Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Display Hijack - Please Healp!

Started by hydroman , Jul 06 2009 02:55 PM

  • Please log in to reply

#1
hydroman
Posted 06 July 2009 - 02:55 PM

hydroman

    New Member

  • Member
  • Pip
  • 1 posts
I've had this computer for about 6 months. I've gotten infected with several virus and malware due to irresponsible file sharing. I am running Norton 360, MBAM, and windows defender. Between the two of them, they've removed everything ther found. However, every 30 minutes or so, my screen flashes like a screen shot was taken. When I was typing my credit card info into my password manager, and it flashed again, I decided I needed to find out what was going on. I did a system restore using the Gateway recovery management that came installed on my computer to erase everything to OEM settings and software. However, it still does the flash every 30 min so I'm wondering if maybe the Recovery Management feature has been tainted, or some kind of rootkit, or maybe even something really bad that I've never heard of, like some Russian super-bug. Since the system recovery, before installing anything, I ran a scan w/norton 360 that found nothing. I decided to remove the 360 and install the Norton IS 2009, which kept finding several instances of bloodhound.mbr. It would claim to remove them, but a scan done immediately afterward found the same thing, over and over again. I looked into the issue using good old Google, and saw that it somehow infects the master boot record. I don't know what that means, but from what it sounds like is that it starts before windows starts to avoid detection. Unfortunately, Norton doesn't show the location of the infected file, or I would have uploaded it to virustotal.com. I figured it might just be a false positive. I did another system restore just in case it was something. The screen flashes were still happening. After the restore I installed MBAM. On my first scan with it found the following:

Malwarebytes' Anti-Malware 1.38
Database version: 2346
Windows 6.0.6001 Service Pack 1

6/28/2009 2:25:28 PM
mbam-log-2009-06-28 (14-25-28).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 211382
Time elapsed: 23 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP