TechSpot

I Need Big Help From Anyone! Hacked.

By bizz
Apr 18, 2006
  1. Sometime last week my norton antivirus "live update" went down and won't work so I tried to do a few things to fix it and since it came with my computer I didn't have any codes or licenses or cds. so i went looking for another antivirus. And I also downloaded Mozilla's firefox browser.. At this time weird things began to happen to my computer.

    The website..."http://www.winfixer.com/download/2006/index.php?aid=mgk2_us_en&lid=search&p=3&ax=0" you dont have to go to it..but it kept popping up on my computer i have installed AVG, McAfee, ran an online scan which found 3 or 4 viruses..listed below.

    scan Statistics:
    Total number of scanned objects: 71269
    Number of viruses found: 3
    Number of infected objects: 4
    Number of suspicious objects: 0
    Duration of the scan process: 3402 sec

    Infected Object Name - Virus Name
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP189\A0071792.sys Infected: Rootkit.Win32.Agent.l
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP189\A0071793.exe Infected: Virus.Win32.Bube.l
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP189\A0071795.exe Infected: Virus.Win32.Bube.l
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP189\A0071799.exe Infected: Trojan-AOL.Win32.Aimober.a

    Scan process completed.


    which i then went into and manually deleted them since no other antivirus even detected it. I went on safe mode and ran other antivirus programs and still nothing found. so after doing this and thinking it was gone I uninstalled Mozilla's Firefox and used IE again. When I would go on IE every once in a great while I would receive..

    "NOTICE: if your computer has errors in the registry database or file system, it could cause upredicatble or eratic behavior, freezes and crashes. fixing these errors can increase your computer's performance and prevent data loss. would you like to install sysprotect check your computer for free? yes or no."

    i "x" out and get this to pop up

    "http://scanner.sysprotect.com/pages/scanner/index.php?aid=vm_ap_spt6h_3_ed2&lid=keyin&ex=1&p=&ax=2"

    then another warning box

    "you havented completed the scan and asks me to click ok to download the program. "

    i "x" out again and another pop up come up the warning "sysprotect will scan your system for errors now followed by instructions". another "x" out and an automated download tries to open and another warning box.."there is a security vulnerability from the bloodhound virus. we recommend you DOWNLOAD one of the secuirty software to prevent malware infections". i "x" out of both and get a final pop up "http://www.amaena.com/securityworm5/?aid=vm_ap_scwaskw_7&lid=scan" to try and sell me another program.and then it stops.

    i have also checked my added programs and found nothing new or odd. any suggestions or help will be greatly appreciated.
     
  2. bizz

    bizz TS Rookie Topic Starter Posts: 21

    here is my hijack
     

    Attached Files:

  3. N3051M

    N3051M TS Evangelist Posts: 2,115

    first, read the stickies on the main page of the Security and Web subforum, especialy those written by Real Black Stuff. Follow instructions exactly. if for some reason you get stuck on a certain instruction then post here. after all that, post your HJT log AS AN .TXT ATTACHMENT

    by the way, never click their "cancel" button or the big red X circle unless you cant close your browser... (just in case..)
     
  4. bizz

    bizz TS Rookie Topic Starter Posts: 21

    my fault i knew i probably posted it wrong. sorry.
     
  5. bizz

    bizz TS Rookie Topic Starter Posts: 21

    HouseCall did not find any potential threats on your computer- you can go on working reliably.

    Keep it up and don't give the next attack a chance!
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is infected with the Vundo trojan.

    Go HERE and follow the instructions.

    Then, go HERE and follow the instructions exactly.

    Post a fresh HJT, only after doing the above.

    Regards Howard :wave: :wave:
     
  7. bizz

    bizz TS Rookie Topic Starter Posts: 21

    thanks for all the help. i went away for an hour came back and my computer was doing some PC recovery thing and it said that my files were being saved and copied. now that the computer has i guess been "reimaged" everything is good. but were is all my stuff or is it gone? i have also done some of the advice on the sticky to protect this thing better thanks.


    any ideas on my stuff? or other ways to protect myself i have norton 2005.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Are you saying your computer did this by itself, or did you initiate it?

    I don`t know where your files have gone.

    Regards Howard :)
     
  9. bizz

    bizz TS Rookie Topic Starter Posts: 21

    i went to go into the safe mode and then it kept restarting and i pressed something and the PC recover wouldnt delete anything and because it kept restarting when it tried to start up i clicked ok..sorry it didnt sound right when i typed it before. thanks for your help
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I hate to say this, but it looks as though your stuff has gone.

    Regards Howard :(
     
  11. N3051M

    N3051M TS Evangelist Posts: 2,115

    you ment that pc repair thing as in you put in the winxp cd, booted it up and tried repair right? if you pressed ok on that same screen, that is wiping the hdd out then reinstalling the winxp os fresh.. repair (pressing r) wont...
     
  12. bizz

    bizz TS Rookie Topic Starter Posts: 21

    i didnt put any cd in. system recovery on the boot log like f10 no cd
     
  13. bizz

    bizz TS Rookie Topic Starter Posts: 21

    what i dont understand is the screen right before said "it will save everything" then when the computer loaded the memory was the same at 161 GB but I cant find any of my files..the programs are there but need to be reinstalled. any ideas?
     
  14. N3051M

    N3051M TS Evangelist Posts: 2,115

    it maybe you've accedentaly chosen the 'format and reinstall' path, which deleted everything...

    log in under admin in safe mode and go to the documents and settings folder, see if you can find your old stuff etc.. otherwise..
    refrain from using your pc much, and try using a data recovery software to see if you can get it back..
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...