Plagued by 'your computer is infected' popup

Status
Not open for further replies.
Hi,
Ive been infected with some malware/trojan and my browser was hijacked with spyfalcon. I have run spybot, adaware and avg antivirus, to no avail. Read your posts on 'after removing spy falcon, one of my programs crashes' and 'How to remove Trojans and its ilk'. Followed the instructions
used spyaudit, spy eliminator and ewido, then read and followed
'How to remove Begin2Search/Coolwebsearch and Other Nasties', have now got most of the apps, but got lost in the task manager end process list.
have run and found lots of reg entries and files and removed them only to have them come back.
attached is my hjt log (v1.99.1) and scan from ewido run in safe mode.
im goin to try http://www.spyware-removal-guideline.com/spyfalcon-removal
as a last ditch attempt. please help. this is driving me nuts.
im on win2k by the way and dont know if there is a system restore option to disable.
 
Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by pressing the ctrl/alt/delete keys together. Click on the processes tab and end process for(if there).

gxlib.exe
gba1384.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [vmcleaner] gxlib.exe

Fix all 016 DPF entries.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

gxlib.exe

gba1384.exe

Reboot into normal mode.

Regards Howard :wave: :wave:
 
How about this

I am running into the same problem and the solution given does'nt fix it. I have tried all the steps the other gentleman tried, and the solution you gave but I am not finding the thread in hjt. For some reason I cant get my log file to upload it say's invalid file type. If you could help with this I would be most greatful
 
Hello and welcome to Techspot.

Bodie723 said:
I am running into the same problem and the solution given does'nt fix it. I have tried all the steps the other gentleman tried, and the solution you gave but I am not finding the thread in hjt. For some reason I cant get my log file to upload it say's invalid file type. If you could help with this I would be most greatful

Please start a new thread in the security and the web forum, after following these instructions.

Go and have your computer scanned HERE.

Then, go and read both these threads by RBS. Follow all the instructions exactly.

How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.

Then see. How to post your Hijackthis log-file as an ATTACHMENT.

Post a fresh HJT log into your new thread, only after doing the above.

Regards Howard :wave: :wave:
 
Status
Not open for further replies.
Back