jazzabrazza
Posts: 15 +0
Hi, I've been trying to help out a friend (honest!) whose PC (a Dell desktop running XP Home) has become infected with a nasty browser hijack.
The machine iruns sluggishly and both Firefox and IE are subject to popups and redirects from Google search results.
Access to most of the websites providing the software detailed in your 8 steps is being prevented. I tried downloading the installation files for some of these programs on my computer, putting them on a pen drive and installing them on his machine, but internet access to download further components is blocked.
He already had Avira, ran it and it deleted a couple of things. CCleaner too. He managed to get hold of "a-squared Free" from EMSI and run that and delete a couple of things. Spyware Doctor downloaded and ran but didn't detect anything serious.
Denied web access to download Malwarebytes' Antimalware, Super Anti Spyware, Spybot S&D. Trendmicro, McAffee, Symantec, AVG, Panda Security sites all blocked also.
I updated Java, and managed to download HijackThis on my PC (he couldn't get access to download it on his) and run it on his. CWShredder too. Nothing.
Windows SP3 update keeps crashing. Windows Defender won't update or run. System Restore locks up when I tried restore, though can be disabled. Does disabling it allow scans to run faster, or is there another reason for doing it, by the way?
In control panel, AntiSpywareBot is listed, no icon, just the text. Nothing happens if I click on it. I can't see any registry entries for it but then I wouldn't know everything to look for. He may have managed to clean at least part of it out.
There is a process in Task Manager called cokoi.exe about which I can find nothing at all. There are a couple of other BHO processes with no name listed in the HijackThis log. I'm not really sure if they are suspect or not.
I've told him he's probably going to have to back up his data and reformat. It's probably not a bad thing as his unpartitioned 80gig C: drive is a complete mess anyway, with several documents folders, programs installed everywhere, storing their data all over the place etc. This all makes it really hard to see what's going on and scans take ages to go through his music and video collection.
Even if we do get his machine clean, I'm going to suggest he reinstalls anyway and runs a tidier PC in future, without downloading or installing every toolbar and app he finds but it would be nice to know that we're doing that from a clean machine and that any data he's backed up is not going to reinfect him. I'll tell him to scan everything before he allows it back on, obviously. I think he's learned his lesson!
Many thanks for anything you can suggest to help. Short of throwing the PC down the stairs. Me, I'd just like to know what the bugger infecting it is, as it's defeated all my attempts to get around it. I've a grudging respect for the way it manages to stop me accessing almost anything online that might harm it.
Log follows in next post.
Cheers.
I've attached the HijackThis log referring to my previous post here. Previous post was too long with it included and just now foud out that It was too long to copy and paste into a single post of it's own. I should have just attached it to the original post. Sorry.
The machine iruns sluggishly and both Firefox and IE are subject to popups and redirects from Google search results.
Access to most of the websites providing the software detailed in your 8 steps is being prevented. I tried downloading the installation files for some of these programs on my computer, putting them on a pen drive and installing them on his machine, but internet access to download further components is blocked.
He already had Avira, ran it and it deleted a couple of things. CCleaner too. He managed to get hold of "a-squared Free" from EMSI and run that and delete a couple of things. Spyware Doctor downloaded and ran but didn't detect anything serious.
Denied web access to download Malwarebytes' Antimalware, Super Anti Spyware, Spybot S&D. Trendmicro, McAffee, Symantec, AVG, Panda Security sites all blocked also.
I updated Java, and managed to download HijackThis on my PC (he couldn't get access to download it on his) and run it on his. CWShredder too. Nothing.
Windows SP3 update keeps crashing. Windows Defender won't update or run. System Restore locks up when I tried restore, though can be disabled. Does disabling it allow scans to run faster, or is there another reason for doing it, by the way?
In control panel, AntiSpywareBot is listed, no icon, just the text. Nothing happens if I click on it. I can't see any registry entries for it but then I wouldn't know everything to look for. He may have managed to clean at least part of it out.
There is a process in Task Manager called cokoi.exe about which I can find nothing at all. There are a couple of other BHO processes with no name listed in the HijackThis log. I'm not really sure if they are suspect or not.
I've told him he's probably going to have to back up his data and reformat. It's probably not a bad thing as his unpartitioned 80gig C: drive is a complete mess anyway, with several documents folders, programs installed everywhere, storing their data all over the place etc. This all makes it really hard to see what's going on and scans take ages to go through his music and video collection.
Even if we do get his machine clean, I'm going to suggest he reinstalls anyway and runs a tidier PC in future, without downloading or installing every toolbar and app he finds but it would be nice to know that we're doing that from a clean machine and that any data he's backed up is not going to reinfect him. I'll tell him to scan everything before he allows it back on, obviously. I think he's learned his lesson!
Many thanks for anything you can suggest to help. Short of throwing the PC down the stairs. Me, I'd just like to know what the bugger infecting it is, as it's defeated all my attempts to get around it. I've a grudging respect for the way it manages to stop me accessing almost anything online that might harm it.
Log follows in next post.
Cheers.
I've attached the HijackThis log referring to my previous post here. Previous post was too long with it included and just now foud out that It was too long to copy and paste into a single post of it's own. I should have just attached it to the original post. Sorry.