Bugged Out Issue

Status
Not open for further replies.

P3ANUT

Posts: 29   +0
Hi,
I Currently have a computer that is Infected by Spyware or Virus (am not sure). I can´t run any of my Security Tools like, (Spybot,Malwarebytes Anti-Malware,Registry Clean Expert) Etc. I was able to install (Malwarebytes,Spybot,Spyware Terminator,Symantec Endpoint Protection) but its not letting me use the program it self xcept for Spyware Terminator.
Ive also try to boot in safemode but i get the same results. So am assuming The (Virus) has disabled all (Antivirus/Spyware Softwares), Another thing that i just notice while typing is that when i type While holding Shift (Symbols,quotes or dashes) Etc, It totally inserts something different other than the original symbol. Ive Try to get help at the Spybot forum
but i haven´t got a response yet,

Ive Upload a HJT LOG
Thanks
 
This is the wrong forum; you want the Virus & Malware removal forum. I strongly suggest you visit there and read the 8 Step sticky and follow the directions step by step. Then post the three required logs. You will get excellent help. Good luck.
 
You can go ahead and remove these, then switch over to the other forum and follow the steps. This should help:

Please open HijackThis, and select Do a system scan only.

Place a checkmark next to the following entries (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {98572e47-b5fe-43de-9aea-492a1d3064cd} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 66.199.231.174 google.com
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.174 google.com.au
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

Then, close all other open windows, leaving only HijackThis open, and select Fix checked.

Boot into Safe Mode:
Temporarily disable all of these while you're doing the scans:
Start> Run> msconfig> enter> Selective startup> Startup tab> UNCHECK all of the following if present:

C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe


Disable these Services:
Start> Run> services.msc> right click on each Service> Properties> change the Startup type to Disabled> Stop the Service:
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe


Reboot inti Normal Mode: NOTE: a nag message will display. Ignore and close it after checking 'don't show this message again.' STAY in Selective Startup.

Now go over to the Virus and Malware removal Forum and follow these steps:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Attach the three logs for review when finished.

I'm hoping by removing and disabling the above, you will be able to run the cleaning programs.

I suggest uninstalling the Sweet IM program
 
Status
Not open for further replies.
Back