I Need Big Help From Anyone! Hacked.

[bizz]

Sometime last week my norton antivirus "live update" went down and won't work so I tried to do a few things to fix it and since it came with my computer I didn't have any codes or licenses or cds. so i went looking for another antivirus. And I also downloaded Mozilla's firefox browser.. At this time weird things began to happen to my computer.

The website..."http://www.winfixer.com/download/2006/index.php?aid=mgk2_us_en&lid=search&p=3&ax=0" you dont have to go to it..but it kept popping up on my computer i have installed AVG, McAfee, ran an online scan which found 3 or 4 viruses..listed below.

scan Statistics:
Total number of scanned objects: 71269
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 3402 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP189\A0071792.sys Infected: Rootkit.Win32.Agent.l
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP189\A0071793.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP189\A0071795.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP189\A0071799.exe Infected: Trojan-AOL.Win32.Aimober.a

Scan process completed.

which i then went into and manually deleted them since no other antivirus even detected it. I went on safe mode and ran other antivirus programs and still nothing found. so after doing this and thinking it was gone I uninstalled Mozilla's Firefox and used IE again. When I would go on IE every once in a great while I would receive..

"NOTICE: if your computer has errors in the registry database or file system, it could cause upredicatble or eratic behavior, freezes and crashes. fixing these errors can increase your computer's performance and prevent data loss. would you like to install sysprotect check your computer for free? yes or no."

i "x" out and get this to pop up

"http://scanner.sysprotect.com/pages/scanner/index.php?aid=vm_ap_spt6h_3_ed2&lid=keyin&ex=1&p=&ax=2"

then another warning box

"you havented completed the scan and asks me to click ok to download the program. "

i "x" out again and another pop up come up the warning "sysprotect will scan your system for errors now followed by instructions". another "x" out and an automated download tries to open and another warning box.."there is a security vulnerability from the bloodhound virus. we recommend you DOWNLOAD one of the secuirty software to prevent malware infections". i "x" out of both and get a final pop up "http://www.amaena.com/securityworm5/?aid=vm_ap_scwaskw_7&lid=scan" to try and sell me another program.and then it stops.

i have also checked my added programs and found nothing new or odd. any suggestions or help will be greatly appreciated.

 

[bizz]

Here is my hijack

 

[N3051M]

first, read the stickies on the main page of the Security and Web subforum, especialy those written by Real Black Stuff. Follow instructions exactly. if for some reason you get stuck on a certain instruction then post here. after all that, post your HJT log AS AN .TXT ATTACHMENT

by the way, never click their "cancel" button or the big red X circle unless you cant close your browser... (just in case..)

 

[bizz]

my fault i knew i probably posted it wrong. sorry.

 

[bizz]

HouseCall did not find any potential threats on your computer- you can go on working reliably.

Keep it up and don't give the next attack a chance!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with the Vundo trojan.

Go HERE and follow the instructions.

Then, go HERE and follow the instructions exactly.

Post a fresh HJT, only after doing the above.

Regards Howard :wave: :wave:

 

[bizz]

thanks for all the help. i went away for an hour came back and my computer was doing some PC recovery thing and it said that my files were being saved and copied. now that the computer has i guess been "reimaged" everything is good. but were is all my stuff or is it gone? i have also done some of the advice on the sticky to protect this thing better thanks.


any ideas on my stuff? or other ways to protect myself i have norton 2005.

 

[howard_hopkinso]

i went away for an hour came back and my computer was doing some PC recovery thing and it said that my files were being saved and copied. now that the computer has i guess been "reimaged" everything is good. but were is all my stuff or is it gone?

Are you saying your computer did this by itself, or did you initiate it?

I don`t know where your files have gone.

Regards Howard

 

[bizz]

i went to go into the safe mode and then it kept restarting and i pressed something and the PC recover wouldnt delete anything and because it kept restarting when it tried to start up i clicked ok..sorry it didnt sound right when i typed it before. thanks for your help

 

[howard_hopkinso]

I hate to say this, but it looks as though your stuff has gone.

Regards Howard

 

[N3051M]

you ment that pc repair thing as in you put in the winxp cd, booted it up and tried repair right? if you pressed ok on that same screen, that is wiping the hdd out then reinstalling the winxp os fresh.. repair (pressing r) wont...

 

[bizz]

i didnt put any cd in. system recovery on the boot log like f10 no cd

 

[bizz]

what i dont understand is the screen right before said "it will save everything" then when the computer loaded the memory was the same at 161 GB but I cant find any of my files..the programs are there but need to be reinstalled. any ideas?

 

[N3051M]

it maybe you've accedentaly chosen the 'format and reinstall' path, which deleted everything...

log in under admin in safe mode and go to the documents and settings folder, see if you can find your old stuff etc.. otherwise..
refrain from using your pc much, and try using a data recovery software to see if you can get it back..