Jump to content

no email access ,have I been hijacked? sent here by caintry_boy


leftydrummrr
 Share

Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Hi leftydrummrr,

 

:wp:

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

 

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Let's try this...

 

Download ComboFix:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html

     

  • Double click on ComboFix.exe & follow the prompts.

     

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

     

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

Posted Image

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Link to comment
Share on other sites

That looks good.

 

This scan will take hours.

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to comment
Share on other sites

Ah... pirated downloads. Excellent choice for contracting an infection.

 

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    File::
    C:\cmdcons\autochk.exe
    H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Alice In Chains - Sunshine.wma
    H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\BEATLES SOMETHING.mp3
    H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Night Ranger - Rumors In The Air.wma
    H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Young Rascals - How Can I Be Sure.wma
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Link to comment
Share on other sites

There are two files with that name in qoobox. Here they are,same content ,but different numbers on the folder. I deleted the four songs.

 

 

C:\cmdcons\autochk.exe

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Alice In Chains - Sunshine.wma

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\BEATLES SOMETHING.mp3

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Night Ranger - Rumors In The Air.wma

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Young Rascals - How Can I Be Sure.wm

 

 

 

C:\cmdcons\autochk.exe

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Alice In Chains - Sunshine.wma

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\BEATLES SOMETHING.mp3

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Night Ranger - Rumors In The Air.wma

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Young Rascals - How Can I Be Sure.wma

Link to comment
Share on other sites

There is the problem. They should say:

File::
C:\cmdcons\autochk.exe
H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Alice In Chains - Sunshine.wma
H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\BEATLES SOMETHING.mp3
H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Night Ranger - Rumors In The Air.wma
H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\MARKS SONGS TOO\Young Rascals - How Can I Be Sure.wma

Without the File:: directive in there... the script will not work. Please try again.

Link to comment
Share on other sites

Almost everything seems to be back to normal. I signed in to our Yahoo homepage/email and clicked the box to stay logged in for two weeks,but since this problem started,I have to log back in every time the computer is shut down. I also see a huge increase in pop up ads. I would like to remove AdChoice from our homepage completely. Thanks for leading me through these fixes.
Link to comment
Share on other sites

If you use Firefox and have it clear your cookies everytime you log out... then that will be what happens. The cookie is set when you select that you want to stay logged in for two weeks. When it is removed... so is your selection. IE and Chrome may have similiar options.

 

Let's tidy up our mess.

 

Time for some housekeeping

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.
Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
Please re-enable any security that was disabled.

 

 

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

 

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

 

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

 

 

Also: "How to prevent malware"

by miekiemoes

 

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :tup:

Link to comment
Share on other sites

Completed the housekeeping and saved the helpful articles to my favorites. I have a question about safemode. I tried to start up in safemode for a virus scan when this started. I clicked on safemode,no networking,and got a green screen that said I was about to erase my hard drive,click yes to continue. I didnt. I just tried to start up in safemode again and got the same screen and results. I must be missing something. Thoughts?

Link to comment
Share on other sites

Try this:

 

Be sure to to have your Windoes XP disk handy in case it is requested.

 

Click Start, then Run

In the run box type sfc /scannow (note the space)

 

The program will then check your system files and restore them from your windows disk if needed.

Link to comment
Share on other sites

Maybe... Is that a Dell CD? If so, probably not. You pretty much need a microsoft original disk that has the compressed operating system files on it. Run sfc /scannow anyway. It may not ask for the disk. If it want's the disk, please make note of the file it was looking for and then have it skip it and continue.

Link to comment
Share on other sites

I tried safe mode again and got the same result. I dont know how to take screen shots,so I took pics with my camera. Here's what I see when I try to start up in safe mode. I've been able to start up in safe mode on other computers,so this is a mystery. Sorry the pics are not great quality. Here is the first pic.

post-42066-0-38113700-1346716303_thumb.jpg

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...