WebHancer help

Status
Not open for further replies.

jbone

Posts: 39   +0
Hi there! I'm new to this website but it seems very helpful.

View attachment hijackthis.log

I've recently been infected with WebHancer. I know that for sure because it was in the Add/Remove programs list. But I'm not sure if anything else has infected me. This is what is happening:

1) Ads from "From Internet Speed Rating" (or something very similar) randomly pop up.

2) A little bubble pops up in the bottom right of the screen telling me that spyware has been detected and I should click it to fix the problem. It goes to winsecuritysolutions . com which is a spyware sight.

3) It will mimic a windows security alert window and say it found a trojan, but its really fake.

4) My background changes to a blue screen with a warning about spyware on it and a link to winsecuritysolutions.

5) Task manager is disabled (says my Administration disabled it).

6) I can't install Ad-Aware.

7) Internet doesn't connect. It says it is connected but it cant get on a website. (I'm using a different computer right now.)

That's what I have noticed.
I don't want to manually delete it because I've read that that causes problems. (However, I will if there is no other way.)

I've attached a Hijack This file. I have no idea what any of it means but I figured I should post it.

Thank you! :)

jbone

EDIT: Also, I think I should mention that I ran Hijack This in Safe Mode.
 
This should help

Hey,

I've been struggling with the exact same virus for about 5-6 hours and after numerouns tries and searches I found something that got rid of it.

You'll need a program called SDFix and you have to run it in the command prompt after starting windows in safe mode. It is all explained here: at forums.majorgeeks.com/showthread.php?p=869653

After the whole thing is over (it will probably take about 30 minutes to scan through everything, at least it took that long on my old vaio), you will still need to apply a task manager fix (just google it) to get your task manager up and running again.

Hope this helps.

I hate Viruses with a passion, at least my Mac was working so I could get the PC fixed.

Cheerio
 
Thank you, but now my computer won't display the start bar, any icons, the Windows Button doesn't work, and Task Manager is still disabled. I'll try to save SDFix on a disk and install it from the disk.
 
No... the window with the CD folder didn't appear. I'm starting to think that I'm done... any suggestions?

If I am done, is there some way that I can transfer files at this point?

EDIT: WAIT, do CD's run in safe mode? Because the computer was in safe mode when I tried it.
 
I am not sure that I am following you. Did you start windows in safe mode? Are you running XP or Vista? In case it is Vista, I am afraid I cannot help you. I put SDfix on a USB stick and that worked. Though, I got rid of the virus, my computer is still unstable and I think I will have reinstall windows, or just give up on it and just use my mac.
 
I have a laptop running Windows XP.

Okay here is what happened.
I started my computer regularly. When I logged on, all I saw was my desktop's regular background, with no icons, no start bar, nothing. Ctrl-Alt-Delete doesn't work because "Task Manager has been disabled by my administrator." The Windowsbutton doesn't do anything. I'm forced to shut off my computer by holding the power button.
Then I tried running in Safe Mode, but I got the same thing, except the background was black and it said Safe Mode in the four corners.

The CD drive autoplay also doesn't work.
I have an idea that I have to try when I get home. Windowsbutton + R maybe?

I don't know..
 
Please uninstall whichever version of SDFix you installed

Download to your Desktop this self-extracting ZIP archive FixPolicies.exe

• Double-click FixPolicies.exe
• Click the Install button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.

==========================

Download and Install SDFix
  • Download SDFix and save it to your Desktop.
  • Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Attach Report.txt back here

============================

Attach fresh Hijackthis log with Report.txt
 
Winsecuritysolutions.com bug

Blind Dragon, thanks for your help. I followed your instructions and it removed the very nasty bug that infected my computer last week and was difficult to remove. Here is the report.txt attached. Thanks again
 
That was nasty.

What about post a fresh Hijackthis log now so that I can double check that it all was removed.

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
 
Thanks Blind Dragon. Here is the log file. I think it is time I did a reinstall just to make sue it is clean.
 
I agree there are still other infections on there. A lot of which we could clean but there is no guarantee that we can get 100% of it.
 
hi blind dragon, how do I use the log file output from hijackthis to remove infections? is there another tool that tells me which ones to remove? Thanks.
 
Do NOT use an analyzer. You really need to research the entries one at a time, or get somebody who is trained at reading the logs to do it for you.

Did you reformat your computer? Are you still wanting to clean it?

Let me know. I will tell you what to do if you would prefer to clean the system.
 
thanks for the offer of help. I was re infected after re-installing (should stop my wife using my PC!!). I have now cleaned it up with anti-virus, but I like to know how to use hijackthis log file to make sure it is cleaned. to investigate each item in the log file takes some time, I was looking for some faster solution. cheers.
 
Sorry!

Hey I hate to bump this 13 days later but I haven't been on a computer in a long time (due to the fact that mine is broken). I'm on another computer right now.

BlindDragon, thank you for your input. However, I don't see how I can install FixPolicies.exe onto my Desktop because my internet doesn't work, and the AutoPlay on my disk drive doesn't seem to be working. (Does AutoPlay ever work in Safe Mode? That's the only time I tried it.) I highly doubt that a USB stick will work (though I could try it..). There are no icons or start bar, and task manager doesn't work.

I never installed SDFix on my computer for these reasons.

So my question is, how do I install FixPolicies.exe to my desktop?
 
You absolutely can use a USB drive. I have a 4GB USB stick with installers for every program I use to remove malware. I usually do complete removals with the computer disconnected then only reconnect when I think it is clean to update and run an online scan for 2nd opinion
 
Blind Dragon said:
Please uninstall whichever version of SDFix you installed

Download to your Desktop this self-extracting ZIP archive FixPolicies.exe

• Double-click FixPolicies.exe
• Click the Install button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.
I'm going to buy a USB stick and try this. My question is: when I put the USB stick in will FixPolicies automatically install?
Also, I can't delete SDFix because there's no way to access my files.
 
When you boot to safe mode do you have a start menu?

What happens when you hit the windows key on your keyboard and Press R at the same time?
 
No start menu in safe mode, and if I remember correctly, I tried ctrl+R and nothing happened.
 
try tapping F8 before windows loads like you are going to safe mode and select last known good configuration,
 
Okay, will give it a shot when I get the chance. Been really busy studying, lately...

Do I increase the chance that my computer will break completely everytime I turn it on? It's just a question that's been bothering me.

thanks
 
sorry this took so long but i have been studying for my exams. I was able to open up my internet (because I have another problem, it gives me the option to go to microsoft.com when I start) and I went into my computer. Now what can I do?

EDIT: I opened it to the last good config. Also, it is now showing random ads, called promo1 (it goes up from 1) but it can't connect because I didn't connect it to the internet.
It won't let me save my important files onto a disc because the writing wizard doesn't recognize the disc being in the drive.
 
Sorry for double-posting. I tried your FixPolicies.exe suggestion (on pg. 1) and a weird message box popped up. In the top bar it said "theres" and then there was the big white X in a red circle, and the message said "wrong", so it spelt out "theres X wrong" (there's nothing wrong). I don't think FixPolicies worked, but I could never get to my desktop because of all the pop ups.

I was able to access "Change/Remove Programs" and I saw "WebHancer Customer Companion" in the list. Would it be a bad idea to delete it? Also, I saw WebHancer in my Program Files folder. Should I delete that?

EDIT: found this: http://www.spywareguide.com/product_show.php?id=26
 
Status
Not open for further replies.
Back