Hijack virus


Tagged with:
36 replies [Last post]
knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54

Can build a vehicle that you could operate safely at 200 miles per hour plus, from scratch or even build a vehicle that could get you into space (probably couldn't get you back though) but these computers kick my hiney. Hat in hand, I bow to the to the Grown Up Geeks.

I have a hyjack virus. I am coming to you in safe mode. Can't even use regular mode. If you decide to walk (crawl) me through this I hope you have patients because you will truly be working with a computer old guy neanderthal. Alot of the language, words you use as regular everyday lingo is completely Geek to me. Ha Ha Ha I crack me up, Geek instead of Greek oh I am punny. Ok I'll stop.

All my wifes precious pictures of our kids and grandkids are on this computer and I want to get it all back for her. I want to be her Knight in Shinning Armor. I could build the Armor and the Sword but the computer she za da death to me.

Snif sob please help this knuckle dragging welder.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
LauraB
Member for 6 years 48 weeks
GuG-Points: 4
Re: Hijack virus

I'm almost afraid to comment because I know nothing, but when I had a virus like that, I tried everything you did. Unsuccessfully.
What I ended up doing was to use smitfraudfix. Success! It was scary but I just followed the instructions. I was able to view the instructions on my phone while I did it so that helped.

I have to admit I didn't read the whole thread, just skimmed, because most of it was over my head.

alex548
from Bakersfield, CA
Member for 6 years 29 weeks
GuG-Points: 7
Re: Hijack virus

One last thing....

If after running ComboFix you're still being redirected or cannot access certain websites, then you'll have to view your hostfile to make sure it's clean.

Once you get to that point, I (or someone else on these forums) can show you how to view and clear your host file. Smile

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

Keep the thoughts coming. I move way slower than than you come up with ideas and think. So having things here to refer back to is great.

Thanks for your continued attention. Wink

KDW

alex548
from Bakersfield, CA
Member for 6 years 29 weeks
GuG-Points: 7
Re: Hijack virus

Any updates to your situation?

alex548
from Bakersfield, CA
Member for 6 years 29 weeks
GuG-Points: 7
Re: Hijack virus

You have a rootkit problem.

Get rid of it by installing/running a program called ComboFix.

Download it from bleepingcomputer.com or from majorgeeks (http://majorgeeks.com/Combofix_d6402.html)

· Run it (grant administrator access if using vista or windows 7).

· Let it do it's thing (it may restart your PC once or twice to get rid of rootkit activity)

Once it's done, simply click start, run and type "combofix /uninstall" without the quotes to uninstall it from your system.

 

Once done, go ahead and do a FULL scan of your PC with malwarebytes anti-malware.

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

Thank you Alex Working on it. Wink

photo of member named
Hubby
insert witty description here
I am a Grown Up Geek
Re: Hijack virus

Now I'm curious to know if Combofix does the job. If it does, you are my new hero! Although I still wouldn't 'trust' the computer.

alex548
from Bakersfield, CA
Member for 6 years 29 weeks
GuG-Points: 7
Re: Hijack virus

ComboFix takes care of problems other programs cannot.

While malwarebytes is very good, it cannot remove all rootkits from your system... that's why I recommend you run ComboFix first to get rid of the rootkits, then run a full scan with malwarebytes anti-malware to remove the leftover malware files.

I've done this for the past few years on many PC's/laptops. Rarely have I ever had to reinstall windows.

Though this guide was written for windows XP, it's almost the same as for vista and windows 7:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Also, try this to restore your original system files (must have your original windows OS disc for this):

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

This checks all your system files and replaces any bad ones with fresh, clean ones directly from your windows OS disc.

This works in windows XP, Vista, and windows 7

 

EDIT:

Obviously, before you do anything... backup all your imporant files and settings so you can restore them later should need to reinstall windows.

animestrinity
animestrinity's picture
I am not telling from my own planet... keep off... no visitors.
Member for 7 years 26 weeks
GuG-Points: 6576
Re: Hijack virus

 

ComboFix is one of a handful of programs for stubborn infections... just because you have an infection doesn't mean ComboFix is *the* one to use to fix it... I've had ComboFix not work on some and had to use a different program...

Recommending a program that digs around and messes with things deep in your system without knowing exactly what the malware/virus/whatever is, would be like a doctor prescribing a random drug to you just because you said you were 'sick'... you kind of need to know a bit more about what's wrong before you can go about the right way to cure it.

Not that ComboFix wouldn't work... it very well could...

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

A.T. The surgeon. YEEAAAH! You go girl!!!

alex548
from Bakersfield, CA
Member for 6 years 29 weeks
GuG-Points: 7
Re: Hijack virus

"ComboFix is one of a handful of programs for stubborn infections... just because you have an infection doesn't mean ComboFix is *the* one to use to fix it... I've had ComboFix not work on some and had to use a different program..."

 

If you've read the entire thread, you'd notice he has already tried multiple programs.

The fake AV problem is a known rootkit issue. If malwarebytes can't take care of it, ComboFix will.

ComboFix is a combination of different tools used to reveal and remove rootkits. It also uses the Microsoft Recovery Console to restore infected and corrupt system files/settings.

 

I'm not saying 100% it'll work. . . more like 98% Smile

 

... and for the record, ComboFix is used primarily as a last resort (before giving up & reinstalling fresh).

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

Alex totally into those odds. However I must proceed cautiously. I have filled one backup device and need to get another and do not have at this time but I still want to tinker and I have stuff I can't lose. So wish I had the device now on one hand so I could move on, on the other hand I totally want to find this little bug and crush it. Will keep this thread posted as to the progress.

Thanks Alex

KDW

animestrinity
animestrinity's picture
I am not telling from my own planet... keep off... no visitors.
Member for 7 years 26 weeks
GuG-Points: 6576
Re: Hijack virus

I'm referring to the fact that there are other programs SIMILAR to combofix that work in a similar way... I was NOT grouping combofix with mass malware scanners like avg or malwarebytes.... and if you don't know what the infection is, you cannot KNOW that combofix is the correct tool to use... you can guess... you can happen to be right... but it's an irresponsible method that could end up a waste of time or even screw something up unnecessarily

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

Really love your mind. Cautious and Sharp.

Anonymous Visitor (not verified)
Re: Hijack virus

Still fighting this, huh?  Did ComboFix run?  If it didn't (it's an .exe after all) and if you want to launch every nuke (haha) found on the Interwebz at this infection, try RKill to stop the malware process first.  Rkill comes in multiple flavors (.com, several exe's, .scr) depending on what version of RKill your malware will let run while it's actively running.  Try each one until your machine finds one it likes.

---> www.bleepingcomputer.com/download/anti-virus/rkill

Even after (temporarily) stopping the malware from running, non-allowed exe's still won't run if the shell command registry setting has been changed.  If RKill stops the pop-ups but ComboFix doesn't run, try renaming Combofix from ComboFix to iexplore or userinit.  Note: If you have your computer set to show file extensions and the downloaded file reads ComboFix.exe, then rename it iexplore.exe or userinit.exe.

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

AV have not tried combo fix yet still trying to find out what has control of the computer in regular mode. Can't do anything go to internet use applications like spybot cant access security center. Managed to get hijack this downloaded from safe mode and booted into regular mode to print out a log and it goes to the little window of "can not find."

I am guessing that the log needs to come from regular mode. A log from safe would be a little lacking I guess so I suppose that if I had combo fix downloaded it would do the same thing. Not run and go to the little window of "can not find."

I do have a rootkill downloaded on my desk top already from a previous bug. I could try to run but I really think it will go to the little window of "can not find."

The last part or your post;

"Even after (temporarily) stopping the malware from running, non-allowed exe's still won't run if the shell command registry setting has been changed. If RKill stops the pop-ups but ComboFix doesn't run, try renaming Combofix from ComboFix to iexplore or userinit. Note: If you have your computer set to show file extensions and the downloaded file reads ComboFix.exe, then rename it iexplore.exe or userinit.exe."

I think I am trying to learn how to do that next.

Keep all those cards and letter coming. Wink

I really need the help.

Thanks a ton AV and to all posters.

KDW

Anonymous Visitor (not verified)
Re: Hijack virus

First do what Hubby said and copy all irreplaceable data onto a USB storage device.  I do not recommend the smaller ones that are powered by the USB port - I urge people shopping for an external drive to get one that plugs into the wall like a Western Digital MyBook.  Do this now.

Malwarebytes should have taken care of the active malware file mainly responsible for this.  AVG and SpyBot would be useless on an already installed malware "infection".  HiJackThis this won't be much help unless you know what the list means and which entries might be problems.  And it also won't remove the malware.

So with data backed up, you have nothing to lose, right?  You could now do a Windows reinstall which is also called System Recovery if you have recovery disks or a recovery partition on your computer's drive.  But you seem game to try to lick this so let's smack it around a bit.  Smile

Your immediate problem is a certain malware file that Windows is told to run when started normally.  This malware file was probably randomly named and placed into a hidden folder in your User Account.  You were unknowingly tricked into installing this on your own computer.  In Windows XP, this hidden haystack is in the Local Settings directory which is hidden (C:\Documents and Settings\"logon name*).  In Vista and 7, it is placed inside the C:\Users\*logon name*\AppData or C:\ProgramData directories.  You'll have to unhide hidden and protected system folders to see these directories.

Since you have clicked around on the tray balloon and the fake scanner and this malware program took you to planet Vega and back (heh), you might also have a rootkit which could effect your web search results.  The good news is that apparently you can get online from Safe Mode which tells me that your Proxy settings and hosts file are probably OK.  Also good news is this particular malware install apparently let MalwareBytes phone home to its update server.

I mentioned earlier that I was surprised MalwareBytes didn't remove the active malware, so let's try this manually.  If you are in Safe Mode, click Start and type in msconfig" (no quotes).  If Vista or 7, msconfig.exe will appear at the top of the search list.  Click it.  Once System Config Utility opens, click the Startup tab.  This is a list of things that Windows is told to automatically start when started in normal mode.  If your computer has never been messed with by anyone with marginal tech skills, you might have quite a list with each entry having a checkmark in front of it.  Things with checks get automatically loaded at startup, no check means the item doesn't get loaded at startup.

In this list, what you want to look for is the active malware file or files.  There may be more than one.  Carefully look at each line and drag the Command Column out to the right so you can see the full path.  You are looking for a path that ends with a randomly generated file name that ends in .exe.  Again, here are examples of the first parts of suspect paths:

C:\Users\*username*\AppData\Local\ in Vista and 7 and also in 7, the file may be in C:\ProgramData

or in XP...  C:\Documents and Settings\"logon name*\LocalSettings or C:\Documents and Settings\"logon name*\LocalSettings\Application Data

Since some malware infections name their files AVG.exe, look for that one too.

If you see anything in System Configuration Utility's list that resemble any of these command lines UNcheck it.  Don't worry about unchecking something important - this can be undone by going back in that same way.  At this point, I go to the file that the path shows and delete it, but I know exactly what to look for.  We don't want to delete something you actually need so for now, unchecking it (stopping it from starting) serves your purpose.

With suspected command paths of the malware unchecked, restart in normal mode.  If you picked the correct items from the msconfig list, the popups are not happening and you can now run MalwareBytes and any other .exe.  Start MalwareBytes, do the update, then run a "Quick Scan".  After it's finished click "Get Results" and click "Remove Selected".  It may prompt for a reboot and when Vista or 7 reboots, you have to give permission for MalwareBytes to run and finish the cleanup - look for the prompt in the lower-right task bar.

Next download HitMan Pro free version from SurfRite.  Run it, let it update, hit Next, choose the "one-time scan". When it's done scanning, look at the list to see if there's anything besides tracking cookies.  If there's anything in red like a rootkit, choose Next.  On the activation page there will be a text link to do a one-time free activation.  Click that and allow it to clean the rootkit and reboot if asked.  Again - Vista or 7 will ask for startup permission.

Optimistically, your machine is now clean.  Go into Add/Remove and uninstall all security products.  AVG, AdAware, SpyBot, Norton (Symantec), McAfee, all of it.  You can really crap up a system overloading it with this stuff which is pretty much useless against modern threats (as was shown by your experience).  I recommend using only one AV product and then being informed about pop-ups which when clicking OK on teh wrong one, will cause malware files to be installed.  My preferred AV is Panda Cloud and I train customers to close all script-generated pop-ups using Task Manager.

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus
AV, Booted up in regular mode and that pesky virus is still there even after unchecking all of line items in msconfig and won't let me get on the internet. It starts to go and then a window opens and says what would you like to open this with and then goes to another window that has folders in it and when you click on the folder it opens the folder and there nothing there that gets you on the net. You can't access the security center says it can't be found in another little window. Can't get to internet options it asks like going to the internet what do you want to open with same thing with malwarebytes and so on. Well will be waiting for next ideas. thanks in advance again. KDW
photo of member named
Hubby
insert witty description here
I am a Grown Up Geek
Re: Hijack virus
knuckle dragging welder wrote:

Well will be waiting for next ideas.
thanks in advance again. KDW

1) backup
2) reformat/reinstall

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus
Smile yeah I hear you. Just have the need to try somethig now since I will not have the device for a bit. I want to beat this little bug. Thank you again. KDW
animestrinity
animestrinity's picture
I am not telling from my own planet... keep off... no visitors.
Member for 7 years 26 weeks
GuG-Points: 6576
Re: Hijack virus

Did you ever take Hubby's advice about using HijackThis to create a log for people here to look at?

photo of member named
Hubby
insert witty description here
I am a Grown Up Geek
Re: Hijack virus

i think we decided that would be too tedious.. Not just to review the logs (not that big of a deal) but to then try to talk the victim thru manually removing the entries from startup, registry, etc.
..i have changed my vote to "nuke & boot"

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus
Anom/vis.(AV) Thanks for the post. Hubby also thanks for your help as well. Sorry I jumped right in to it and did not say thank you and thanks for the camera tips. Smile AV I am going to give it a try right now, however I have messed with my start up menu alot over time with spy bot tools. I look at Phil Collins? start up list comments and I uncheck anything he says is malicious, resourse hog or generally not needed. Yes there is quite the list and alot of it is unchecked. I have never looked at start up from msconfig mainly because there isn't any guidence, what to leave checked and what to uncheck. With your comments I feel a little more confident or dangerous. More specifics would be very helpful to me. Example can you un check enough stuff to where your computer won't even start? At the bottom of spy bots list is a bunch of windows or winlog items with no explanation. There is the AVG item you mentioned I am remembering here, I usually do not un check because it's AVG Wink even though there isn't any Collins explanation. Hummmmmmm!? I will uncheck them all if it will allow me to get up and running in regular mode for now and allow me to download some round up so i can kill some roots if necessary and it seems you are pretty confident that there might be. "(C:\Documents and Settings\"logon name*)." Am I looking for logon name or is logon name generic for whatever the virus might be using? "You'll have to unhide hidden and protected system folders to see these directories." How? Well went there. Tried to print it all out here. Could not get it to copy and paste. Maybe around 12 line items. Unchecked them all. Things like AVG tray something, itunes, mbam malwarebytes thing,kodak stuff a couple of others. Nothing seemed to be critical to the operation of the computer so I unchecked them all in the spirit of "living la vida loca" Wink "I recommend using only one AV product and then being informed about pop-ups which when clicking OK on teh wrong one, will cause malware files to be installed. My preferred AV is Panda Cloud and I train customers to close all script-generated pop-ups using Task Manager." Want to know and understand above quote. Also is "Panda cloud" freeware or should you purchase at ? in disk form or online...etc. AV and Hubby and anyone else please write to me as if I am a booger eating curtain climber and I don't know nuthin. Totally won't insult me because it's true and the extra detail will help a whole lot. I have to reboot so I will be back later. Thank you in advance. KDW
Anonymous Visitor (not verified)
Re: Hijack virus

After reading about your other symptoms, my vote goes for backup and reinstall as well.  There are too many issues and solving each one would be extremely difficult to do through a forum.  But if you still want to hack at it, there are a few things that you can try.  In one of your first posts, you said you ran SpyBot and MalwareBytes so I assumed your system would run exe files and still had a path open to the Internet.  Now it seems that exe's (programs) will no longer open open?

In the Malware section on this site, look for the Thread called "Trojan wont let me open programs// this is a bad one!!".  In there is an explanation of how to correct the Windows Shell Command change that is not allowing Windows to open some programs.  If this works and once you get Internet Explorer to open, you probably won't be able to get online.  With Internet Explorer open, go to Tools, Internet Options, Connections tab, LAN and if there's a check in the box in front of "Use proxy server....", uncheck it.

These are the battles you will face if you continue to scrap with this particular malware which seems to have dug in pretty deep, so ya.... Hubby is saving you a lot of work (possibly futile) by nudging toward a reinstall.

So let's prepare for a reinstall.  You already know that you need to copy all of your irreplaceable data like pictures and documents.  Look in My Pictures and in My Documents.  Kodak saves its pictures in a shared folder and we don't want to skip those.  Open My Computer and you should see a folder called Shared Documents.  Be sure and look in there for pictures.  Hubby mentioned saving your email.  If you go online (Yahoo!, Hotmail, Gmail) to check your email, you don't need to worry, but if you use an email program like Outlook, Outlook Express, Thunderbird, those emails and contacts are stored on your computer.  Each of those programs has its own procedure for backing up messages and contacts.

Your other questions... Panda Cloud is free (search it) and the reason I recommend it is because it is easy on computer resources, stays constantly updated, suffers no glitches, and requires very little input or intervention from the customer.  It doesn't ask questions, it just does what it needs to do.  During the install, you want to be sure and uncheck the toolbar and homepage change.  Like I said, even with a good AV installed if you click OK on a pop-up, you could install malware on yourself that will go around your antivirus.  Panda Cloud was rated high by PC World magazine against malware but it still won't save you from being fooled by something pretending to be a virus scanner.

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

Oh yeah. pretending to be a virus scanner. When I get the light brown bar across the top of the screen I usually hit the x button and close it unless I am trying to download something from a site I went to looking for a specific thing then i figure it is OK because I initiated it. So how do they fool you into clicking? is the x button really a yes button? And if so how should you turn off or close these things. Thanks again for your help. KDW

Anonymous Visitor (not verified)
Re: Hijack virus

Any script-generated pop-ups encountered on the Internet should be closed using Task Manager in the Application tab (Ctrl-Alt-Delete).  End Task the pop-up and the page that loaded it.

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

Thanks AV For the hot tip. Will use for sure and for certain.

KDW

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

AV, thank you for revisiting this. I totally agree with Hubby and you and I have every intention on doing just that. I am looking to explore the processes and steps to rooting out this bug until I obtain the back up device and hoping not to go to far as to lose what I have left to back up. But posting in detail as if you are speaking to a booger eating curtain climber is very helpful. You see when I explore I am slow to key and methodical the problem is when I have to take a key stroke of faith. So the plainer the speak and the more verbose the better for me and therfore less key strokes of faith. Wink "In one of your first posts, you said you ran SpyBot and MalwareBytes so I assumed your system would run exe files and still had a path open to the Internet. Now it seems that exe's (programs) will no longer open open?" Answer is, this hijacker will not let me access the internet or any exe program that could potentially let me mess with the virus in regular mode. As I did the things you suggested me to do in safe mode and then go to regular mode and give it a go, in regular mode it's a no go. In safe mode I can do most things. However just a day or two ago it, the virus or part of it, was in safe mode and I was able to solve with the tools I have already mentioned and here I am coming to you from safe mode. In regular mode if I try to go to the security center it will say not found. If I try to launch Internet Explorer it goes to the how would you like to open this window. For instance internet explorer. Click on IE and you go to the how would you like to open this window and you will see all the regulars including internet explorer and of course you click on IE and it opens another window which has files in it and you click on those and same thing or empty. Spy bot and malwarebites do the file not found little window. There are other areas that I can not recall at this time that I can not use or get to as well. It was something in the control panal and I could access some of the options in whatever it was I was in but others did the not found window. All this is in regular mode. Something odd to me is I can get to security center in safe mode but there isn't any on off for anti virus stuff just the fire wall. I am assuming that is because it is in safe mode? Also In safe mode I can not print. That is a bummer because if I cannot leave this thread open I have to write down all the intructions or try to remember them. Well remembering them is out. Guess I better sharpen my crayon. on to the prepare for install part of your post. Kodak. To me the worst thing I ever put on this computer. It is probably just me but it seeme to be a resourse hog and very irritating. Alot of the pictures are dupicate of duplicates and that's why there is so much of it and why my wife does not want to go through them all and does not want to delete them. Any ways you were pointing out folders could be all over which brings me to Win XP Root structure. Please don't hold it against me if I am not using the correct terms. When I go to win explore there are lots of files specially compared to win 98. So I am looking for pictures and it would be nice to just go to my Doc or my Pics and move them and be done with it. Nope there is Admin. and it has all the files as well as all users, all users windows, owner, owner conputer, owner~1~ com. I cant recall at this time as to which files I have found pictures in the places that you have mentioned as well as most of these other places and my wife does not know how to save to anywhere. So my back up process has been starting at the bottom of the root structure and go through all of the files one by one + by + - by - untill I get to the end just to make sure there are no item that I would like to back up. Quite a pain actually. I told my wife that once this virus is healed I am going to teach her how to save and I am going to put a folder on the desk top so she can put everything that is near and dear to her in that folder.

photo of member named
Hubby
insert witty description here
I am a Grown Up Geek
Re: Hijack virus

Firstly - welcome! We'll do our best to help

Secondly, although it's probably a bit like telling someone to wear their seatbelt AFTER they run into a telephone pole, if your wife has precious pictures YOU MUST BACK THEM UP! How you back them up is a whole nother post as it can get complicated, so let's take this as a learning experience regarding the importance of backing up important stuff.

THIRD - keep in mind that not everyone can fix these things themselves and it might be worth plopping down $75 at the local geek-store if those photos are really that precious. To put it another way, suppose I came to a auto-repair forum for beginners and said: "My transmission is broke. I can get it into reverse, but that's about it. Please walk me through how to fix it. and keep in mind that I have only basic tools, but i dont really know how to use them" .. See what i mean?

Ok.. enough bloviating.. let's get started... it MIGHT turn out to be not all that complicated..

You have two options: 1) "clean" the bad stuff off and go about your business or if that fails 2) extract all your important stuff, wipe the whole thing clean, and start over

let's go for option #1 because it is usually faster and easier.. #2, the last resort will get ugly..

I would start by downloading and running a program called Malwarebytes. You can download it for free here: MalwareBytes.com .. Be careful to click the blue download button right below where it says "download location", and not one of the advertisements that may also say "download" .. Be sure to read all of the instructions on how to install and use/run the program here: How to use Malwarebytes. It's not very complicated, and it's spelled out very well - just a lot to read.
Chances are that Malwarebytes will take care of it all for you.. If so, come back and post your thanks.. if not, then things may get complicated - come back and post what happens, we'll need some other additional information, and we'll go from there.

knuckle draggin...
I am new here at GrownUpGeek.Com
Member for 2 years 49 weeks
GuG-Points: 54
Re: Hijack virus

First of I feel a little awkward refering to as Hubby. Just sayin. Wink so here goes.

Dear Hubby,
Here is what I have done so far prior to posting here.

Ran Spy bot. Found stuff and did what Spy bot does to found stuff.
Ran malwarebytes. Same as above.
Ran AVG free. Did not find stuff.

Ran all these in safe mode in the order above as well as ran all updates first.

What the computer does still after running above. In regular mode (not safe) after booting up it says that I have a security problem and to click on the balloon eminating from the right hand bottom of the monitor were all the icons are. It takes you to a fake web site, in my case it is a malwarebyte site, and says that I have to purchase there product in order to fix the problem.

The first thing I looked into was my windows security to see if all was ok and when you click on the security icon in the control panel, security starts to come up and then a balloon pops up saying "program or file" cannot be found. When you try to go to the internet it says the same thing and wont allow you to go to other things as well like system restore.

So from safe mode I researched what is up. Most posts are from 2005 thru 2008 Seems like I need to download "hyjack this" and run a log of some kind and allow the Geeks to review and then a list of changes to be made and in the end success.
Problem for me was I did not understand all that was said. Like how to get the log, where to get the download, how and where to go to make the changes.

I am pretty sure with a little prompting that I can get this done. I have identified a rootkit on my computer with a malware program, which for some reason the program could not remove, googeled it found the rootkit killer download. Downloaded it ran it and Viola! she za no more sick.

I plan on purchasing a terra bite external hard drive for future back up and for current back up I have been using a stand alone computer , not connected to the internet, utilizing a USB device called "Multi linq" by BAFO. However it is now offically full as well as being compressed.
The problem is my wife puts the pictures on the computer and I transfer them to the backup computer. Camera will hold about a years worth of events before she puts them on the computer and then wipes her card clean. Now she is going to purchase new cards each time it becomes full for another layer of protection.

Of course the hyjack virus was not expected because I use AVG, Spybot, and Malwarebytes all the time to keep the bugs away.

So I can totally relate to your analogy of putting on a seat belt after you run into a tree.

As far as the tranny analogy your right basic tools and no mechanical intellegence could be a problem. However if you had the interest and drive that's all I would need. We can puchase tools as we come to the need for them. You would just have to relize this will take a while. I got some basic tools one or two special tools a little knowledge, enough to be dangerous to my computer, as well as interest and drive.

If you are willing I will be your ,please pardon spelling, pa di one oh Obee one and together we will use the force to remove this intruder.

Thanks
KDW (knuckle dragging welder)

Post new comment

The content of this field is kept private and will not be shown publicly.
To prevent automated spam submissions leave this field empty.