Home > Hijackthis Log > Hijackthis Log (Got Affected By Windowsrecovery Virus)

Hijackthis Log (Got Affected By Windowsrecovery Virus)

Thanks very much. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Was to make sure my Anti-Virus definitions were up to date, answer is yes. scanning hidden autostart entries ... http://softsystechnologies.com/hijackthis-log/hijackthis-log-possible-virus.html

As I am writting to you it is here 5:15 PM. Several functions may not work. I first noticed links in Google were redirecting to spam sites (IE8 & Firefox).Malware bytes removed some spyware, but my browsers were still hijacked.Stopzilla found: c:\windows\system32\hjgruikbwqqhts.dll which it called a browser I looked at your latest log and everything looks just fine.

Best regards P.S. ComboFix 11-11-27.02 - Administrator 11/27/2011 20:09:26.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1216 [GMT -6:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\g2ax_customer_downloadhelper_win32_x86.exec:\documents Only about 3-5 minutes from when I turned my computer on I received a telephone call from a gentleman who stated he was from Microsoft tech department and he stated that

faustius 7.09.2009 02:48 QUOTE(rudger79 @ 7.09.2009 01:40) Vista? Disable it in your browsers at a minimum; or uninstall it from your system (you can always get it back later if you need it, and as a bonus you'll have I am very thankful for your help and appreciate it more than you know. The link at Zippyshare is:http://www15.zippyshare.com/v/OiT9p...

Here is the remedy which just may be your solution. In addition, I just noticed in the bottom left courner it is showing a error on this page. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.Click the green button.Read It found and removed an impressive amount of crap, including 11 rootkits...and got the Windows Recovery tool operational, which wasn't working for me.Ok, please see attached for the logfile.

or read our Welcome Guide to learn how to use this site. I will be waiting impatiently for your answer. Please download and install the following, request a scan, and post the scan log here. Even for an advanced computer user.

I have read many of the posts and answers and i am sure that I have several things going on including worm, virus, trojan horse, etc.. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Several functions may not work. Real time scanning had been disabled and whenever I'd try to enable it it'd stay on for about 3 seconds and then turn itself off again.

Or for a complete uninstall, and so our tools may run unhindered, please follow the steps on DuplexSecure's FAQ page for uninstalling the SPTD driver which these emulators use. http://softsystechnologies.com/hijackthis-log/hijackthis-log-possible-virus-or-malware.html Click this link to see a list of such programs and how to disable them. this topic is now closed. I have also posted a scan from malwarebytes.

richbuff 8.09.2009 07:45 Fix what Malwarebytes detects, and you're all good. If you have a new issue, please start a New Topic. 0 ..Microsoft MVP Consumer Security 2007-2015 Microsoft MVP Reconnect 2016Windows Insider MVP 2017Member of UNITE, Unified Network of Instructors and If you still can't run a scan, I'll have to confer. Check This Out Now that you have transfered the files to your computer, I suggest the following: Download, install and do an update of Malwarebyte.

The list is not all inclusive.Note: ComboFix may require some anti-virus programs to be uninstalled before running the tool. Re: Spotify and "Windows Recovery" fake AV Hayton May 5, 2011 8:18 AM (in response to lalalala) "... My window desktop seems to be refresshing itself .

Re: Spotify and "Windows Recovery" fake AV ConorD62 Apr 26, 2011 7:26 PM (in response to Hayton) *Looks at lucozade bottle*Spotify, you say?A lot of my friend have recently been hit

richbuff 7.09.2009 12:04 Run this script, PC will reboot: CODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true); QuarantineFile('C:\DOCUME~1\faustius\LOCALS~1\Temp\lac97inf.sys',''); DeleteService('lac97inf'); StopService('lac97inf'); DeleteFile('C:\DOCUME~1\faustius\LOCALS~1\Temp\lac97inf.sys');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;RebootWindows(true);Then, run this one:CODEbeginCreateQurantineArchive('c:\quarantine.zip');end.A file called quarantine.zip should be created in C:\. All Places > Security Awareness > Global Threat Intelligence > Web Threats > Discussions Please enter a title. If the malware prevents a McAfee scan from running, go back to Microsoft and run their Malicious Software Removal Tool (you will need administrator privilege for this). Please remember, I am a volunteer, and I do have a life outside of these forums.

Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. Its saved as a gif to cut down on file size.This was taken before Malware Bytes ran (and I have not removed anything). Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. this contact form Other than the peculiar absence of a anti-virus program, all seems fine.

Could this be causing the rundll.exe error message and problems I am having?Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{944864a5-3916-46e2-96a9-a2e84f3f1208} (Adware.Accoona) -> No action taken.Please help if someone knows what I can do to resolve Praise Vishnu! KL1.sys was the cause.When I restarted (Last known good config. Could there be more of the virus left?

Rkill was run on 12/05/2011 at 22:39:26. His look has also changed. Please do not use the Attachment feature for any log file. Restart your computer.4.

To learn more and to read the lawsuit, click here. As if Microsoft would be calling me...... As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged