Infected over night.

Status
Not open for further replies.
R

RicePaperElite

Posts: 8   +0
Ive posted this problem on another forum but the person helping seems to have given up.
(http://forums.techguy.org/security/470637-pc-infected-over-night.html#post3645009) I really need my pc back in good health asap. When I tried scanning with the online scanners none of them wanted to start. Ive ran ad-aware, microsoft anti-spyware, spybot S&D, system mechanic, spy sweeper and Im currently running ewido. everything before ewido has found things but just doesnt seem to fix the problem completely. As for ewido the siren is going crazy. I wish I could reformat but theres WAY to much stuff on here I need to keep. I tried system restore but every time I pick a date to roll back to it says the restore was unable to rollback to that date. So this is my last hope in getting this intruder off my system. It seems that this place has alot more know-how.
Anyway heres my HJT log:

--verbose hjt removed--

I have a ewido log but it doesnt want to post on here so let me know if you want it.
 
Im not sure why you posted telling me to read the first post as I had already done so. As for the HJT log being an attachment I must have misunderstood. I thought it was only the ewido log that had to be an attachment, sorry for the hickup.
 
ok so now that Ive done everything required in the post ill post my newest HJT log here.I cant seem to fix this thing on my own even after all the scans and fixs. I still hear the clicking sounds and sometimes get a little error message from IE at random ( I do use firefox ) the link at the very top of this thread shows what I had done before coming here and all that did was make it so I dont see the pop-ups. they still minimize my games and I still hear the clicking coming from them, Not to mention the voice recoded pop-ups that now I cant close myself. Also Ive found that if i take all my icons of the desktop i cant see my wallpaper and theres a small white dot in the upper left hand corner.
Heres my hjt log, hopefully someone can tell me whats going on and help me to fix this >_<:


--verbose hjt removed -- THIS is an attachment... - Spike
 
Boot into safe mode.

Turn off system restore. (XP/ME only)

In Windows Explorer, turn on "Show all files and folders, including hidden and system".


Run HJT and have it fix (mark the box next to the entry) the following if found:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aol.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

After marking the above entries press the Fix Checked button.


Reboot into Normal mode and turn System Restore back on.

Run HJT and post a new log as an attachment.

********************

Your HJT log looks fairly clean. Just a couple questions:

Do you have/use a Logitech multimedia keyboard?
Do you have/use a HP multimedia keyboard?
Do you have/use a Agere modem?
Do you create software installations using InstallShield?

********************

As for the missing wallpaper, have you tried uninstalling your StyleXP? There might be some kind of corrupted file in the program and reinstalling might work there.

Thanks!
 
Well I did what you said and actually scanned twice just to be sure. Then I reebooted and scanned again. I had a look at it and the things I had just selected and fixed in hjt before in safe mode are back and still causing problems.
I wont post the hjt log since its the same thing as above.
 
Re-boot to safe mode, disable system restore.

Download and run the CWS.Smartkiller removal tool again.
Then run the standard CWS removal tool. Lewt us know if the scan finds one of the files it lists.

Run HJT and let it fix...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aol.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html

That 08 isn't a baddie, but we'll take it out of Explorer and IE anyway.
We need that Ewido scan log as per the instructions if it's truly as bad as you say. (as a .TXT ATTACHMENT)
 
Well I Ended up reformating since nothing was getting rid of this. Even so I wanted to come back ehre and thank both for trying to help me with this situation. So thanks. I wish I had seen your last post before doing so but I guess a fresh start is better in this matter since I had many security leaks.
Is there anything you could suggest to further protect my system other than the guide in this forum?
 
read the "prevent infections by making Windows more secure,,," thread listed in the "best collection of How To threads" sticky :)
 
Status
Not open for further replies.

Similar threads

S
Restoring function to Optical scanner
Replies
1
Views
567
Sebastian42
S
hdeveci
Sound comes 1 sec delayed in the beginning
Replies
2
Views
152
hdeveci
hdeveci
Jess_123
My num pad + doesn't work ...
Replies
0
Views
284
Jess_123
Jess_123

Latest posts

Back