Help sorting this virus out

By Martyn
Sep 26, 2008
Topic Status:
Not open for further replies.
  1. Hello everyone, my name is Martyn. I've just joined and I need some help!!

    It looks like my web broswer has been hijacked. Just turned on my computer today at 3pm (UK time) and noticed that things were not right all.

    These are the signs:

    Computer keeps popping up a baloon every 15-25 seconds and an alert message "System Alert: Maleware threats - click this baloon to remove" This is not genuine! different messages appear, uncluding iexplorer keeps opening with a page to microsoft download of an antivirus which is not genuine, the page is too crude and it sometimes doesn't work and there is just a blank page. Noticed also 2 icons in control panel which look like microsoft icons but they are too crude. These are fake.

    3 processes have appeared in the system configuration: wcs.exe, wcm.exe, iebtmm.exe.

    iexplorer.exe keeps appearing on the system twice.

    Unable to use a search engine or use the browser bar at the top of the page. I am using firefox. The page redirects to some random page.

    ---------------------------------------------------------------------------------------

    My attempts to get rid of it so far include:

    AVG Anti virus scan = Unsuccesful.
    Spybot scan = Unsuccesful.
    Ad-aware scan = freezes halfway through.

    Note: I cannot download any antivirus programmes other what I already have because I am unable to click on any links. Links in Cached pages do not work either.

    What can I do? Can you help?

    I am aware of something called HJT (HIJACK THIS) but I know nothing about it. I am a novice with this stuff. I tried downloading spyware guard but the browser is not having any of it.

    I just don't know what to do!!
  2. SpiritWind

    SpiritWind Newcomer, in training Posts: 164

    Hi :

    You are experiencing the classic symptoms of what the malware-fighting
    community calls a "Rogue" Program ; the best program to fight this is the FREE
    Version of Malwarebytes' Anti-Malware from www.malwarebytes.org/mbam.php .
    IF you are unable to download/install this program on the "infected" computer,
    download and "burn" the program onto a CD from a functioning computer .
  3. Martyn

    Martyn Newcomer, in training Topic Starter

    Re:

    A rogue program? Who makes them? And why?

    I don't think I can download malwarebytes antivirus from this computer. Whatever this rogue program is, it is blocking any attempt to download from links.

    I'm running spybot right now (again) but this time it has found at the moment the following:

    Fraud.antivirus 2008
    Smitfraud. C-gp
    antispycheck
    win32.BHO.je

    I'll wait for this to finish and then check out malwarebytes to see if I can download it.

    If I can't I don't know what to do. I don't have another computer either, and I don't know anyone who uses a computer except one of my friend's. But his computer has no Re-Write drive so I won't be able to use his computer to download to a disc.

    I'm wondering if I could paste the link into an e-mail and then click it from there.

    I'll keep posted.
  4. SpiritWind

    SpiritWind Newcomer, in training Posts: 164

    Hi :

    See IF you can get help from a public library in your area . You should realize that
    Ad-Aware and Spybot have NOT been top antispyware/antitrojan programs for a
    couple of yrs; now the best FREE Ones are Malwarebytes' Anti-Malware and
    "SUPERAntiSpyware" from www.superantispyware.com .

    IF you are unable to install programs that are able to combat your "infection"
    ( "Rogues" are the newest "form" of bad things to infect a computer; most come
    from the "Zlob Trojan ) , most likely you are going to have to reformat, then
    reinstall the Operating System . The Best Explanation of this is at
    http://aumha.net/viewtopic.php?f=26&t=28580 .
  5. Martyn

    Martyn Newcomer, in training Topic Starter

    Re:

    Malwarebytes is damn good!!!!

    It removed 200 infected files and all the viruses!!!!

    My computer runs more smoothly now. Thanks for your help. I was panicking that I might have to do a 'hijack this'. No need!!

    Thanks for bringing malwarebytes to my attention. Ironically, I have just contracted 3 backdore trojan viruses all at once. 2 healed by AVG and 1 moved to the vault.
  6. momok

    momok Newcomer, in training Posts: 2,272

    Personally I would still recommend posting a HJT log just for a quick check to see if your system is clean though. Often times malware tend to be tricky when it comes to removal.
  7. Martyn

    Martyn Newcomer, in training Topic Starter

    Re:

    Should I do it? How do I do that? I have Winpatrol and it has a button on it "Hijack Log". I haven't clicked on it yet.
  8. momok

    momok Newcomer, in training Posts: 2,272

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.