The Infection

[skewpJacks]

Hi everyone/ whoever is reading this post
My computer went nuts on me yesterday, and is still doing that as i type.
My norton security crashes and freezes when i try to run a scan / update My automatic updates are turned off and REFUSE to turn back on, pop ups from livesecuritypccheck.com *its the one where a pop up comes up when you visit some site that says you have been infected by spyware and asks you to say yes/cancel to the *system* scan.
I also get pop ups from sagipusal and just blank windows that pop up 3-4 every so often,
I've run all the malewarebytes, Superantispyware, ccleaner, and performed all the necessary steps but its been a week since and there has been no improvement since. I've googled my problem, and read similar threads on this website with similar symptoms, and i've used their diagnosis to help my computer, but it doesnt seem to work. I've run out of ways to fix my computer and I now turn to the experts, who actually know what they're doing =)
My computer is
System: microsoft Windows XP
Professional
Version 2002
S,P 2

Computer
Intel R
Pentium R
4 Cpu
3 Ghz
1GB of Ram

(i cant seem to select the browse option when i select upload) i'll try again in a reply

 

[kimsland]

Have a look at:

UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

And =>ATTACH the logs, using the little =>

PaperClip button, in a new reply.
Note: You do not need 5 posts to do this, ie the whole lot can be done by a member with just 1 post. (ie look at this member's new thread: https://www.techspot.com/vb/topic118716.html)

 

[skewpJacks]

Ty Very Much, but the problem is that when i try to upload, and select the browse option, nothing occurs, it would not even let me enter in an address of where my logs are.

 

[kimsland]

Ah Huh !...

Anyway, continue to scan with all the tools in the guide, and then attach the logs (attach attach attach) I can't say this any clearer. Hmm, I've got another way of saying it. The attached logs will be on TechSpot's server, coming from your computer, there's no link, no other server, nothing. Maybe read my reply above again

 

[skewpJacks]

And =>ATTACH the logs, using the little => PaperClip button, in a new reply.

Ohh, i understand, thanks very much but either it's not working or i'm not doing it correctly.
First i would click "Post Reply"
Then i would select the PaperClip Button
At this time, a window pops up called Manage Attachments - TechSpot Open Boards -
Then it gives me two options

1st is "Upload from your computer"
2nd is "Upload from URL"

Underneath the label "Upload from your Computer "
there is a empty bar where i should be able to put the adress of my file, correct? Right beside this bar, there should be a browse option, neither of these two work. When i click "browse" nothing happens, and when i select the empty box where i can type the address of the logs, it does not let me type. I'm so sorry, I must be really dumb, or something's wrong with my pop up blocker. I'll put this site as a trusted site and see if anything happens after that. It's a hassle even before i submit the logs.... Im just not someone that knows computers.. :stickout:

 

[skewpJacks]

Attatchments

Yaaa Thank you very much, I can finally upload, I guess i needed to restart computer....

 

[kimsland]

Well done, restart of course !

Anyway
I noticed that you had quite a few Malwares removed, here's the best advice (as usual )

Un-install SuperAntiSpyware
Un-install Norton Antivirus
Restart
Run the Norton AntiVirus Removal Tool
Restart

Download and update Avira Antivirus

Re-open MalwareBytes
Select the update Tab, and update it
Select the first tab, and run a full scan again (again?) yes again!

At the end of the Malwarebytes scan, view the log, and remove all the Malwares found (there will be more!)
By the way, during the scan, Avira may popup with found Viruses, just remove as you go. :grinthumb
Save the new Malwarebytes log file

Run CCleaner again
Restart

Run HJT again
Attach the new logs (HJT and Malwarebytes) to a new reply



edit

Maybe let me know how it's then performing, slow? fast? horrible? good?

 

[skewpJacks]

Thanks So much, progress is moving along great
Just wondering, should i reinstall norton as well as Avira AntiVir?
Another question, some of my friends tell me Norton is a horrible Anti Virus, so should i just forget about it? I've already paid for Norton so i'm not to sure what to do. its kinda money vs quality.... dilemma. What would you recommend?
Not install Norton and stick with Avira? Or should i install both, i still have like a couple hundred days left of Norton (thats what it said when removed it).
Almost finished with you're extremely clear steps!
Thanks once again, I'll post my logs in a little bit:grinthumb

 

[kimsland]

Uninstall Norton (and use the removal tool)
If it's any consolation I'd pay to have it removed ! (note you do not need to pay, and we are on a free forum too )

You may not like Avira as much, with its big splash screen (which incorrect warnings) on updating) But it's stacks better :grinthumb and free

Oh and you can only have 1 Antivirus installed at a time

 

[BlkHeartWolf]

I use Norton and search out this junk but i have my system restrictions also

Anyways this is my list if issue out of your file

 

[kimsland]

Thanks BlkHeartWolf
I agree with all those Hijack Entries to be ticked and removed

But at the moment I asked for a new Malwarebytes scan, and removal of Norton
So if you want to jump in and take over so be it
You may be surprised (as I was) to see how Malwarebytes always finds more entries to remove (some may even be those files listed in the HJT log )

 

[BlkHeartWolf]

I have actually watched them be re-named and re-created in the reg, I am a Desktop Specialist at work but a NEWBE here so I was just giving feed back. I did not mean to take over sorry i am new here and not sure how you guy's work things
my advice is
Turn Off system restore delete temporary internet files and cookies
do a disk cleanup found in your accessories folder / system tools
get and run malwarebytes malwarebytes dot org and run hijackthis at the same time
select any files and or keys in the attachment I posted but on both maiwarebytes and hijackthis click fix at the same time.
This is to allow both to attack the file protection and break it then reboot imediatly.
if you forget to turn off system restore it will return no matter

reboot once complete, run hijack this and post your log here again

 

[skewpJacks]

I am really thankful of both kimsland and thankful of BlkHeartWolf for helping me .
kimsland, i've done everything upto the scan, right now the scans coming along, but the Avira AntiVir is giving me a headache
A Detection pop up comes up from Avira and tells me this:
It keeeeepsssss poppping up, it like spamming me to death!! :dead:
"C:\WINDOWS\system32\gnhhar.dll
Is the TR/Crypt.XPACK.Gen Trojan"

Beneth it are some options:
1. Repair *im not given the ability to do so*
2. move to quarantine
3. Delete
4. Rename
5. Deny access
6. Ignore
(personally amazed that it detected this when Norton didn't...)

However i select the Delete option as you've said but it just comes back. Sometimes if i leave it, a lot will pile up, or it will lagg my computer untill i click the OK to Delte button
Everytime its the same pop up. Even after i did what BlkHeartWolf said and removed the gnhhar bho stuff it still comes up, Not Too sure what to do. So i've been deny'ing the access of it instead because thats what is ticked when the pop up comes up.
Am i doing something wrong? or am i supposed to experience the same pop up?

Btw BlkHeartWolf, i First turn off System Restore
Then i do a Disk Clean up of both my disks,
Then i scan my computer *full System scan* in malwarebytes, and then use Hijackthis Scan,
Do i have to do BOTH the fixes at the same time? or can i do the HijackThis first Then do the malwarebytes? So if i did mess up on the steps, i can always revert everything by turning on system restore, then by going through them in the exact order again?
Another question, When i do the Disk Clean up, which options, OTHER than the one's that the computer has already selected, choose?

 

[kimsland]

Doh! lots of writing and reading

Well Avira has the option of ticking make this the default action for all found issues (therefore popups will stop) next time pause and read the screen (small window)

Also HJT scan must be done at the end (ideally after restart)

 

[BlkHeartWolf]

Kimsland is right
I am sorry i kind of jumped in being new here
Do the clean and then post a new Hijack this scan
Both hijackthis and malware byte same time and hit the fix buttons same time

 

[skewpJacks]

hehe Thanks, It stopped now!
The logs are on the way, its just the malwarebytes that takes FOREVER@!:zzz:

 

[skewpJacks]

Alright, the mbam scan took like 5 hours..... so here it is!

 

[BlkHeartWolf]

LOOKING GOOD
well done let me suggest taking out the last tree items and then remove some of the software not needed like the PCPitstop on line scan libraries?

I will post some IE TWEAKS that will help keep you safe add me as friend and I will send them out.

Run Hijackthis one more time
to remove these Google links because these trojans like yours come in from a google redirect and set a different provider that streams the hidden install.

you can still use google but not that install
use the ALT/F4 key to close nasty popups or task manager to end PROCESS IExplore.exe

WOLF

 

[skewpJacks]

Thanks Very much, :grinthumb
I'm using Firefox instead of Explorer,
I should end the process Explorer.exe?? doesnt that take away my startup menu?
I just have two quick questions,
Does Firefox actually take 54,204 K of Mem Usage when i only have this one website open? and also is it normal to have 6 svchost.exe running?

 

[BlkHeartWolf]

NOT explorer

iexplorer your Hojackthis log is clean

 

[skewpJacks]

Thankyou!!!
Both You and Kimsland have been great help!!