Another infected PC

By steveinminnesot
Jan 14, 2009
  1. I've been working on my son's computer for two days now and am stumped. The browser is hijacked along with a problem with even reaching IP addresses of anti-malware companies. All of the anti-spyware/malware programs have been disabled and it won't let me even uninstall and reinstall them. AVG Antivirus seems to work but doesn't find anything. Spybot, Ad-Aware, Malwarebytes Anti-Malware, and SuperAntiSpyware all are somehow blocked from executing.

    I have followed all the various lists of steps to complete and nothing seems to make any difference. It would be great to at least figure out what's redirecting my browsers (IE & Firefox).

    Before someone says, "follow the 8 steps.. " I've tried them and about 100 others.

    1. Running AVG - Won't update but doesn't report a problem.
    2. Ran CCleaner - Removed some cookies. No real affect.
    3. Diasbled AVG real-time monitoring
    4. Malware Anti Malware won't run. Clicking on the Icon doesn't do anything. Same with Spybot and the half dozen others that I have on the PC. Can't navigate to the source websites. Downloaded new copies on a different PC, but the installations all abend, fail, or hang.
    5. Downloaded SuperAntiSpyware on a different PC. Crashes (almost instantly) when I attempt to install the code.
    6. JRE updated and running without problems
    7.Hijackthis log attached to original message.

    Just another clarification. I can't update AVG through the web interface but I can manually download the updates to a flash drive and manually install them on the infected PC. I disable the LAN connection and update AVG and run the scan daily. It never finds anything but does report that the boot sector and hosts file have changed. After all my screwing around with the PC, I'm sure I caused those two changes. The hosts file hasn't changed - I replaced it.

    Oh, one other note. I did download the current version of the Microsoft Malicious Software Removal tool. It ran for about 80 minutes and found (and said eliminated) 5 problems. Didn't seem to make any difference.
  2. dishroy

    dishroy TS Rookie

    my network can see the computers but ican not browse an shared drive and icannot print on network but before iwas printing what could be the problem
  3. rf6647

    rf6647 TS Maniac Posts: 829

    I am just replying without having time to fully consider your description. What follows tries to break the malwares stranglehold from running the tools. MBAM version 1.32, definitions > 1600 are needed against newer threats.

    Your are describing an exploit to frustrate reaching anti-malware sites. Here are methods that have been used recently. The alternative was offered by a new member.

    Lately, using the ‘rename’ technique seems to answer malware.

    1. Since you are discribing a case of difficulty. attempt this method (follow link for 'How To')
      • Use this method to stop any 'non-plug and play' driver that is named in this guide.
      • Please report its name for changes to the method

    2. For infections that have more severe symptoms, Unable to run or update via TechSpot 8 Steps or manually run MBAM or SAS

    3. Message #3 - link to 'fixit download' has demonstrated its effectiveness in many cases. Go to message # 3 'fixit download'. Part of the method renames the executable to get the application to run. Here is another member that used renaming.

    4. Alternative - Web site has a link to download-dot-com - phonetic spelling used
      • There appears to be a connection with 'sagipsul' popups.
      • Read this post. from member.
      • phonetic spelling for web site

    Yet another alternative - Symptom: somethingawful; sporadic gurgle redirect;
  4. steveinminnesot

    steveinminnesot TS Rookie Topic Starter

    Thank you. I followed some advice from another forum and finally got Combofix to install and run. It found a few things and fixed them but the side affect was that Malwarebytes Anti-Malware installed okay afterwords and just finished running finding the following problems: Trojan.BHO, Rogue.Antivirus2008 and Broken.SecurityProviders. I'm going to remove those problems and keep plowing away.

    SuperAntiSpyware will load now and is running but Spybot is still DOA. I'll completely uninstall and remove it from the PC and download it again and start over with it.

    Funny how I could bang my head against the wall for almost three days on this and finally find a crack in the armor. I don't want to jinx it, but I feel like there is an end in sight.

    Everything seems to have been related to the TDSSsys situation. .

    Interestingly, AVG didn't find the TDSS trojan horse before SuperAntiSpyware found it, but it did find it afterwords in the Quarantine folder...

    Spybot still won't run, but everything is back to normal. I also meant to mention earlier that it somehow had disabled my system restore points too. Once I have everything cleaned up again, I'll set new restore points and make new backups of my data.
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please uninstall your AVG7 (if still installed) This version is now obsolete
    Once uninstalled then run the AVG removal tool:
    Here is the 32Bit version (most users):
    Here is the 64Bit version:

    Then proceed to do this process in full:
    UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    Note: Avira Antivirus (also being in the above guide) would be a better alternative to AVG

    Also, I have merged 6 of your posts in this thread. Do not reply to yourself, use EDIT instead
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...