need help, i've been infected

for the past few days everytime i open internet explorer, numerous web pages pop up continuously—all has error 404 on it… plus my computer has been running slow. i’ve think i’ve been infected with a trojandownloader
well, heres my hijack log

everytime i do a hijack, it pops up with this, “for some reason your system denied write access to Hosts file…”
will post log once i get it down…

The symptoms you describe could be vundo/smitfraud and the pages may be blocked by your hosts file. The blocking is ok. The access denied to the host may not be so good.

If you have spybot, we will have to turn teatimer off untill we are done. I’ll post the instructions.

Also, since you can’t get HJT to work, we’ll try a different tool which will give us the same info and more. If this tool fails to run, we’ll try a different trick.

So let’s start with teatimer, if it’s relavent. If not procede to the next step.

Open Spybot and make sure teatimer is disabled, we will re-enable afterwards. To do so do the following

Click mode
click Advanced mode
if you get a warning answer “yes”
click tools
click resident
uncheck resident “teatimer”
click allow change

Download and Unzip to your Desktop: http://www.techsupportforum.com/sectools/ResetTeaTimer.zip
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Boot your system.

Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

well, my Hjt works just that i can’t seem to save a logfile, but i will try the above method anyways, also i don’t have spybot, but i have superanti-spyware will that work…

:slight_smile: Hi :

Have you tried following the “guidelines” at
www.bleepingcomputer.com/tutorials/tutorial94.html !?

If you click “Do a system scan and save a logfile” (top button), notepad should open with the log. Copy and paste that in your reply. If that doesn’t work, check the hjt folder for a log. DSS will also produce one as part of it’s scan.

i still cant save a log file, a notepad appear but its blank…

this is what it says everytime hijackthis pops up

"for some reason your system denied write access to Hosts file. If any hijacked domains are in this file, hijackthis may not be able to fix this.
if that happens, you need to edit the file yourself. to do this, click start, run and type:

notepad C:\windows\system32\drivers\etc\hosts

and press enter. find the line hijack this reports and delete them.
save the file as ‘hosts’ and reboot.

Did you try to run DSS (Deckards)?

^whats that? I’m not all that computer savvy

when i do a HijackThis, this seems to be poppin up everytime, i can’t seem to get rid of this… what is it
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll
010- Unknown file in Winsock LSP:c:\windows\system32\wpclsp.dll

Please follow the steps I posted here

http://forum.avast.com/index.php?topic=35016.msg293994#msg293994

^thanks alot