Holy cow have I been hijacked

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

To start, I was surfing using Firefox and I got a ton of alerts asking
"Do you
want to make Explorer your default browser?" then a grey shield
appeared in my
tray and an AV scan appeared to start. I am sorry but I
don't recall the name
because I immediately killed it and all the
associated tasks and processes with
task manager then ran a sweep with
Spysweeper. (I *think* it was "AV something
2008"). Obviously I didn't
get it all.

Since then, my browser is hosed- search engines are hijacked, leading
me to all
sorts of sites I don't want. If I try to go to the sites of
any (reputable) AV
software I get page load errors and address not found
messages. Even if I can
get to the site I get page not found errors when
I click any links for download
of the software. I have the Spysweeper
with Antivirus loaded, and it will run a
sweep but it won't update.  I
thought it was a simple hosts redirection so I
renamed my HOSTS file to
HOSTS.bak and still see the same problems.

Worst of all, somehow my ability to do a system restore has been
compromised. I
can launch the utility, but after selecting a restore
point the "next" arrow is
unresponsive.

I was able to run smitfraudfix.exe and it seemed to locate several
items but it
didn't help (if anything it hosed things up more.)
Spysweeper also found several
items but quarantine then deletion seems
to have no effect overall on the
system.)

I have tried to use:
Malwarebytes (site won't load, and after finding the installer
elsewhere the app
won't run)
Superantispyware (download link not found, after getting the installer
elsewhere
the app won't run- gives error)
Spybot s&d (won't install- server name or address could not be
resolved)
Windows Spyware Removal tool (error says not a valid system32
application)
AVG  (error says not a valid system32 application)

I tried to load Malwarebytes and Superantispyware onto a thumb drive
but they
wouldn't run, and I tried both in safe mode, too.

Is there a fix? This is the second time this has happened to me in a
month and
this is a fresh install of WIndows- last time I got so
frustrated I wiped the HD
and started from scratch. I DO NOT want to do
this again if it can be avoided.

Help?


--
scabble
------------------------------------------------------------------------
scabble's Profile: http://forums.techarena.in/members/100422.htm
View this
thread: http://forums.techarena.in/antivirus-software/1185186.htm

http://forums.techarena.in


Re: Holy cow have I been hijacked


Quoted text here. Click to load it


Yes, that is a nasty little sucker. My son clicked on that pop-up
(Anti-virus 2009) while looking at ski videos and I ended up having to do a
total system restore (as in reformat the hard drive and use recovery disks).
I would gladly see anyone who is responsible for these destructive programs
sent to prison FOREVER and never allowed to touch a computer again.


Re: Holy cow have I been hijacked

On Sat, 23 May 2009 03:24:08 +0530, scabble

Quoted text here. Click to load it

Help?

The solution is to get a program such as Acronis True Image. It images
you entire hd, system files and all. I cannot tell you how many times
this program has saved my butt. Just make damn sure you undate
incrementally, just in case you do get something on your disk that you
weren't aware of and saved it to a True Image backup. With incremental
backups, you can choose one before the SHTF.

You also better get MBM plus a REALLY good AV like AVIRA, AVAST, or
Kasperky BEFORE you get hit again.

Get the HOST file at mvps and keep it updated.
http://www.mvps.org/winhelp2002/hosts.htm

Oh, yeah...there is a thing called Safe Hex. You better start practicing
it and paying attention to where you go and what you download on the Web
or Usenet.

I use AVAST, MBM, SuperAntiSpyware and Trojan Remover - all of them are
the paid versions.  Since  I wised up some years back, I haven't had a
single AV event. I have downloaded a bummer here or there, but my
resident programs caught them and saved my butt.

- End of Sermon  :o)

Re: Holy cow have I been hijacked



scabble wrote:
Quoted text here. Click to load it

Try reenaming the MBAM5320.exe to something else like 'scabble.exe' and see
if it will now load.
Do the same type of thing for SAS.
Time to start learning how to do backup images on a regular basis.
Best of luck,
Buffalo



Re: Holy cow have I been hijacked


[...]

Quoted text here. Click to load it

Sometimes you may need to rename the antimalware executable prior to
executing it. The malware could be preventing executables with certain
strings present in filenames - and killing processes by name.



Re: Holy cow have I been hijacked


Thanks for the tips, everybody. I tried the rename trick but it didn't
work at
first. I think I've got it now though.

I ran a sweep with Spysweeper (it's the one that was running, after
all) and
then after a reboot I ran it again. Each time it found a couple
squirrely files.
After that, I was able to run Malwarebytes from the
thumb drive.

I will be giving them some well-deserved payment. I've never used
Malwarebytes
before, but it is good stuff. At this stage I'm going to
run Superantivirus,
too. And maybe Malwarebytes again. After that I'm
going to take about 17 showers.

And I agree- these #&$@*! should be put in prison. How have they gotten
this far
anyway? There's too many of these jerks putting viruses out
there just so their
software can seemingly save the day. I've never seen
a more blatantly immoral
business practice.


--
scabble
------------------------------------------------------------------------
scabble's Profile: http://forums.techarena.in/members/100422.htm
View this
thread: http://forums.techarena.in/antivirus-software/1185186.htm

http://forums.techarena.in


Re: Holy cow have I been hijacked


Quoted text here. Click to load it

It probably wasn't a virus.



Re: Holy cow have I been hijacked

FromTheRafters wrote:
Quoted text here. Click to load it


I think it's called a bomb.

cheers,

wolf k.

Re: Holy cow have I been hijacked

Quoted text here. Click to load it

I believe it is being called "scareware" or rogue anti-whatever-ware.
:oD



Re: Holy cow have I been hijacked


FromTheRafters;4427962 Wrote:
message
Quoted text here. Click to load it

I think they should call it dirty underware


--
scabble
------------------------------------------------------------------------
scabble's Profile: http://forums.techarena.in/members/100422.htm
View this
thread: http://forums.techarena.in/antivirus-software/1185186.htm

http://forums.techarena.in


Re: Holy cow have I been hijacked

scabble wrote:
Quoted text here. Click to load it

I had a similar nasty sucker trash all the *.exe and *.dll files for
every application. It also trashed, or prevented use of, AV programs,
download of AV programs, etc. It changed assorted permissions, too, so I
couldn't repair the registry. Ouch!

I was able to get my system back by running A-Squared (Portable Apps)
from a small external drive. I also d/l a few other AV programs, and ran
those too. Stopzilla fixed the registry, but it cost me $40. (I've since
uninstalled it, as it is otherwise an objectionable program.)

Then I did a Repair: boot from the XP/Vista disk, as if you wanted to
install the OS. The installer will find your OS, and offer a Repair
option. After Repair (and Update), I could reinstall more AV programs,
which I ran in safe mode until they didn't find anything else.

Then uninstalled and reinstalled the apps. (I didn't reinstall them all
-- I had a lot of stuff I didn't need.)

I have XP back, with one exception: the Shut Down button ion teh welcom
screen is missing.... I'll put it back Real Soon Now.

Of course, the above hints may not be enough to restore your system. You
may have to do a complete reformat and reinstall. Good luck!

HTH

Wolf K.

Site Timeline