Explorer and Firefox hijacking

[TriplexDread]

Not good

I have run Avast, Malwarebytes, Zonealarm extreme security, Superantispyware, Smitfraudfix, Stopzilla pro and Combofix. They all find the usually spyware and other bits but just cannot resolve my browsers being Hijacked after 30ish seconds of no use

I cant even use explorer now it continuelly crashes as soon as it is started

Anyone suggest anything else?

TIA

 

[floppybootstomp]

AVG & Antivir may be worth a try, uninstall one AV program before installing another, of course.

Run that lot again in safe mode?

System restore?

 

[V_R]

Hijackthis?

 

[TriplexDread]

Never used Hijack this tbh is it easy to use ie just run and post log into what ever website?

Systm restore is off when scanning and booting and all things were run in safe mode yeah

I'm at a bit of a loss . Only a 4week installation I don't want to have to format again this soon

 

[nivrip]

HijackThis is very easy to use. However, getting it analysed can take quite a while, particularly on Bleeping Computer.


Mucks might have a look at it for you, as he often does for the regulars on PCR.

 

[V_R]

Never used Hijack this tbh is it easy to use ie just run and post log into what ever website?

Systm restore is off when scanning and booting and all things were run in safe mode yeah

I'm at a bit of a loss . Only a 4week installation I don't want to have to format again this soon

http://www.hijackthis.de/

If your confident.

 

[TriplexDread]

Thanks guys will take a look later on when little 'un bed

 

[EvanDavis]

another, of course.

Run that lot again in safe mode?

Not sure, but I think It were V_R that told me in a post I commented on, not to run AV and the like in Safe Mode

 

[V_R]

I never said that!

 

[EvanDavis]

I never said that!

Mmmmm, ok it might have been Muckshifter then..

 

[Abarbarian]

Never used Hijack this tbh is it easy to use ie just run and post log into what ever website?

Systm restore is off when scanning and booting and all things were run in safe mode yeah

I'm at a bit of a loss . Only a 4week installation I don't want to have to format again this soon

http://www.seagate.com/ww/v/index.j...toid=d9fd4a3cdde5c010VgnVCM100000dd04090aRCRD

So why haven't you got Seagate Disk Wizard which is Acronis 10 under a different name. Then you could make a backup of your freshly installed os to use if things go wrong. Click click and half an hour later you have a clean install to play with.

 

[floppybootstomp]

http://www.seagate.com/ww/v/index.j...toid=d9fd4a3cdde5c010VgnVCM100000dd04090aRCRD

So why haven't you got Seagate Disk Wizard which is Acronis 10 under a different name. Then you could make a backup of your freshly installed os to use if things go wrong. Click click and half an hour later you have a clean install to play with.

Assuming of course, there is a place to store a backup file.Maybe it's a single disk and no external HDD's available.

Mind you, a fresh install with no frills should fit on a 4Gb memory stick which is ok providing the motherboard can boot from a USB device.

 

[Abarbarian]

Or even burn to DVD/CD.

 

[floppybootstomp]

Or even burn to DVD/CD.

Uh, yup, me not firing on all four cylinders sometimes...

 

[muckshifter]

let me see your HJT log

HijackThis is very easy to use. However, getting it analysed can take quite a while, particularly on Bleeping Computer.


Mucks might have a look at it for you, as he often does for the regulars on PCR.

I'll take a look at any PCReview regular HJT log, if not just to send you over to BCs if badly infected ... I can analyse HJT logs


Running an AV in safe mode will not "catch" anything that is not running ...

 

[floppybootstomp]

I was thinking more of running the anti-malware apps in safe mode, sorry, should have made that clearer.

 

[TriplexDread]

Most have been run in safemode

I think I have found the culprit

'iologmsg7.dll'

I cannot remove it, I have tried loads of software stating it can stop these things from running and delete or rename it and place it somewhere else for inspection. Non will work...

I continuelly get File cannot be deleted or moved its in use by another person/process or blah blah blah. You know the rest.

I have even tried starting from a completely different O/S and then searching for it via that way. After finding it I still get same errors even though it's not in use - or shouldn't be anyway

There is another file similar called 'iologmsg.dll which I believe is legit. This is a nasty one would appreciate some help and ideas peeps. Proper starting to annoy me now!

 

[TriplexDread]

OK managed to remove the file, but to do so, started in safe mode and had to change a load permissions add admin and user rights.

Nightmare. I Don't like buggering about with that lot but luckily enough i've had some experience with it all before

Time will tell

 

[TriplexDread]

Hmmm still getting hijacked.

I think im gonna be formatting - Gutted!!

 

[muckshifter]

yes, iologmsg.dll is a ligit dll ... your iologmsg7.dll is a new nasty on the block, Avast does NOT detect it as of my writings. Not sure if any of the big AVs do, it's does have the label, malicious software.

Frankly, you're on your own at the moment, first reported some 20 odd hours ago,

The filename IOLOGMSG7.DLL was first seen on Jul 21 2010

you must have been one of them.

Sorry, I recommend a reformat.


I would still like to see a HJT log before you format.