Wondering what I've got........

[Sleepyman]

Hello All,

My computer is acting strangely and I can't figure out what happened.
Running Win XP Home. When I try to use the Search function off the
start menu, the page will open up plain black on the left side, and
blank on the right. Refresh accomplishes nothing. When I try to go to
Windows Update page, I click item in start menu, and nothing happens.
It is like I never clicked at all. Same thing with Health and Support.
Same thing with System Restore. When I try to open my internet based
email account,it opens a blank page and says "done".

I have run AVG and Trend Micro AV, Spybot S&D, Ad-Aware SE, and HiJack
This, and have found nothing. I tried NOD32, and it found a
"variant"of Win/32 Adware/Voomba.exe. and Win32/Adware Webdir
application in NT Authority/System. I have had no luck cleaning them
with NOD32.

Can anyone tell me if this Win32/Aware bug could be responsible for my
current problems?

Thanks for any and all help,
Sleepyman

 

[David H. Lipman]

From: "Sleepyman" <[email protected]>

| Hello All,
|
| My computer is acting strangely and I can't figure out what happened.
| Running Win XP Home. When I try to use the Search function off the
| start menu, the page will open up plain black on the left side, and
| blank on the right. Refresh accomplishes nothing. When I try to go to
| Windows Update page, I click item in start menu, and nothing happens.
| It is like I never clicked at all. Same thing with Health and Support.
| Same thing with System Restore. When I try to open my internet based
| email account,it opens a blank page and says "done".
|
| I have run AVG and Trend Micro AV, Spybot S&D, Ad-Aware SE, and HiJack
| This, and have found nothing. I tried NOD32, and it found a
| "variant"of Win/32 Adware/Voomba.exe. and Win32/Adware Webdir
| application in NT Authority/System. I have had no luck cleaning them
| with NOD32.
|
| Can anyone tell me if this Win32/Aware bug could be responsible for my
| current problems?
|
| Thanks for any and all help,
| Sleepyman


Please download, install and update the following software...


* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

 

[Kayman]

Please download, install and update the following software...

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

I notice that you don't recommend Ad-Aware anymore; Any reasons?

 

[David H. Lipman]

From: "Kayman >" <<[email protected]>

| I notice that you don't recommend Ad-Aware anymore; Any reasons?

Oh no... I still do.

Sleepyman stated; "...I have run AVG and Trend Micro AV, Spybot S&D, Ad-Aware SE,..."
Therefore Ad-aware was left out because Sleepyman showed it already had been used.

 

[Sleepyman]

From: "Sleepyman" <[email protected]>

| Hello All,
|
| My computer is acting strangely and I can't figure out what happened.
| Running Win XP Home. When I try to use the Search function off the
| start menu, the page will open up plain black on the left side, and
| blank on the right. Refresh accomplishes nothing. When I try to go to
| Windows Update page, I click item in start menu, and nothing happens.
| It is like I never clicked at all. Same thing with Health and Support.
| Same thing with System Restore. When I try to open my internet based
| email account,it opens a blank page and says "done".
|
| I have run AVG and Trend Micro AV, Spybot S&D, Ad-Aware SE, and HiJack
| This, and have found nothing. I tried NOD32, and it found a
| "variant"of Win/32 Adware/Voomba.exe. and Win32/Adware Webdir
| application in NT Authority/System. I have had no luck cleaning them
| with NOD32.
|
| Can anyone tell me if this Win32/Aware bug could be responsible for my
| current problems?
|
| Thanks for any and all help,
| Sleepyman


Please download, install and update the following software...


* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

Thanks for the suggestions David.

I forgot to mention that I had run Webroot Spy Sweeper, and it found
nothing.

I got Super AntiSyware, ran it, and it found a couple of things that
nothing else had found. eg:

A ton of Tracking Cookies that all other programs had missed. They
were to places I had never visited directly, or hadn't been to in
months.

Trojan RootkitTnCore-C\System32\drivers\core.sy
with a couple of registry entries-HKLM System\controlset\services\core
Sets 001, and 003.

Trojan.Rootkit-TnCore/Installer:
C:\Windows\System32\build_dol.exe So much for the AVG Anti-Rootkit
program that I had just run also.....
So I fixed those.

Have never thought to run Spybot S&D in safe mode, so I did so.
It found this: SmitFraud-C.CoreService
C\Windows\System32\drivers\corecache.dsk
So I fixed that.

I was hoping all would be fine after that. Unfortunately, that was not
the case. All is as it was before, except I don't seem to be plauged
with pop-ups anymore.

I greatly appreciate your help. I hate to do it, but it looks like I
will have to reformat C. I'm worried about backing up the drive,
because I would be afraid that when when I restored backed up files,
that I would just be re-loading the problem.

Thanks again!

Sleepy

 

[David H. Lipman]

From: "Sleepyman" <[email protected]>


< snip >

|
| I greatly appreciate your help. I hate to do it, but it looks like I
| will have to reformat C. I'm worried about backing up the drive,
| because I would be afraid that when when I restored backed up files,
| that I would just be re-loading the problem.
|
| Thanks again!
|
| Sleepy

One last effort...



Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

 

[Sleepyman]

From: "Sleepyman" <[email protected]>


< snip >

|
| I greatly appreciate your help. I hate to do it, but it looks like I
| will have to reformat C. I'm worried about backing up the drive,
| because I would be afraid that when when I restored backed up files,
| that I would just be re-loading the problem.
|
| Thanks again!
|
| Sleepy

One last effort...



Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

Thanks for the advice David. One problem, I cannot access any of my
email accounts and the forums need to send an email confirmation. So I
guess I'm out of luck.

Thanks again,
Sleepy

 

[David H. Lipman]

From: "Sleepyman" <[email protected]>

|
| Thanks for the advice David. One problem, I cannot access any of my
| email accounts and the forums need to send an email confirmation. So I
| guess I'm out of luck.
|
| Thanks again,
| Sleepy

Good luck !

 

[Kayman]

| I notice that you don't recommend Ad-Aware anymore; Any reasons?

Oh no... I still do.

Sleepyman stated; "...I have run AVG and Trend Micro AV, Spybot S&D,
Ad-Aware SE,..."
Therefore Ad-aware was left out because Sleepyman showed it already had
been used.

Sorry, I should've read the original post more thoroughly