|
| ||
| Unknown Virus/Trojan Has Hijacked my system Hello. I found this thread on your forums: http://www.daniweb.com/forums/thread101817.html I am having the same issues as this person. I have Norton 2007 and have ran a full system scan in both normal and safe modes but nothing has been found. My problem started at approx 1240pm yesterday when my Norton said it detected and stopped a downloader. this happened several times and then my screen started to fill with "Symantec Proxy Email" pop-ups for random emails. There are like 100 per minute at least. I found a process running called "mrofinu1000512.exe" and killed it but my problem didnt stop. I looked in my system32 folder and found that file was created at approx 1240 and was able to delete it. But I also found another file called xpdx.sys which I cannot delete. I've rebooted in safe mode, and command prompt and still cannot delete. I went through my registry and deleted a couple keys for "xpdx" in run set but couldnt delete all of the keys for it. I did find and removed the keys for "mrofinu1000512.exe" These steps have not fixed my problem and since Norton is not finding anything wrong I dont event know what virus my computer has caught. I am currently not at home and have never used software such as hijack this.... Are these safe? free? Please any help is greatly appreciated. |
| ||
| Re: Unknown Virus/Trojan Has Hijacked my system Hijackthis is free and safe :). Welcome to Daniweb forums :). Download HijackThis from here. Download it to your desktop and NOT a temporary folder. Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system. |
| ||
| Re: Unknown Virus/Trojan Has Hijacked my system OK so before I dived into the Hijack this I 've been reseaching more on my symptoms and found that I most likely have something of the rustock rootkit. I ran rustbfix.exe and also gmer.exe. Rustock output: Quote:
Quote:
|
| ||
| Re: Unknown Virus/Trojan Has Hijacked my system
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. |
| ||
| Re: Unknown Virus/Trojan Has Hijacked my system cOmbofix: note I see that in Drivers/Services is Leagcy/fci which im pretty sure is a trojan. Do this mean its been removed or what? Quote:
Quote:
|
| ||
| Re: Unknown Virus/Trojan Has Hijacked my system Thanks for your help im off to sleep and will check and update in morning if you need me to make any changes. |
| ||
| Re: Unknown Virus/Trojan Has Hijacked my system Quote:
== Can you please do the following. =============== Scan with HijackThis and then place a check next to all the following, if present: O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked". =============== Other than that it looks ok. How is the pc now? |
| ||
| Re: Unknown Virus/Trojan Has Hijacked my system Have since installed AVG and updated my java. Heres the HJT after the lfix. computer is running much better now. Quote:
|
| ||
| Re: Unknown Virus/Trojan Has Hijacked my system Last thing you want is to be running two AV's. They will conflict with each other and any viri that one quarantines, the other will find and quarantine it. The 1st will find it again and quarantine it back :D. Disable one from starting and use it as an on-demand scanner. Congratulations! Your log looks clean - good work! =============== Now that your PC is clean you need to follow these easy steps to keeping it this way: Download CCleaner and install, then run it. It will clear out your temp folders.
Secure your Internet Explorer by going here and following the instructions there. Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still. Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature. Install and keep updated, AVG anti-spyware, Ad-Aware SE and Spybot S&D. Run them all on a regular basis, following the maker's recommendations. Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others. Empty the Recycle Bin. For XP users. After something like this it is a good idea to Flush the Restore Points and start fresh. To flush the XP system Restore Points. Go to Start | Run and type msconfig and press enter. When msconfig opens, click the Launch System Restore Button. On the next page, click the System Restore Settings link on the left. Check the box labelled 'Turn off System restore'. Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created. Note that all previous restore points will be lost. =============== If you have any more problems, post back. - Happy surfing, crunchie. |
| All times are GMT -4. The time now is 2:47 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC