[dieseltd]

Hi,
It's my first time here. A few days ago i started getting a bunch of open browser windows, they said morwill search, then lycos, then commission junction. Then my desktop changed to a warning page for spyware. An apparent software program popped up(winhound) and said it performed a scan and i need to remove spyware. I immediatedly did a search and found your website. I followed your post about what to do first. I did the spybot, cleanup, online scan, adaware se, etc. The adaware found 92 critical files, and i removed them as suggested. The spybot found several files aswell. From my recollection(as i can no longer open the program) there were some called alexa, coolwwwsearch and others. I found and uninstalled the winhound file. I ran cleanup which freed up 1.1gb of space. Then the last time i rebooted i lost my start bar(large gray bar in its place). I also lost the menu commands on my browser. And all of my favorites have been replaced with what appears to be computer language. I just tried to hijack this, but it now will not let me open my log file.
Help!!

update: this is getting worse by the minute. i can no longer get updates to mcaffe, or any other help program. I cannot open log files of hijack to share here. My computer is displaying mutant forms of icons on my desktop and does not show icons anywhere else, ie open folders etc. CAN SOMEONE PLEASE HELP SOON? I am afraid the computer will not make 3 days!
Thanks

Edited by dieseltd, 09 December 2005 - 05:39 PM.

[Advertisements]

Hi dieseltd,

Try renaming HijackThis.exe to something else, say like water.exe and see if you can get it to run..

If no success, try again in safe mode..boot into safe mode by tapping the F8 key just before Windows starts to load..

If you can get it to run, please post the log here..if no success let me know and we will try other things..

[Armodeluxe]

Hi dieseltd,

Try renaming HijackThis.exe to something else, say like water.exe and see if you can get it to run..

If no success, try again in safe mode..boot into safe mode by tapping the F8 key just before Windows starts to load..

If you can get it to run, please post the log here..if no success let me know and we will try other things..

[dieseltd]

Hi and thanks for the reply!

I tried what you suggested, but it did not work.

I can actually open hijackthis, but i cannot oprn the log files. I get an error that says...

the application failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

any other ideas?

thanks

TMW

[Armodeluxe]

Right now can you get on the internet using that computer at all? Do you have any browser installed other than IE? If you can't get on the net using IE, first thing we have to try is to get you online using another browser..

Download the Firefox installer here:

http://www.mozilla.com/firefox/

Transfer it to the infected computer. If the email on the computer is working, email it. Otherwise use a floppy or CD.

If you can get online using Firefox, try downloading HijackThis again. See if it works. Otherwise download Startdreck:

Download: StartDreck from: http://www.niksoft.a.../startdreck.htm

• Extract the file into c:\startdreck.
• Navigate to c:\startdreck and double-click on Startdreck.exe
• When the program opens click on the Config button.
• Put checkmarks in the following checkboxes in addition to the defaults:
• Under Registry put a checkmark in the Internet Explorer checkbox.
• Under Registry put a check in the Special NT Values checkbox.
• Press the OK button.
• Press the Save button.

Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

Open the StartDreck.log, copy and paste the results of that log here..

If you can't get Firefox to work, transfer Startdreck using the methods above and then transfer out the log.

[dieseltd]

ok, i can get onto the net with ie however, i cannot open links...they freeze the page for a bit then reopen the current page. If i copy and paste the links, they work fine. I tried to download and install the firefox. Download was successful, however the install would not work. It produced the same error as in my last post. I then proceeded the download and install the startdreck. Both download and install were successful, but the log file produced the same error as above. I then tried your suggestion about email to another computer. I sent both the hijackthis log and startdreck log. I recieved the email at the other computer, and when i opened the attachments, an error popped up that the files do not exist and asked me if i would like to create then now.

now some things that caught my eye when i was looking at the startdreck log....

1)

>>run
*alexatoolbar=C:\windows\alt.exe

2)

+.disabled
*spybotsd.disabledfile="c:\program files\spybot - search & destroy\blindman.exe

i typed the above entries so you could see them, i did not copy them. Those two just stood out as i have seen alexa on the forums before and my adware se had picked up something similiar, and my spybot is not working(among other programs).


Help!!!

thanks

[Armodeluxe]

Ok, let's try some other ways then..

Download this zipfile and save it to your desktop:

http://www.dougknox..../xp_txt_fix.zip

Unzip it (right click>extract all) to your desktop. Now open the xp-txt-fix folder created on your desktop, double click on xp-txt-fix.reg and let it merge with the registry.

Now see if you can open the log file and post it here..if you can post both HijackThis and Startdreck logs..

If you can't, let's try another method..if you have a screen capturing software, use that..otherwise download Gadwin Printscreen here:

http://www.gadwin.co...ad/ps_setup.exe

Now open HijackThis and click Make a scan only. Then capture screenshots before and after scrolling down to make sure to get all and post them here. If you are using Gadwin, the pictures will be saved by default to your My Pictures folder. Use the browse button at the bottom to add them as attachment.

Let's see how this goes..

[dieseltd]

Hi again,

I downloaded both files you suggested and both gave me the same error as above when trying to run them.
maybe if all else fails we could do a winmeeting?
any other ideas?

[Armodeluxe]

If you don't have your Start bar, open a command window via Task Manager. (CTRL+ALT+DEL)

Go to File>New Task and type: cmd.exe

At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

[dieseltd]

Okay,
when i hit ctrl+alt+del nothing happens. I then tried right click on taskbar/open task manager and nothing happens. I finally tried searching "task manager" in help and it gave me a link to open it there but the following error came up

THIS PROGRAM COULD NOT START. THIS MAY HAPPEN IF:
-your computer is on a network (im not on a network but do have a dsl router and a second computer, though can't access each other)
-you need to install the necessary hardware
-you need to install the necessary software
-you need to re-install the program file
-you are running windows xp 64 bit edition
-you need to access an active directory snap-in

any other ideas?

[Armodeluxe]

Let's try to run a few cleaning programs..don't worry if you can't save the logs..

1)Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click Download Now to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

2)First, download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Please download Ewido Security Suite (do NOT run it yet!)

• Install ewido security suite
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen
• You will need to update ewido to the latest definition files.
• On the left hand side of the main screen click update
• Click on Start
• The update will start and a progress bar will show the updates being installed
• After the updates are installed, exit Ewido

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode:

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

If Cleanup! asks if you want to reboot, click NO

Open Ewido

• Click on scanner
• Click Complete System Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop
• Exit Ewido

After running those if you can, try to boot into MS-DOS mode and try the sfc /scannow command that way..

[dieseltd]

i tried your suggestions...
webroot would not open, produced same errors as above. I already had cleanup and ewido. Cleanup will install and run though i did not run it. ewido will not. I am thinking i have a registry problem or something preventing me from running exe files. I did a search at microsoft site and found a fix for not being able to run exe files. It requires going to start/run(which i dont have) I do have command prompt still available and i tried typing the commands there but with no success as it states it cannot execute the file.
I am really frustrated as i use this computer for my business and have alot of important files and programs on it that i cant afford to be lost or corrupted.

[Armodeluxe]

In your previous post you mentioned that you were able the access the helpcenter. I think a system restore is the way to go now, if that can be done. Pick a date prior to the problems started and see if you can do a system restore..

If no success, the second way to go is a repair install of Windows. Don't worry; Windows XP repair feature won't delete your data, installed programs, personal information, or settings. It just repairs the operating system!

See this topic for how to do a repair install:

http://www.geekstogo...ws-XP-t138.html

If you can succeed in either, please post a HijackThis log ASAP.

[dieseltd]

Hi,sorry i havent been home in a few days. my system restore had been turned off recently and i lost my previous restore points. I also misplaced my startup disk. can i get them off the web or can i use an xp disk from another computer?

[Armodeluxe]

You can use any XP CD as long as it's the same version (Home/Pro). You will also need a valid CD key.

The answer to your question was available in the link I provided in my previous post. Please read that thread.

[Armodeluxe]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.