Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need some help, was attacked by something


  • Please log in to reply

#1
Atamu

Atamu

    New Member

  • Member
  • Pip
  • 1 posts
While surfing the web ( www.stumbleupon.com ) , around 2:30 pm today, a threat was blocked by AVG, it says in my AVG event history:

"3/18/2012, 2:32:14 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process 0.7382187341458569H7I.EXE was detected."
"3/18/2012, 2:32:23 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process 0.7382187341458569H7I.EXE was quarantined."

Then the desktop refreshed on its own and I noticed some desktop icons were missing and the taskbar properties had been changed to never combine my taskbar buttons. I realized something was wrong, so I opened the task manager to look through the services/processes, nothing stuck out as out of the ordinary at that time. Then a window popped up saying something was missing in the registry. Also, i realized that my Start menu was missing a lot of buttons (control panel, my computer, etc. But the list of programs and 'all programs' buttons were still there. So I googled a few processes that kinda looked weird from the task manager, but found out they were benign. After that I opened my AVG user interface from the system tray and started a scan. It came up with no threats.

So I downloaded AVG PC-Tuneup and did a full registry scan. It came up with a bunch of errors, and it said that all fixes were successful. That took about 30 minutes.

I did ANOTHER registry scan, as things were still not back to normal, then I looked for a system restore point (there wasn't - my negligence).

My next thought was that maybe some of those 'critical' windows updates that I hate so much might actually be critical, so I did a full windows update. and rebooted the computer. Things are still not back to normal.

Then I ran a scan with hijackthis, noticed some weird ones that were pretty obviously bad and cleaned them up. Still not back to normal. So I ran another hijackthis and am attaching the logfile. This time, I got a message from Hijackthis: "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may NOT be able to fix this...."

I don't know what else to do...

Any and all help would be awesome...





And later on:

"3/18/2012, 2:57:21 PM";"Doebringer-PC\Doebringer";"Components";"Ignoring the LinkScanner component state was enabled." <--------not sure what this means
  • 0

Advertisements


#2
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
Go to the Virus, Spyware, Malware Removal forum, read the first post and follow instructions.

Come back here once you get a clean bill of health if you still have problems.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP