I'm infected and can't remove, help

D

deevooneh316

Hi.

it seems like i have one hell of a virus on my computer. Firefox or Internet explorer wont open at times. When they do open it is covered with pop ups. When I click a google search result it takes me to some virus removal site.

I have tried AVG, Adaware, Kaspersky and they all dont find a virus.

Malware and Super AntiSpyware wont run on my system for some reason I think the Virus is blocking it.

I am running Windows XP SP3

I have attached my HJT log.

Thanks in advance for any help!
 
The log doesn't tell me anything useful

Can you install MalwareBytes? What happens when you attempt to install SuperAntiSpyware?

If you can install MalwareBytes, I would attempt to run it in Safe Mode.
Safe mode is critical to getting to an easy fix.
I would also run Kaspersky in Safe Mode... and try to run Avira in Safe Mode.

Let us know what happens when you attempt to install Avira free version.

Is your hard drive defragmented. It is sometimes helpful to run a defrag before you attempt the scans...

There are six new virulent infestations that are hitting a lot of computers this week. Unfortunately we do not have enough information on their behavior. yet.
 
I can install malware bytes however i cannot execute it, even in safe mode. when i open it, process manager says mwab.exe is running, but after about 5 minutes or so it goes away.

Super antispyware wont even install. when i try to run the installer it says "SuperAntiSpyware Free Editiong has encountered a promblem and needs to close. We are sorry for the inconvenience." Then it asks me to send a bug report.

I am doing a defrag in safe mode on the infected computer. When it is complete I will do the Avira scan. I have already done kaspersky in safe mode but it still did not find anything.

Will it be OK to have both Avira and Kaspersky installed at the same time or should i uninstall kaspersky first?
 
You're running out of options. At this point I'd try a Window Repair and hope that it will fix enough that you can install Malwarebyes and/or SuperAS. Usually you run the AV & AS first and then the Windows Repair (if required) But in the case, you need to try it in reverse.

If that doen't work, you're pretty much hosed and will have to re-install Windows.

-- Andy
 
I usually try combofix in these cases. But it happens combofix doesnt run. So just rename it to combo-fix.exe
 
Good point Jawshh!

Deevoooneh, see if you can run combofix. It's a utility program that removes sticky spyware someone wrote a few years ago and still is useful today. It's been awhile since I've used it.

Thx for the reminder Jawshh.

-- Andy
 
Can you access Safe Mode?
If you do and if you are able to download "SmitFraudFix". Use it to scan your PC in normal mode, then restart your PC and access Safe Mode. From there, you must open SFX to clean your PC from this malware.
 
D347H said:
He seems to have a virus on his PC. If you are asking what kind of malware specifically, I don't know. SFF almost always works for me when I get this type of crap on my PC.
Click to expand...

Ahh ok. I thought you already knew what malware was in the pc.:monkey:
 
Follow the Bouncing Ball......

D347H said:
Can you access Safe Mode?
If you do and if you are able to download "SmitFraudFix". Use it to scan your PC in normal mode, then restart your PC and access Safe Mode. From there, you must open SFX to clean your PC from this malware.
Click to expand...

"SmitFraud" is an old infection. One that even AdAware or Spybot should be able to identify and/or santize. That said, the concept that Smit Fraud Fix needs to be summarily downloaded and run to fix the problem is very presumptuous. For the benefit of our members, it would be informative to determine exactly how you made this diagnosis.

In fact, if you keep having to remove this malware, it would be a good idea to review your surfing habits, delete a few of your bookmarks, and update or change your browser.
 
captaincranky said:
"SmitFraud" is an old infection. One that even AdAware or Spybot should be able to identify and/or santize. That said, the concept that Smit Fraud Fix needs to be summarily downloaded and run to fix the problem is very presumptuous. For the benefit of our members, it would be informative to determine exactly how you made this diagnosis.

In fact, if you keep having to remove this malware, it would be a good idea to review your surfing habits, delete a few of your bookmarks, and update or change your browser.
Click to expand...

SmitFraud may be an old spyware but it still makes the rounds. But you are correct, running SFF right now is putting the cart before the horse as we don't know it's SmitFraud. ComboFix as suggested by Jawshh is a better choice at this point. Combifix tackles many known pesky spyware programs.

Go with ComboFix and repost with results. We'll then decide what to ry next if the problem persists.

-- Andy
 
captaincranky said:
"SmitFraud" is an old infection. One that even AdAware or Spybot should be able to identify and/or santize. That said, the concept that Smit Fraud Fix needs to be summarily downloaded and run to fix the problem is very presumptuous. For the benefit of our members, it would be informative to determine exactly how you made this diagnosis.
Click to expand...

I have recommended it if everything else fails basically. I had a similar infection to this one 5-6 months ago. At first, it showed similar symptoms as Deevooneh mentioned, after a day or so the fraud attempts started.
 
Once again, Jawshh is correct. SFF does remove more than just SmitFraud. But it's more narrow focused than ComboFix so at this point, ComboFix is the best choice. We can go with SFF if ComboFix can't remove it.

-- Andy
 
Jawshh said:
Smitfraud does more than just removing infections.
Click to expand...
I stand corrected, but if this is so, shouldn't this read, "Smit Fraud Fix does more that remove Smit Fraud infection? Just a request for clarity from one of dull wit such as myself.

So, "Smit Fraud" is the infection, and "Smit Fraud Fix" is the removal tool designed primarily to remove it. As I said, I prithee a twitch of clarity, if you will.
 
captaincranky said:
I stand corrected, but if this is so, shouldn't this read, "Smit Fraud Fix does more that remove Smit Fraud infection? Just a request for clarity from one of dull wit such as myself.

So, "Smit Fraud" is the infection, and "Smit Fraud Fix" is the removal tool designed primarily to remove it. As I said, I prithee a twitch of clarity, if you will.
Click to expand...

When they first released the tool it was named SmitFraudFix because that was it's main purpose at the time but later on it was improved to the point where it removes more than just "SmitFraud".
 
Like a lot things, it's starts out with one objective and morphs into a lot more or other things.

BIOS was just for Input/Output settings. Now it's a total system config program but we still call it BIOS. The name just stuck.

-- Andy
 
First of all I want to thank everyone for all their responses! You guys are great and it seems like the virus is gone. Here is what happened since my first post:

A few more virus symptoms:
It infected another PC on my network, Im not sure how. I have kaspersky software firewall in place. Both of these computers are now disconnected from the network. I have a third that still appears to be clean, but it was turned off until the last week or so.

Virus also appears to stall the computer at times. Meaning when the startup applications have loaded, I cant move the mouse or do anything else. If I click or try to get into the task manager i hear the loud system beep sound. This freezing has only happened once since my last post.

I also received the blue screen once since my last post. I attached a picture in case you may care

Here is what i have now done:

Did an Avira Scan in safemode (According to Avira everything is clean)

Attempted to run combofix but couldn't do it. So I renamed it and it ran.
After I ran it, it said:
"combofix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper, the name of each file. We may need it later.
c:\windows\system32\drivers\UACaeylkaojul.sys
c:\windows\system32\UACddwyanpopy.dll
c:\windows\system32\UACrntodgidop.dll
c:\windows\system32\UACxcnrcirrkq.dat
c:\windows\system32\UAConydwdyrey.dll
c:\windows\system32\UACtwoejtqqyu.dll"

It then rebooted and performed several tasks at startup. It appeared to have cleaned it out and I am attaching the log file.

I am also now able to run Malware bytes which came up clean.
I am also now able to install superantispyware and i am currently in the process of doing a scan.

Again thank you all for your help!
 
It might be time to use your Windows disk to install Windows in R for Repair mode... NOT Repair Console.
 

Similar threads

H
Running macro to open a WordPerfect12 document causes WP to close
Replies
0
Views
237
Hikermann
H
M
Virus warning popup
Replies
1
Views
1K
Mark Fuller
M
D
Malware has infected 1.3 million Android TV boxes in 197 countries
Replies
5
Views
383
Jim Pook
Jim Pook

Latest posts

Back