I am working on my son’s computer. It had Internet Security 2010, and I got rid of that. Avast gives me a clean scan - no infections. I’ve run an SuperAntiSpyware scan but it shows no infection. MalwareBytes shows a clean machine. When I click on a link in Google, the Browser Hijacker takes me to a different site than what I intended. I downloaded and updated Ad-Aware, but it malfunctions every time I run a scan. I’ve looked over the HijackThis log and cannot figure out the problem. Also, the Hard Drive in this computer seems to very active, running for long periods of time and slowing things down. I’ve checked the Task Manager Processes and can’t see any major problems. It just doesn’t seem right.
You will note also that this computer needs Service Pack 3.
I would appreciate your help on this situation. Attached is the HijackThis log.
Browser hijacks can be cause by a router hijack- if you have a router, check the DNS settings.
There’s nothing obvious in the log- if there is malware, it’s hidden.
I’d recommend booting from a rescue disc, independent of the operating system. This will see any hidden malware. Unfortunately avast! doesn’t do one, but there are several free ones available.
Rescue CD’s. Download and burn the disk image on an uninfected computer. Boot the infected computer from the disk and run a virus scan (after updating virus definitions if this option is present).
I have never run a rescue disk before. I downloaded KAV and burned it to a disk. I booted up the infected computer with KAV and the computer went to the desktop and the Hard Drive just runs and runs and runs. I can’t bring up my browser (Firefox) and I can’t even shut down through the Start button.
Pondus,
After I have let KAV do its thing for a hour or so, I will try to have at it with ATF cleaner. If need be, I will post to essexboy.
Thank you both. I used to be a virus eliminator, even on the forums, but I’m out of the mainstream and am rusty. Your assistance is a great help.
If your using F.F go to tools > options >advanced > network > settings, have a look if the pc is set to use a proxy.If it is and you did not do it intentionally, tick the no proxy option
When you boot from the KAV disc, there should be an option to update definitions. The best way to ensure this happens is to have a wired network connection if possible.
There should then be an option to scan.
As you say the HD is active, I assume KAV is scanning.
I tried to install SP3 on the infected computer. I got an error message saying that atapi.sys was being used and that I needed to shut down the application - and there weren’t any applications open.
I don’t think KAV ran a scan because it just booted up to the desktop - no pop-up menus or anything like that.
As far as a router infection, the other computers that I have running off the router are not having trouble.
I ran the MBAM and it found 2 infections and then died and rebooted. A message came up that the system had recovered from a serious error. When I ran it in Safe Mode, the same thing happened, this time I caught a glimpse of the blue screen of death just before it rebooted.
I ran the OTL and it died mid-scan and rebooted. The same message that the system had recovered from a serious error came up.
The same thing happens when I run Ad-Aware.
Two other weird things - pop-up menus have what appears to be Spanish mid-way down the menu - “anadir al archivo…”, "anadir a “Start Menu.rar”, “anadir y enviar por email…” and “anadir a “Start Mene.rar” y enviar por email”. I’ve never seen that on a computer before.
The other thing is that when I put in my flash drive, I get the pop-up “Compressed (Zipped) Folder Please insert the last disk of the Multi-Volume set and click OK to continue”.
Now the computer just rebooted on its own when I wasn’t running any programs.
Any further advice? Thank you.
Pinnacle, thank you for your input. I have checked out the MS site, but I don’t have any luck with their advice.
One mite also go into safe mode, and run “SpyBot”, and Avast (had mine IE7 Hijacked 12/27/09) was the only thing that the
Trojan??? that worked to get the burger…but try safe-mode w/o no internet…run complete scan (Vista?? or XP) then if any
thing, turn on only a few “Services” under MSconfig to see if anything gets triggered to wiered ops of ur system…G/L…
Trying to install updates on a computer that is infected or misbehaving is not a good idea.
Do you have BIOS set to boot from CD? If not, change the BIOS settings and try the rescue disc again.
If it still fails, it may be a bad burn.
If the other computers are not having problems, it looks like hidden malware on the computer that’s causing redirects and not a router infection.
It may be a good idea to check out the cause of the BSOD’s. You can set the computer not to reboot after a BSOD so so have time to read the error message- note it down and manually reboot.
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
I am not as up-to-date on some of this lingo but I’ll Google it and get back to you.