Page 1 of 3

Am I Being Hijacked?

PostPosted: Sun Jun 12, 2011 12:06 am
by OneSpirit
For the past few days I have been having problems with I think malware ... I would go to excite.com and firefox would open another tab to a place that keep congratulating me for winning ... I not sure what is causing it. AVG blocks it sometimes, but not all the time, and I have run spybot and ad aware to remove any spyware, but I still get the tab opening with that ad. I get messages from AVG that threats have been blocked.
Also the computer doesn't respond sometime too. I would click open firefox or any other program and nothing would happen ... the computer would just sit there. I would have to reboot to get a response. Sometime things will slow down even the audio would be slow and broken. Anyone have any idea what is going on? Do I need to do one of those hijack things? :twisted:

Thank you for looking at my post.

PostPosted: Sun Jun 12, 2011 2:11 am
by Mr T
Ok, the first thing to do is to ditch AVG and download Microsoft Security essentials... Its free, but unlike others at the moment will catch nasties and not hog system resources.. Free ones like AVG, Avira, Avast etc are leaking like a sieve at the moment (I wonder why? Commercial enterprise perhaps?).. Update it... Download and run Malwarebytes Anti Malware, update that too... Boot into SAFE MODE and run malware bytes and see what it picks up... (Also clear your Internet cache)...

uh oh oh

PostPosted: Sun Jun 12, 2011 6:26 pm
by OneSpirit
I downloaded the malware software and ran it in safe mode ... in found infections in the registry keys and in firefox about 15 ... I had it remove the problems and when to reboot back to windows ... it would not boot up ... I would get a quick blue screen flash, then the computer would start rebooting again. I got the screen that stated windows did not start successfully so I told it to load the last know good configuration ... then it was able to start. Don't know if the software worked yet or not ... will update when I know.

Windows Not Happy

PostPosted: Mon Jun 13, 2011 11:22 am
by OneSpirit
Well sir ... I used the malware again and windows was not happy at all when it rebooted ... once again it asked for the most resent config where window would start. Had to do that again. And I'm still getting the tabs opening up with websites I don't want to see trying to sell me something I don't want.

I ran spybot again ... but no dice ... I'll keep trying other things to see if I get better results ... as I typed this post ... comodo reported a trojware.win32 .... I can't see all the details, but I've been getting notices of threats from comodo, AVG, and Adware. I don't like it ... I don't like it at all .... :twisted:

PostPosted: Mon Jun 13, 2011 12:06 pm
by evasive
I see a rootkit infection and a reinstall coming...

Root kit infection? Please explain ...

PostPosted: Mon Jun 13, 2011 6:19 pm
by OneSpirit
What make you think a reinstall will be necessary? Are you saying these trojans can't be removed?

These are the threats AVG finds but tell me when I tell it to remove them ... "Action was unsuccessful ... Object does not exist or is inaccessible"

It says its a trojan horse agent_r.ahr ... I've gotten several messages of threats ... multiple ...

c:\windows\temp\tsky\setup.exe ... the same file but with different folders
c:\windows\temp\uxnf\setup.exe
..........................\nkrh\.............
...........................\astp\............
bhlp, nspc, lovm, bnap, vjic, hubs, fkih, cmmf, fncs, ... and so on ... but all to the temp file.

This is one of the site AVG blocked ...
myonlinearcade.com/survey/1c94/index.php ... firefox open a new tab when I get them ...
So can anyone tell me what is going on? :o

PostPosted: Mon Jun 13, 2011 9:51 pm
by Mr T
Ok, to save a reinstall create another account and set it to administrator as well as setting a password... Select your account and set it to Standard user... Clear the system of AVG totally, it can give false positives and let stuff through anyway, and install Microsoft Security Essentials - Do this under the admin account... Disable system restore, clear the Internet cache and temporary files - use Disk Cleanup for this (go to My Computer and right click on C drive, properties and Disk Cleanup), tick all the boxes and let it do its thing... Reboot into SAFE MODE and run Malwarebytes again... You don't have to clean the infection her, but note where it is, you can manually remove it usually.. Remove, or Reboot into normal mode and manually remove, then run Microsoft Security Essentials....

PostPosted: Tue Jun 14, 2011 8:32 am
by evasive
http://www.threatexpert.com/report.aspx ... ac01b2df14

http://www.pandasecurity.com/homeusers/ ... rticulares

now this is just the tool to drop more nasties. Yes we can try the safe mode/different user trick, but be aware there may be more surprises in there.

PostPosted: Tue Jun 14, 2011 9:25 pm
by c327
You may want to consider downloading and running F Secure Black Light. It has in the past located a few very nasty nasties.

PostPosted: Wed Jun 15, 2011 2:35 pm
by OneSpirit
Mr T wrote:Ok, to save a reinstall create another account and set it to administrator as well as setting a password... Select your account and set it to Standard user... Clear the system of AVG totally, it can give false positives and let stuff through anyway, and install Microsoft Security Essentials - Do this under the admin account... Disable system restore, clear the Internet cache and temporary files - use Disk Cleanup for this (go to My Computer and right click on C drive, properties and Disk Cleanup), tick all the boxes and let it do its thing... Reboot into SAFE MODE and run Malwarebytes again... You don't have to clean the infection her, but note where it is, you can manually remove it usually.. Remove, or Reboot into normal mode and manually remove, then run Microsoft Security Essentials....

Any idea why Malwarebytes makes windows xp mad when I use it and reboot? Why won't it restart properly after using Malwarebytes?

evasive wrote:http://www.threatexpert.com/report.aspx?md5=ed1ad8a8ff2357b1665055ac01b2df14

http://www.pandasecurity.com/homeusers/ ... rticulares

now this is just the tool to drop more nasties. Yes we can try the safe mode/different user trick, but be aware there may be more surprises in there.

I have to check out those links and see if I can figure out how to use the tool.

c327 wrote:You may want to consider downloading and running F Secure Black Light. It has in the past located a few very nasty nasties.

Downloaded the program installed and used it ... and it said it could not find any hidden malware.

Thanks anyway ... :wink: