0

Hello all! I'm hoping someone out there has come across this little bugger and can tell me what to do! I'm at the point of having to reinstall my Windows XP as a last resort here, but hope that there may be another solution. Here's the problem.

2 days ago, I suddenly had a pop up window claiming to be MS AntiSpyware 2009, with the claims of infection, yadda, yadda, yadda. Having run into things like this before, I knew that I had been hit.

That in itself was my fault! My son and I were playing Call Of Duty 5 together, and it does not like the Windows XP firewall, or any of our antispyware / antivirus programs to be running. So we shut them down while playing together on our computers.

He remembered to turn his stuff back on.....I didn't, foolish me! :blush:

As I had a paid copy of SpyHunter, I simply shut things down and told it to run......only it wouldn't! The Task Manager showed that it was running, but the GUI was gone! No mater how many times I tried to run it, I got the same result.
No problem, I also have Malwarebyte's program.
Same result! The program was running according to the Task Manager, but no GUI! No way to interact with it!

So I called up my web browser, Firefox 2.0 and went to searching for a manual way to remove this thing. That's when I found out my browser had been hijacked. Any Google searches, and it changes the links to go.google.com

Okay, we have 4 computers in our house, mine, my wifes, my son's and my son's lap top. Jumped on them and they are good to go. I followed the manual removal instructions for MS AntiSpyware 2009 removal. Got all the files gone and the registery cleaned of it.

But both Firefox and IE are still trying to go to go.google.com. Worse: SpyHunter, Malwarebytes and AVG will NOT run! (or again, they are running, but the GUI won't display).

So I downloaded Hijack This on my wifes computer, burned it on a DVD, carried it over to my computer, and tried to install it.

No go. It won't let the install run. Worse, I tried reinstalling SpyHunter and Malwarebytes and it won't let THEM install either! It shows the install program is in the task manager, but again, the GUI is missing!

I did get AVG 8.0 to install and run. 2 hours later, it reports everything is just fine. Bull!

Testing other things out, all my games and other applications are running just fine. But I can not run ANY antispyware program at all or install one!

Oh, and another thing, both browsers refuse to go to like www.avg.com or other helpful sites when I try manually typing in the url. It just sits there and won't go!

2 other things I tried: I went to the host file in the windows\system32\etc folder, opened it up, and it did have other things besides 127.0.0.1 local hosts. I deleted them and resaved the file. Made no difference. And I checked, the host file still only shows the one local host.
I completely removed Firefox and downloaded their new 3.0 version. Same problem.

So, I can't show any log files from like Hijack This or anything, because it won't let me run them or install them!

And now I'm sitting here with my Windows XP disk inhand ready to completely reinstall it, to see if that works, but I would REALLY like to avoid that or find out it's just a waste of time.

Any heard of this or have any suggestions? Thanks for the time and help.

4
Contributors
5
Replies
6
Views
8 Years
Discussion Span
Last Post by jholland1964
0

Hi and welcome to the Daniweb forums :).

==========

Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
Go down to non plug and play drivers and see if there is one called TDSSserv and disable it.

==

Reboot and try running MBA-M again.

0

OUTSTANDING!!!

Okay, I was on to the TDSS thing, as I discovered my wininet.dll file had been messed with (that's why I kept getting the redirect on google links). I downloaded a clean copy of that dll and BAM! That took care of THAT.

But I still could not run any of my spyware stuff, nor go to their sites for help. I downloaded another small program (malwareremovalbot) and ran it. It reported the TDSS in my registry.

Unfortunately you have to buy of course to have it fix it for you, but I went in to remove it manually. Only to find: it would NOT show up for me when I ran regedit!

Came back here and saw your reply. Followed that instructions, rebooted, and SpyHunter came up right away!

It's now saying it sees the problem and is fixing it now. Yay!

Thanks so much! I've got over 400 gigs of data that, well lets just say I was dreading having try and back up and reinstall!

0

I would advise that you run the following too;

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

0

I can't run SFC\scannow...or ccleaner; or malwarebyte or avg...at 5:30 pm 3/27/10 I was hit with XP security Tool 2010 and it didn't look kosher to me; it said I had 25 critical problems and my Firefox was currupted--it felt like a scary scam...HOPING NO ONE IS REALLY GETTING MY IDENTITY, PASSWORDS ET AL.. I got it trying to get a streaming video...but my protectors warned that it was an attack site and I got off; next thing i know i have this 2010 XP plague-. I restored my computer to 10:30 a.m. today which was just after AVG had scanned it and I was not aware of any problem...now I no longer see the XP security tool 2010 plague pop-up but I still have a problem...I can't run my usual malware program; AVG or CCleaner...error messages tell me rundll32.exe is missing; other error messages ask me what program I want to use to open MBAM.exe or AVG.exe ...I can open Word/Excel...but no programs that would help me get in to scan..I have an XP CD --hoping I don't have to format the computer!!! must have the 25# code somewhere but don't remember where to look---.I can't seem to run that either...the error messages either shout they can't find rundll32.exe or which program would you like to open it with...can't understand how this could happen what with AVG and malwarebyte..i was going to download SPY BOT but didn't do it yet..no point at the moment since i'm shut down as far as opening any exe files. ..Hope someone can help me, Also, where do I find the Open Device Manager to follow thru with what Crunchie suggested? Can't re-install Mbam/AVG et al...It makes me nervous now being online trying to get info..thinking that somewhere someone is hacking me away with all my defenses not working...
oy! hope to hear from someone soon....thanks for reading


Hi and welcome to the Daniweb forums :).

==========

Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
Go down to non plug and play drivers and see if there is one called TDSSserv and disable it.

==

Reboot and try running MBA-M again.

0

Mernastr
This thread is a year old and the original poster never returned.

You need to begin your own thread in order to receive any help. More than one person is not assisted in the same thread. Begin your own, stating all information about the computer itself...os, av program, symptoms, what you have done in an attempt to correct the problems, post any logs you have and somebody will offer assistance to you specifically.
Judy

Edited by jholland1964: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.