So I was trying to stream a show from a site that my friend gave me, and somehow it gave me some brutal virus/spyware/adware/trojan garbage. Don’t know how it got on my comp because it didn’t even ask me to download anything at all, it just all fell apart… So anyway, having serious issues now and can’t even connect to the internet (on a laptop right now, not my PC). When I connect to my homepage, it redirects me to avxp.net or something like that, which is obviously a bogus antivirus scan that asks me to download their program which will further screw me over. I can also connect to google for some reason. If I try to connect to a site by URL it says it can’t connect, whereas if I try to connect through a google search it redirects me to random crap pages that DO NOT HELP.
I have a couple screenshots of the files that I’m almost sure are doing it, since I delete them and they keep recreating themselves, but they’re too large for me to attach so if you ask me to I can upload the pics to a site and post the URL for them here. I also have a HJT log, though I only found one thing suspicious (the file at the top, but I can’t get info on it or delete it or anything). Below is said HJT log. Please, please, PLEASE, someone help me!!! Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:28 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Forgot to mention, but when all this began it wiped my desktop background and replaced it with an ad saying my computer was infected and I needed to download some program. Thanks for the recommendation, but I can’t download anything right now. As I stated, any time I try to connect to a site, it stops me by either saying it can’t find the site or redirecting me to a random site, typically a search engine. Downloading is, unfortunately, out of the question…
do you have any other anti spyware loaded like spybot or ad-aware
do schedule a boot time scan with avast asap
MBAM would be best but you can’t DL it
there are some other methods to had kill this thing but it would be nice to know which one you have
what do the pop-ups say?
you can also try that SAS scan again in safe mode
will Dr.Web cure it connect? F-protect etc?
I only have avast! and SAS on my system. Scheduling a boot scan with avast as we speak hopefully it catches this stuff. The only pop ups I get are actually redirects, and I either get redirected to a search engine site or something along the lines of www.avxp.net (which does a BS scan and tell me to download their programs, which are 99.99999999999% likely to be more spyware). As for the Dr.Web cure thing, no clue what that even is lol
I’ve had BitTorrent for a while and have had no problems with it, though I know about its track record so to speak. However, it wasn’t even running when I got this issue so that’s not the problem. Viewpoint, yes, is a likely culprit. As for the first entry, the F2, that’s the entry I couldn’t do anything about. Couldn’t get information on it and couldn’t repair/delete it. I would also like to add that I don’t use IE, I use Firefox.
Okay, so the boot scan finished and found one corrupted file, can’t remember which one and can’t find it in the log but it found it. Also removed the Viewpoint thing through HJT, but I still can’t fix that F2 entry from the very top. I rescan and it keeps coming right back up. Still can’t access sites, but the avxp thing didn’t pop up when I opened Firefox, which is a start.
Firefox and Thunderbird are less prone to The Active X control vulnerabilities. But that’s not the problem. The BitTorrent question here is that the files are on the PC, even if not used. So the malware can get to it. Thanks for the tip on the vulnerabilities with the Firefox add-ins. Luckily I don’t use many as it does slow FF down. So no real problem there.
Maybe look at Avast Virus cleaner for removal of a limited set of viruses/worms. But that is not the real reason. This app has - although I’ve not yet had need of it - the ability to look at and edit/adapt a system to get it working again. It will use its own files to rename/replace MS files. At avast!'s home page.
My combo is FF, TB, avast! 4 Home, Spybot and Filseclab for a firewall (this really works, easily).
The real reason I’m here.
avast! caught an HTML:Alaple-A[Wrm] virus from a site in South Africa. www.satec.co.za. Three times! All I needed to do was “Abort the connection”. I cannot get any info where I can contact them to let them know about this. Any help? Thank you.
Oh yes, avast! auto updates (080822-0,22-08-2008) and runs in residence - 6 services. Filseclab regularly shows denials to attacking traffic.
The point about BitTorrent made sense so I went ahead and wiped that out, hoped it’d work but now it’s right back where it started - loaded up my homepage and it redirected me to avxp-2008.net and did its little BS scan claiming I was ridiculously infected and it could help me. Still couldn’t manage to repair/remove the F2 entry from HJT, which is still bothering me because I’m sure that’s part of my issue since I haven’t ever seen it in a HJT log until I got this issue. So… any other suggestions anyone?
Since I appear to be running lower and lower on options, I’ll put a link to the screenshots I took of the files that continuously reappear when deleted, as I’m sure the virus is in there somewhere (when I originally looked through the files, I checked the Created date and a lot of them said they were created right when I started having problems. Problem is, every time I go to delete them, even in safe mode, they reappear when I boot the computer, making me think that I have yet to find the root of the problem). There were a good numbr of files for me to suspect, so I had to take 4 screenshots. They are recent - I just ran this search a few minutes ago.
Those are all the files that have been created yesterday. The big-time issues are the ones called Cache, they were created originally at the time my PC was infected and constantly reappear when deleted. I’m going to try deleting them now that I removed the Macromedia from my comp (since a lot of this stuff keeps appearing around Macromedia) but I’m not expecting them to stay gone still. Any ideas anyone?
Edit - As expected, deleted files reappeared again. I’m still suspicious about the F2 entry of my HJT log though, seems awfully curious that it appeared when this all began and refuses to leave my computer…
slow down a little
did the SAS boot time scan find anything- what exactly
avast scan?
still unable to download anything?
do you have a pen drive or a spare hard drive you could download files to at a buddies?
here is a write up from threat net http://www.threatexpert.com/report.aspx?uid=92ecfbb6-1a1b-42c5-94ac-da1b72596eab
so a hand removal could be attempted
(at the end see an example on how a hosts file or outbound firewall would have prevented this infection from phoning home)
however (If Polonous or other experts are away for the weekend)
If we do not make any progress here I would suggest that you post over in the Malware Bytes Forum
Jean In Montana is an expert on this infection http://www.malwarebytes.org/forums/index.php?s=45dddb9fa76cce9f6b2dafdfec641a8d&showforum=7
However if you post there be sure to read all the stickies and do everything exactly- they are busy and tend to not have much patience
post a link to this thread tell Jean “Theolona Ranger says howdy”
please report back how you do
good luck
There is a very good Chance that IF you could run a fully Updated, “Full Scan”
of Malwarebytes’ Anti-Malware, the problem MAY be resolved. Since you cannot
download anything, try and use a Friend ( not the Idiot who referred you to that
Site ) who has an uninfected computer or perhaps a local library to “burn” that
program onto a CD for future installation into your computer . IF this and/or IF
an experienced “Malware-Fighter” like “JeaninMontana” cannot help, the only
recource seems to be reformatting and reinstallation of your Operating System !?
By the way, malware is getting so bad that just visiting an infected Site can
infect a person’s computer .
Way back in reply #3 Jtaylor83 suggested the two programs most likely to resolve the avxp-2008 issue, see below. I can only assume that you didn’t run them as a) there was no mention of having run them, b) the topic is still on-going.
He is going to have to get creative then, use a friend, etc. download the files save to CD/flash drive, etc. and transfer to his system. How is he posting here or is it just downloads that are restricted.