A couple weeks ago my internet access began getting hijacked & I couldn't download any virus removal or update software. I downloaded all these programs at work to a portable drive & installed them @ home. Here are my logs and I hope somebody out there can help me out. Thanks!
8-Step Removal Logs
- Thread starter CreamPuff
- Start date
- Status
Uninstall Avast (Seeming you have Avira Antivirus installed)
Note: You can only have one Antivirus installed at a time
Update Avira
Startup Malwarebytes again
Update Malwarebytes (the update button is found on the third tab in the program's toolbar)
Do another full scan of the Updated Malwarebytes, with Avira updated, and protecting in the background. (Pretty sure it will find more Malwares to remove)
Note: You can only have one Antivirus installed at a time
Update Avira
Startup Malwarebytes again
Update Malwarebytes (the update button is found on the third tab in the program's toolbar)
Do another full scan of the Updated Malwarebytes, with Avira updated, and protecting in the background. (Pretty sure it will find more Malwares to remove)
Run IE Reset. Info howto here: https://www.techspot.com/vb/post682762-2.html
Restart
Test and setup IE properly again
Report findings
Restart
Test and setup IE properly again
Report findings
Alright, I ran CC, reset IE, restarted my PC and ran a Malwarebytes scan which didn't find anything.
I didn't setup my IE tho' because I've actually changed my default browser to Mozilla since I've heard it may offer better protection, not sure if that's true but it wouldn't hurt either. Anyway I've attached a copy of my latest Mbam scan. Thanks!
I didn't setup my IE tho' because I've actually changed my default browser to Mozilla since I've heard it may offer better protection, not sure if that's true but it wouldn't hurt either. Anyway I've attached a copy of my latest Mbam scan. Thanks!
Thanks I need to see the new HJT log (restart first before creating)
Actually, download Startup Control Panel and remove any (many) not required shortcut startups (these startups just slow your computer down, and create a large HJT log, which I'd rather have reduced in size)
Anyway, then restart, and then create a HJT log and attach it
Also report on how it's presently going
Actually, download Startup Control Panel and remove any (many) not required shortcut startups (these startups just slow your computer down, and create a large HJT log, which I'd rather have reduced in size)
Anyway, then restart, and then create a HJT log and attach it
Also report on how it's presently going
I downloaded SCP & disabled anything that I thought made sense to.
I restarted the PC & ran a new HJT log.
My PC seems to be running like it used to, no re-directs & downloading/accessing sites works like it's supposed to. Also, there's nothing I can see directly but I'm still unsure of what may be lurking in the background....
I restarted the PC & ran a new HJT log.
My PC seems to be running like it used to, no re-directs & downloading/accessing sites works like it's supposed to. Also, there's nothing I can see directly but I'm still unsure of what may be lurking in the background....
Re-open HJT and do a scan
Place a tick next to the following two items
Before selecting fix, close all\any Internet browsers
Select Fix
You can also now uninstall SuperAntiSpyware, or stop it from starting with Windows (either way is good)
Precautionary measure:
Download Combofix
Lots of info on its use h e r e
Direct download h e r e
Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive
Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
Log into your Administrator account
Locate the previously downloaded Combofix
Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
Once Combofix has finished, save the log file to be attached to a new reply
Restart back to Normal mode, and attach the Combofix log
Place a tick next to the following two items
Before selecting fix, close all\any Internet browsers
Select Fix
You can also now uninstall SuperAntiSpyware, or stop it from starting with Windows (either way is good)
Precautionary measure:
Download Combofix
Lots of info on its use h e r e
Direct download h e r e
Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive
Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
Log into your Administrator account
Locate the previously downloaded Combofix
Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
Once Combofix has finished, save the log file to be attached to a new reply
Restart back to Normal mode, and attach the Combofix log
I've got major issues now...
Everything was cool after running the last HJT log. But, after installing and running Combofix in Safe Mode windows will now not boot up in Normal mode. My Vaio startup screen appears and it looks like Windows will boot like it normally does, but I get nothing. Just a blank black screen. Everything seems fine though in Safe Mode.
I've attached the Combofix & HJT log and will now patiently await instructions.
PS - I've tried to stop SuperAntiSpyware from starting by using Startup Control Panel, but when I restart the program starts anyway & conflicts with Combofix. Do you know of any other way of disabling SAS other than uninstalling?
Thanks
Everything was cool after running the last HJT log. But, after installing and running Combofix in Safe Mode windows will now not boot up in Normal mode. My Vaio startup screen appears and it looks like Windows will boot like it normally does, but I get nothing. Just a blank black screen. Everything seems fine though in Safe Mode.
I've attached the Combofix & HJT log and will now patiently await instructions.
PS - I've tried to stop SuperAntiSpyware from starting by using Startup Control Panel, but when I restart the program starts anyway & conflicts with Combofix. Do you know of any other way of disabling SAS other than uninstalling?
Thanks
Please do the following
Uninstall Zone Alarm (we'll discuss Comodo as a better alternative later)
Uninstall SuperAntiSpyware (this may be re-installed later)
Download and run this tool: http://www.dougknox.com/xp/utils/XP_FixLogon.zip
This utility checks for the correct GINA value in the Registry and will allow you to restore it, if its incorrect.
Restart back to Normal mode, then provide a new HJT scan log
Uninstall Zone Alarm (we'll discuss Comodo as a better alternative later)
Uninstall SuperAntiSpyware (this may be re-installed later)
Download and run this tool: http://www.dougknox.com/xp/utils/XP_FixLogon.zip
This utility checks for the correct GINA value in the Registry and will allow you to restore it, if its incorrect.
Restart back to Normal mode, then provide a new HJT scan log
That's better 
You can also startup HJT Scan (only) again, and remove (tick and fix) these entries:
It's looking lots cleaner
But Combofix, I think has just updated, either way it would be wise to start it again (normal mode is fine)
If it asks to be updated, allow it to download any updates
Run the scan
The only real annoying part is when it creates a log (after restart) it seems to take forever! (but wait until finished)
Attach the Combofix log to a new reply
Then do the following (even without my reply at that stage)
Also do this as well:
Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
Download and run KCleaner
Default install, and then press Start on it
Restart again
Basically you're done at this point. But you possibly wanted a personal firewall
My recommendation is to actually continue as you are, but if you use your computer for online banking and other very sensitive Internet work, then you may want to download Comodo free Firewall
It would be nice to get feedback as well after all this
You can also startup HJT Scan (only) again, and remove (tick and fix) these entries:
It's looking lots cleaner
But Combofix, I think has just updated, either way it would be wise to start it again (normal mode is fine)
If it asks to be updated, allow it to download any updates
Run the scan
The only real annoying part is when it creates a log (after restart) it seems to take forever! (but wait until finished)
Attach the Combofix log to a new reply
Then do the following (even without my reply at that stage)
Also do this as well:
Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
Download and run KCleaner
Default install, and then press Start on it
Restart again
Basically you're done at this point. But you possibly wanted a personal firewall
My recommendation is to actually continue as you are, but if you use your computer for online banking and other very sensitive Internet work, then you may want to download Comodo free Firewall
It would be nice to get feedback as well after all this
Yep, looks good :grinthumb
You may want to update to a more secure Hosts file
There's lots of important info on that here: http://www.mvps.org/winhelp2002/hosts.htm
As it's difficult to see the actual download, here it is: http://www.mvps.org/winhelp2002/hosts.zip
Important! Windows Vista requires special instructions: http://www.mvps.org/winhelp2002/hostsvista.htm
Simply download the hosts.zip file, extract, then run mvps.bat, then restart
Then restart, and test browsing the Internet again
You may want to update to a more secure Hosts file
There's lots of important info on that here: http://www.mvps.org/winhelp2002/hosts.htm
As it's difficult to see the actual download, here it is: http://www.mvps.org/winhelp2002/hosts.zip
Important! Windows Vista requires special instructions: http://www.mvps.org/winhelp2002/hostsvista.htm
Simply download the hosts.zip file, extract, then run mvps.bat, then restart
Then restart, and test browsing the Internet again
- Status
Similar threads
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- kimo1 replied
-
Tech giants are spending more on AI amid slow returns, and that's spooking investors- Squid Surprise replied
-
Seagate's new Mozaic 3+ HAMR hard disk drives can last longer than conventional PMR HDDs
- Squid Surprise replied
