TechSpot

Suspected Hijack by Malware

By redsincebirth
Dec 11, 2008
Topic Status:
Not open for further replies.
  1. I think my PC has been hijacked by malware as I am constantly being redirected to another site when I google. I tried to follow the 8-step malware removal procedures and downloaded all the required software from the list e.g. HJT, etc. However, when I tried to install these programmes, my pc just would not respond at all. When I tried to update my AVG and Norton Anti-virus, I got an error message telling me that I was not connected to the internet (no I don't have any firewall installed) which was bizarre because my broadband was working perfectly. Could anyone provide any advice as to how to get the malware removal procedures going, please?

    If I do system restore, will it get rid of the malware?

    My OS is Window XP
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  3. redsincebirth

    redsincebirth Newcomer, in training Topic Starter

    Dear Kimsland

    Thanks for your advice. My problem with UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions is that I didn't have them installed before my pc was hijacked by malware. consequently, I could not install all the necessary software mentioned in the instructions. I tried to double-click the application exe files that I downloaded from TechSpot (thanks by the way) - but they wouldn't respond at all. Hence I was lost as to what to do.

    After I posted my query yesterday, I had a quick browse at other people's treads - I noticed a tread which might be relevant to my case - I think it was to do with TDSSserv.sys and how to disable the virus (see topic116603)

    Do you think this is the right way to proceed?

    I am anxious about uninstalling my AVG and Norton because I remember they had both quarantined some .dll files from my Windows programme (which were infected by virus) in the past (i had to let them quarantined them because there was no other choice). If I were to uninstall them, I am afraid I might lose all those .dll files foreover (and lose my pc as well). Is my worry unfounded.

    Thanks
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes :)

    Please do all of the above
    By the way here's that thread (by the way thread with an H) you spoke of:
    Special case where after installing MBAM and SAS they will not update or run
    Read here: http://www.techspot.com/vb/topic116603.html

    Once Norton is un-installed
    Please then Restart
    Then run the Norton Removal Tool, from h e r e
    Then Restart

    Actually just to be thorough.
    Here's the AVG Removal Tool, once AVG is first removed from add\remove Programs menu

    By the way, Techspot's user choice for Antivirus is Avira
  5. redsincebirth

    redsincebirth Newcomer, in training Topic Starter

    Logs from 8-steps Virus/Malware removal instructions

    Dear Kimsland

    thanks for your reply. I ran Devmgmt.msc and managed to disable TDSSserv.sys. I then processed your 8-steps Virus/Malware removal instructions. Here are my logs (see attached).

    by the way, do I need to re-run Devmgmt.msc and enable TDSSserv.sys again.?
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"

    By the way, you will need to then restart, and run (and attach) a new HJT log
  7. redsincebirth

    redsincebirth Newcomer, in training Topic Starter

    new logs posted as requested

    Dear Kimsland

    I have rerun Mbam, restarted my pc and rerun HJT. Here are the logs. Please advise. thanks a lot.
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    AVG
    mcafee
    Avira

    All running ? :confused:

    Please uninstall
    AVG (T H I S may help)
    mcafee
  9. redsincebirth

    redsincebirth Newcomer, in training Topic Starter

    I have uninstalled everything except Avira. I posted my latest HJT log. please advise next step. thanks.
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well you have 25 Startups plus 16 other services starting
    So to read the log is very difficult (for me)

    Scanning through it, I did not see any Malware as such, so that's good :)

    You may want to look at this little program for disabling known startups, that you just don't want, if it helps any I have 1 (AntiVirus) and everything works perfectly.
  11. redsincebirth

    redsincebirth Newcomer, in training Topic Starter

    Thanks Kimsland

    I think you have "healed" my pc. I can now google smoothly. I also tried the little software you sent me - it's a little gem. I used it to disable a few programmes at startup - but there are some programmes that I don't recognise/understand but I kept them on because they are part of the Windows programme - so I assume they must be essential.

    By the way, I ran the Devmgmt.msc command on my way to implementing the 8-steps instructions. This involved disabling the TDSSserv.sys file. Do I now have to re-enable it again???

    Once again, thanks for your help and kindness.

    I wish you a very merry Christmas.
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    No it was malware

    Thanks for the update :grinthumb
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.