Antivirus won't launch, redirected from antivirus website

Status
Not open for further replies.
T

tonight1000

Posts: 10   +0
Hi all,

I am very new to this and I currently cant launch any antivirus software that I have downloaded from bit torrent site (note: I have been redirected or page showing error everytime I try to visit antivirus webiste)

I am attaching a hjt log and your kind advice is appreciated.

Thank You.

tonight1000
 

Attachments

  • hijackthis.log
    9.7 KB · Views: 5
Hmm, it sound like you have downloaded piracy/cracked software -
"cant launch any antivirus software that i have downloaded from bit torrent site"

We do not support piracy, nor do we support P2P programs .

Besides the hijackthis log have a large number of infections.
 
I use free Avira Antivirus I find it to be way better than most (if not all) free or paid versions :)
Oh and I use this free Antivirus myself, I think you should consider that

By the way, always go to the manufacture website to download stuff, most of it is free :)

If you do decide to remove all the torrent stuff and anything else that's probably causing bad issues
Have a look here: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
 
As mentioned, your system is badly infected. One of the infections is the DNS Changer. which is a very serious.

The use of the P2P programs is an invitation to malware: This may help you realize the danger:
P2P Warning!

  • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitTorrent, BitComet

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur

    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    References for the risk of these programs can be found in these links:

    http://www.microsoft.com/windows/ie/community/columns/protection.mspx
    http://www.techweb.com/wire/160500554
    http://www.internetworldstats.com/articles/art053.htm

    See Clean/Infected P2P Programs HERE

    I would recommend that you uninstall BitTorrent, BitComet, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you wish to keep it, please do not use it until your computer is cleaned.
Click to expand...
Credits to kritius

Downloading a security program from a file sharing site is foolish. You need for these programs to be legitimate and with all the necessary features. Getting them from a file sharing site doesn't guarantee any of this.

Please follow the 8 Steps in the link HERE:

In addition to those programs, I'd like you to run Combofix. That will give us a better idea of the extent of the file sharing and if any piracy has been involved:
avatar62338_9.gif
Combofix
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
Link 3
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Click to expand...
Combofix instruction credits to Blind Dragon: Virus and Malware Removal: http://www.tech-101.com/virus-malware-removal/

Please attach the 3 logs and the Combofix report to your next post. IF we determine that you are using pirated programs, our help will not be available.

NOTE: In addition to the DNS Changer malware, you have the W32/Aimdes-C WORM which exploit AOL instant messenger and harvest email addresses. There is also RUNDLL88.EXE which is added as a Registry auto start to load Program on Boot up, xecuted from Temporary Folders, copied to multiple locations on the system and executed as a Process

Something has also disabled doing a Registry Edit. You have numerous serious issues on the system.
 
Thanks for the kind replies.

I have uninstalled bittorrent and bitcomet. i have also donwloaded the malwarebyte software , renamed it but an error message says ' the setup files are corrupted. please obtain a new copy of the program' .

Does it mean the malware in my laptop is stopping me from installing malwarebyte and what else could i do ?

Any kind advice is appreciated.

Thanks.
 
Malwarebytes not running

Please download and try running this: randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again

I think you will find this woks for you.
 
i think i am losing this battle against the malware in my laptop, i have run the latest ccleaner twice as told. then when i tried to click on the link you guys provided to download malwarebyte, the web browser will change back to homepage of techspot.com. how annoying.

please help !
 
thx kimsland, your link works and i managed to download malwarebyte, and run it after using randmbam.exe. i tried to update the malwarebyte and it says i don't have internet connection which is untrue because my internet connection is definately working.

The scanning process hanged about 16% progress (managed to detect 16 malware so far) and and window saying 'google installer has encountered a problem and needs to close'.

this window pop up everytime since my laptop is affected.

after i have restarted the computer, the file generated by randmbam doesn't work anymore and give some error message.

what should i do ?
 
Here is the manual update which should work: http://www.gt500.org/malwarebytes/mbam-rules.exe

If not, then you might want to skip a step and run ComboFix:

  • Download Combofix to your desktop.
  • Double click ComboFix & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window.
  • Please save the log to be attached to a new reply

Hopefully Malwarebytes will also scan now (updated first of course)
If so, also save that log to be attached to the same new reply

This was all to do with P2P !
 
Dear Kimsland and Bobbye,

Sorry for the late reply, i have managed to scan my laptop using malwarebyte,cleaned approx. 40 threats.

but after that, i couldn't get on internet anymore, hence couldnt download the combofix software. and error message saying '

i have tried to reformat my C drive using a windows xp installation cd but it the laptop keeps on shutting down during the process.

is there any clever ways out there to help me out from this mess?

thanks.
 
Hi Kimsland,

I have formatted my C drive and reinstalled windows, when I have download and run malwarebyte, it still found many trojans. Hence I have downloaded and run combofix and please see the attached log.

Please advise.

Thanks.
 

Attachments

  • tonight1000-combofix log.txt
    10.6 KB · Views: 5
The reason you may be re infected is because there may be a DNS changer which can infect your router.

1. Shut down your computer, and any other computer connected to your router.
2. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds. Unplug the router. Wait sixty seconds. Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
3. With the router unplugged, start your computer. Run MBAM again.
4. Connect again to the router. The turn the router back on. When it stabilizes, reboot your workstation and try to aceess the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
5. Attach the new offline MBAM scan results here.

Run CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word KillAll:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code: 
KillAll::

File::
c:\windows\system32\drivers\wmzolan.sys
c:\docume~1\Avin\LOCALS~1\Temp\ovfsthbdrtfqwgta.tmp
c:\docume~1\Avin\LOCALS~1\Temp\ovfsthdstraetspj.tmp
c:\docume~1\Avin\LOCALS~1\Temp\ovfsthmnrdvnnorx.tmp

Folder::
c:\docume~1\Avin\LOCALS~1\Temp\ovfsth000
c:\docume~1\Avin\LOCALS~1\Temp\ovfsthx000

Driver::
jplbozx

Rootkit::
c:\windows\system32\ovfsthbgradybewteceviqtvbqdrdkfgtuupqj.dll
c:\windows\system32\ovfsthcshqrcojcrqrgimapeonolhaohxhilgt.dat
c:\windows\system32\ovfsthibpnkhxcgtwipwkbbebcbairurlspwwq.dll
c:\windows\system32\ovfsthkkmfxfmfwmagbplbsuwkuhjmvshppwrt.dat
c:\windows\system32\ovfsthujcublovqmdhrnbypiqltnttynqfqedd.dl
c:\windows\system32\drivers\ovfsthlqvpxmobirviuamvxwbywslhyvbtuijx.sys

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthyqvdkmpmyqlvfboscprrothxrjnvdrwu]
"imagepath"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
 
hi kritius,

I have followed your instructions to reset the router. but when i reconnect my router, i can't seemed to be able to connect to internet. My laptop could still detect both the LAN and wifi signal from the router but just no internet. i have tried logging into the admin page of the router and reset the settings to default and it still doesn't connect to internet.

Could it be something has gone wrong when i was carrying out the physical reset procedures of the router ?

thanks.
 
Go to start > run and then type cmd in the command prompt window type ipconfig /all.

copy and paste the information back here.
 
Hi there,

I am attaching a snapshot of ipconfig. please kindly advise.
 

Attachments

  • tonight1000-ipconfig.txt
    1.1 KB · Views: 6
Can you try that again, except this time with the "/all" switch

Start > Run > cmd /c ipconfig /all >Desktop\Ipconfig.log > ok
(Note: you can just copy that bold part to a run command)

Then attach the "Ipconfig.log" on your Desktop to a new reply
 
tonight1000 said:
Could it be something has gone wrong when i was carrying out the physical reset procedures of the router ?
Click to expand...
Can you go back into your Router (http://192.168.1.1) and confirm:
1. That you can get in through the browser (it looks like yes)
2. Your Username and Password is set up correctly
3. Firewall is disabled (we will turn this back on, if it was enabled, once a test is made)
4. Save Settings (please search for this) and exit your Router


Then: Start > Run the following commands, pressing OK after each one: (just copy and paste the command)
netsh int ip set address name = "Local Area Connection" source = dhcp
netsh int ip set dns name = "Local Area Connection" source = dhcp
netsh int ip set wins name = "Local Area Connection" source = dhcp

Then restart your computer, and any other computer attached to the network
Test to see if you have Internet connection whilst wired to the Roouter
 
Status
Not open for further replies.

Similar threads

midian182
Tim Cook confirms Vision Pro's launch in China this year, emphasizes Apple's strong relationship with country
Replies
11
Views
164
netman
netman
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni
Cal Jeffrey
US Army and CDC remove code from apps after finding out it was Russian-made
Replies
5
Views
677
Avro Arrow
Avro Arrow

Latest posts

Back