TechSpot

Plagued by 'your computer is infected' popup

By m.coghill
Mar 11, 2006
  1. Hi,
    Ive been infected with some malware/trojan and my browser was hijacked with spyfalcon. I have run spybot, adaware and avg antivirus, to no avail. Read your posts on 'after removing spy falcon, one of my programs crashes' and 'How to remove Trojans and its ilk'. Followed the instructions
    used spyaudit, spy eliminator and ewido, then read and followed
    'How to remove Begin2Search/Coolwebsearch and Other Nasties', have now got most of the apps, but got lost in the task manager end process list.
    have run and found lots of reg entries and files and removed them only to have them come back.
    attached is my hjt log (v1.99.1) and scan from ewido run in safe mode.
    im goin to try http://www.spyware-removal-guideline.com/spyfalcon-removal
    as a last ditch attempt. please help. this is driving me nuts.
    im on win2k by the way and dont know if there is a system restore option to disable.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by pressing the ctrl/alt/delete keys together. Click on the processes tab and end process for(if there).

    gxlib.exe
    gba1384.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [vmcleaner] gxlib.exe

    Fix all 016 DPF entries.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    gxlib.exe

    gba1384.exe

    Reboot into normal mode.

    Regards Howard :wave: :wave:
     
  3. m.coghill

    m.coghill TS Rookie Topic Starter

    sorted!

    Thanks for the prompt reply. Have now removed the nasties from my pc. All is well.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19


    Glad your problem is solved.

    Thanks for letting us know.

    Regards Howard :)
     
  5. Bodie723

    Bodie723 TS Rookie

    How about this

    I am running into the same problem and the solution given does'nt fix it. I have tried all the steps the other gentleman tried, and the solution you gave but I am not finding the thread in hjt. For some reason I cant get my log file to upload it say's invalid file type. If you could help with this I would be most greatful
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Please start a new thread in the security and the web forum, after following these instructions.

    Go and have your computer scanned HERE.

    Then, go and read both these threads by RBS. Follow all the instructions exactly.

    How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.

    Then see. How to post your Hijackthis log-file as an ATTACHMENT.

    Post a fresh HJT log into your new thread, only after doing the above.

    Regards Howard :wave: :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...