The Infection

By skewpJacks
Dec 29, 2008
  1. Hi everyone/ whoever is reading this post
    My computer went nuts on me yesterday, and is still doing that as i type.
    My norton security crashes and freezes when i try to run a scan / update My automatic updates are turned off and REFUSE to turn back on, pop ups from *its the one where a pop up comes up when you visit some site that says you have been infected by spyware and asks you to say yes/cancel to the *system* scan.
    I also get pop ups from sagipusal and just blank windows that pop up 3-4 every so often,
    I've run all the malewarebytes, Superantispyware, ccleaner, and performed all the necessary steps but its been a week since and there has been no improvement since. I've googled my problem, and read similar threads on this website with similar symptoms, and i've used their diagnosis to help my computer, but it doesnt seem to work. I've run out of ways to fix my computer and I now turn to the experts, who actually know what they're doing =)
    My computer is
    System: microsoft Windows XP
    Version 2002
    S,P 2

    Intel R
    Pentium R
    4 Cpu
    3 Ghz
    1GB of Ram

    (i cant seem to select the browse option when i select upload) i'll try again in a reply
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. skewpJacks

    skewpJacks TS Rookie Topic Starter

    Ty Very Much, but the problem is that when i try to upload, and select the browse option, nothing occurs, it would not even let me enter in an address of where my logs are.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Ah Huh !...

    Anyway, continue to scan with all the tools in the guide, and then attach the logs (attach attach attach) I can't say this any clearer. Hmm, I've got another way of saying it. The attached logs will be on TechSpot's server, coming from your computer, there's no link, no other server, nothing. Maybe read my reply above again ;)
  5. skewpJacks

    skewpJacks TS Rookie Topic Starter

    Ohh, i understand, thanks very much but either it's not working or i'm not doing it correctly.
    First i would click "Post Reply"
    Then i would select the PaperClip Button
    At this time, a window pops up called Manage Attachments - TechSpot Open Boards -
    Then it gives me two options

    1st is "Upload from your computer"
    2nd is "Upload from URL"

    Underneath the label "Upload from your Computer "
    there is a empty bar where i should be able to put the adress of my file, correct? Right beside this bar, there should be a browse option, neither of these two work. When i click "browse" nothing happens, and when i select the empty box where i can type the address of the logs, it does not let me type. I'm so sorry, I must be really dumb, or something's wrong with my pop up blocker. I'll put this site as a trusted site and see if anything happens after that. It's a hassle even before i submit the logs.... Im just not someone that knows computers.. :stickout:
  6. skewpJacks

    skewpJacks TS Rookie Topic Starter


    Yaaa Thank you very much, I can finally upload, I guess i needed to restart computer....
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well done, restart of course :rolleyes: !

    Anyway :)
    I noticed that you had quite a few Malwares removed, here's the best advice (as usual ;) )

    Un-install SuperAntiSpyware
    Un-install Norton Antivirus
    Run the Norton AntiVirus Removal Tool

    Download and update Avira Antivirus

    Re-open MalwareBytes
    Select the update Tab, and update it
    Select the first tab, and run a full scan again (again?) yes again!

    At the end of the Malwarebytes scan, view the log, and remove all the Malwares found (there will be more!)
    By the way, during the scan, Avira may popup with found Viruses, just remove as you go. :grinthumb
    Save the new Malwarebytes log file

    Run CCleaner again

    Run HJT again
    Attach the new logs (HJT and Malwarebytes) to a new reply



    Maybe let me know how it's then performing, slow? fast? horrible? good? :)
  8. skewpJacks

    skewpJacks TS Rookie Topic Starter

    Thanks So much, progress is moving along great :cool:
    Just wondering, should i reinstall norton as well as Avira AntiVir?
    Another question, some of my friends tell me Norton is a horrible Anti Virus, so should i just forget about it? I've already paid for Norton so i'm not to sure what to do. its kinda money vs quality.... dilemma. What would you recommend?:confused:
    Not install Norton and stick with Avira? Or should i install both, i still have like a couple hundred days left of Norton (thats what it said when removed it).
    Almost finished with you're extremely clear steps!
    Thanks once again, I'll post my logs in a little bit:grinthumb
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Uninstall Norton (and use the removal tool)
    If it's any consolation I'd pay to have it removed ! (note you do not need to pay, and we are on a free forum too :) )

    You may not like Avira as much, with its big splash screen (which incorrect warnings) on updating) But it's stacks better :grinthumb and free ;)

    Oh and you can only have 1 Antivirus installed at a time
  10. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    I use Norton and search out this junk but i have my system restrictions also

    Anyways this is my list if issue out of your file
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks BlkHeartWolf
    I agree with all those Hijack Entries to be ticked and removed

    But at the moment I asked for a new Malwarebytes scan, and removal of Norton
    So if you want to jump in and take over so be it
    You may be surprised (as I was) to see how Malwarebytes always finds more entries to remove (some may even be those files listed in the HJT log ;) )
  12. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    I have actually watched them be re-named and re-created in the reg, I am a Desktop Specialist at work but a NEWBE here so I was just giving feed back. I did not mean to take over sorry i am new here and not sure how you guy's work things
    my advice is
    Turn Off system restore delete temporary internet files and cookies
    do a disk cleanup found in your accessories folder / system tools
    get and run malwarebytes malwarebytes dot org and run hijackthis at the same time
    select any files and or keys in the attachment I posted but on both maiwarebytes and hijackthis click fix at the same time.
    This is to allow both to attack the file protection and break it then reboot imediatly.
    if you forget to turn off system restore it will return no matter

    reboot once complete, run hijack this and post your log here again
  13. skewpJacks

    skewpJacks TS Rookie Topic Starter

    I am really thankful of both kimsland and thankful of BlkHeartWolf for helping me .:D
    kimsland, i've done everything upto the scan, right now the scans coming along, but the Avira AntiVir is giving me a headache
    A Detection pop up comes up from Avira and tells me this:
    It keeeeepsssss poppping up, it like spamming me to death!! :dead:
    Is the TR/Crypt.XPACK.Gen Trojan"

    Beneth it are some options:
    1. Repair *im not given the ability to do so*
    2. move to quarantine
    3. Delete
    4. Rename
    5. Deny access
    6. Ignore
    (personally amazed that it detected this when Norton didn't...)

    However i select the Delete option as you've said but it just comes back. Sometimes if i leave it, a lot will pile up, or it will lagg my computer untill i click the OK to Delte button
    Everytime its the same pop up. Even after i did what BlkHeartWolf said and removed the gnhhar bho stuff it still comes up, Not Too sure what to do. So i've been deny'ing the access of it instead because thats what is ticked when the pop up comes up.
    Am i doing something wrong? or am i supposed to experience the same pop up?

    Btw BlkHeartWolf, i First turn off System Restore
    Then i do a Disk Clean up of both my disks,
    Then i scan my computer *full System scan* in malwarebytes, and then use Hijackthis Scan,
    Do i have to do BOTH the fixes at the same time? or can i do the HijackThis first Then do the malwarebytes? So if i did mess up on the steps, i can always revert everything by turning on system restore, then by going through them in the exact order again?
    Another question, When i do the Disk Clean up, which options, OTHER than the one's that the computer has already selected, choose?
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Doh! lots of writing and reading

    Well Avira has the option of ticking make this the default action for all found issues (therefore popups will stop) next time pause and read the screen (small window)

    Also HJT scan must be done at the end (ideally after restart)
  15. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    Kimsland is right
    I am sorry i kind of jumped in being new here
    Do the clean and then post a new Hijack this scan
    Both hijackthis and malware byte same time and hit the fix buttons same time
  16. skewpJacks

    skewpJacks TS Rookie Topic Starter

    hehe Thanks, It stopped now!
    The logs are on the way, its just the malwarebytes that takes FOREVER@!:zzz:
  17. skewpJacks

    skewpJacks TS Rookie Topic Starter

    Alright, the mbam scan took like 5 hours..... so here it is!
  18. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    well done let me suggest taking out the last tree items and then remove some of the software not needed like the PCPitstop on line scan libraries?

    I will post some IE TWEAKS that will help keep you safe add me as friend and I will send them out.

    Run Hijackthis one more time
    to remove these Google links because these trojans like yours come in from a google redirect and set a different provider that streams the hidden install.

    you can still use google but not that install
    use the ALT/F4 key to close nasty popups or task manager to end PROCESS IExplore.exe

  19. skewpJacks

    skewpJacks TS Rookie Topic Starter

    Thanks Very much, :grinthumb
    I'm using Firefox instead of Explorer,
    I should end the process Explorer.exe?? doesnt that take away my startup menu?
    I just have two quick questions,
    Does Firefox actually take 54,204 K of Mem Usage when i only have this one website open? and also is it normal to have 6 svchost.exe running?:):D
  20. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    NOT explorer

    iexplorer your Hojackthis log is clean :)
  21. skewpJacks

    skewpJacks TS Rookie Topic Starter

    Both You and Kimsland have been great help!! :cool:
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...