| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92701 | 2008-08-19 07:38:00 | Browser Hijacked | Blam (54) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 698660 | 2008-08-22 22:21:00 | Sounds a bit drastic,do you reckon he is over infested? Yup |
Speedy Gonzales (78) | ||
| 698661 | 2008-08-22 23:50:00 | Yes indeed Ah,one wonder what one has to do to get such a mess!! |
Cicero (40) | ||
| 698662 | 2008-08-23 11:18:00 | blacklight didn't pick anything up, and the hijackthis thing didn't work, any other suggestions? The rootkit seems to change names every time too.. |
Blam (54) | ||
| 698663 | 2008-08-23 11:22:00 | Try This here, Unhackme (safecomputing.umn.edu) - never tried it on an infected machine, so I don't know if it works any good. I did install it earlier to have a look on a workshop PC, the PC has XP, but the Spec's say (www.greatis.com) it works on vista as well ??? --- 30 day trial, fully functional. |
wainuitech (129) | ||
| 698664 | 2008-08-23 11:54:00 | If the above doesn't work, there is one other program that should work - its called ComboFix (www.bleepingcomputer.com) BUT before you use it, WAIT for another PF1 member called Pancake. He knows how to read the logs it produces. I will send him a PM and see if he's able to advice you. |
wainuitech (129) | ||
| 698665 | 2008-08-23 22:37:00 | The unhackme thing didn't work, it didn't even open, and after installing it the computer it would not boot up, until I used he "Last known good onfiguration" option. I'm now sure the rootkit came from an external HDD, how can I remove the rootkit/virus/trojan from it without it infecting other computers? BTW thanks wt for all the help so far. |
Blam (54) | ||
| 698666 | 2008-08-23 22:47:00 | For starters I'd leave the External HD for the Moment and work on the Main PC. I have tried loading that unhackme on a Vista PC this morning and it went in and worked fine, but of course it wasn't infected. I had a reply from Pancake - I think he will look at your problem when hes available. Hopefully Combofix along with several other specilised programs may fix it. |
wainuitech (129) | ||
| 698667 | 2008-08-23 22:54:00 | ok, I'll wait for his reply.. | Blam (54) | ||
| 698668 | 2008-08-23 23:01:00 | Ok . Lets see what we got . . . Please download Malwarebytes' Anti-Malware from one of these places: . majorgeeks . com/Malwarebytes_Anti-Malware_d5756 . html" target="_blank">www . majorgeeks . com . besttechie . net/tools/mbam-setup . exe" target="_blank">www . besttechie . net Double Click mbam-setup . exe to install the application . * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish . * If an update is found, it will download and install the latest version . * Once the program has loaded, select "Perform Quick Scan", then click Scan . * The scan may take some time to finish,so please be patient . * When the scan is complete, click OK, then Show Results to view the results . * Make sure that everything is checked, and click Remove Selected . * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart . (See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM . * Copy&Paste the entire report in your next reply along with a fresh HijackThis log . Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately . ============================================== Ok . Lets download ComboFix . exe . This will give me a better view to the files running and also hidden on your computer and also those in the registry . . Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix ( . bleepingcomputer . com/combofix/how-to-use-combofix" target="_blank">www . bleepingcomputer . com) <====== Go here Please ensure you read this guide carefully and install the Recovery Console first . This applies to XP Pro and XP Home users only . If you have SP3 installed you will need to use SP2 The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode . This allows us to more easily help you should your computer have a problem after an attempted removal of malware . It is a simple procedure that will only take a few moments of your time . Once installed, you should get a prompt that says: The Recovery Console was successfully installed . Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . (2) Click Yes to allow ComboFix to continue scanning for malware . When the tool is finished, it will produce a report for you . Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix . txt New HijackThis log . Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix . Mal use can cause serious computer problems NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security . If this is an issue or makes it difficult for you - please let me know . |
Pancake (6359) | ||
| 698669 | 2008-08-24 00:43:00 | I have already scanned with mb, do you want me to scan again? Also its vista, so does the above apply? |
Blam (54) | ||
| 1 2 3 4 5 6 7 8 | |||||