Bugged Out Issue

Jun 17, 2009
  1. Hi,
    I Currently have a computer that is Infected by Spyware or Virus (am not sure). I can´t run any of my Security Tools like, (Spybot,Malwarebytes Anti-Malware,Registry Clean Expert) Etc. I was able to install (Malwarebytes,Spybot,Spyware Terminator,Symantec Endpoint Protection) but its not letting me use the program it self xcept for Spyware Terminator.
    Ive also try to boot in safemode but i get the same results. So am assuming The (Virus) has disabled all (Antivirus/Spyware Softwares), Another thing that i just notice while typing is that when i type While holding Shift (Symbols,quotes or dashes) Etc, It totally inserts something different other than the original symbol. Ive Try to get help at the Spybot forum
    but i haven´t got a response yet,

    Ive Upload a HJT LOG
  2. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    This is the wrong forum; you want the Virus & Malware removal forum. I strongly suggest you visit there and read the 8 Step sticky and follow the directions step by step. Then post the three required logs. You will get excellent help. Good luck.
  3. P3ANUT

    P3ANUT TS Rookie Topic Starter Posts: 30

    O man i apologize, Thanks Bro for the advice
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You can go ahead and remove these, then switch over to the other forum and follow the steps. This should help:

    Please open HijackThis, and select Do a system scan only.

    Place a checkmark next to the following entries (if present):

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - {98572e47-b5fe-43de-9aea-492a1d3064cd} - (no file)
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O1 - Hosts: google.com
    O1 - Hosts: google.co.uk
    O1 - Hosts: google.ca
    O1 - Hosts: google.es
    O1 - Hosts: google.de
    O1 - Hosts: google.fr
    O1 - Hosts: google.com.au
    O1 - Hosts: msn.com
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

    Then, close all other open windows, leaving only HijackThis open, and select Fix checked.

    Boot into Safe Mode:
    Temporarily disable all of these while you're doing the scans:
    Start> Run> msconfig> enter> Selective startup> Startup tab> UNCHECK all of the following if present:

    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

    Disable these Services:
    Start> Run> services.msc> right click on each Service> Properties> change the Startup type to Disabled> Stop the Service:
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    Reboot inti Normal Mode: NOTE: a nag message will display. Ignore and close it after checking 'don't show this message again.' STAY in Selective Startup.

    Now go over to the Virus and Malware removal Forum and follow these steps:

    Attach the three logs for review when finished.

    I'm hoping by removing and disabling the above, you will be able to run the cleaning programs.

    I suggest uninstalling the Sweet IM program
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...