromised. When I do a google search, all the hits come back as links to go.google.com (which resolves to compalusa.com).

- All network-based applications feel very sluggish.

If these symptoms sound familiar to anyone, I'd appreciate a pointer to the name of the infection, so I can apply this site's recommended cleanup procedure(s). If anyone would find my current Hijackthis log useful, please let me know and I'll post one. Please let me know any other questions you might have.

Thanks in advance for any help you might be able to offer.

-------------------------------------------------------------------

Edited to add that I used Malwarebytes' Anti-Malware software and it seems to have taken care of the infection.

Thank you.

Edited by replayed, 29 August 2008 - 07:41 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP