Need some help with my comp

By KrdaxDrkrun on July 19, 2010 1:53:50 PM from

I have a Lenovo Ultra-portable x60s Thinkpad with Windows XP SP3.

I recently had a spyware attack: the AV Security Suite malware, and I got MBAM and Avira to get rid of it, but after it was completely gone, I still had a problem with my computer.

I cannot upload any kind of file to any kind of file sharing or hosting site.

I also get random redirects when using google to search for things.

I tried a computer search two days ago, but found nothing.

Tech forums have not been very helpful, so if anyone could assist me, I would be grateful.

-Syneptus

I am using Firefox, and I try to use chrome and IE but with the same effects. I reinstalled Firefox also to see if it would fix it, but it didn't.

+239 Karma | 55 Replies

It looks like there is still some spyware left on your computer. Since you've already tried using MBAM and Avira, go ahead and use ComboFix. Make sure you follow the guide (the download link is there too) outlined below:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Also, I would back up your most important files/data before doing anything.

Sounds like you still have malware on your computer. Try to load up the computer in safe mode and disable all non-essential start up tasks. Then run anti-virus scan and spyware scan. Once that is done, boot up in normal mode and leave the internet disconnected (to prevent virus from downloading or uploading any information). At that point run hijack this to see what is running on your computer. The log that it produces should help experts see what is going on. You can typically post that log somewhere and people will be able to help you figure out what else needs to be "scraped" off the computer.

marlowwe is probably corrrect. If you try the link and you still have problems you could always try the System Restore function and go back to a date where your system was working. If that fails probably the best thing to do is reformat and reinstall to a working backup.

Sounds like you still have registry entries.

Here is what to look for:

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ "[EIGHT RANDOM CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]tssd.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRun\"[CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"EnabledV8" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments"SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\"LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE
HKEY_LOCAL_MACHINE\SOFTWARE\avSofT
HKEY_CURRENT_USER\Software\avSofT

I will probably be needing to do some kind of research before using either of these.

Thanks.

a couple of additional suggestions......

1. Make sure your windows installation is as up-to-date as it can get

2. Download the latest Microsoft "Malicious Software Removal Tool" and run

3. Of course there is a plethora of other anti-malware software you can run one after the other to try to make your system clean and you may need to go through a few

One thing I always try to do (if possible) is to remove the infected HD from the machine and connect it externally to a "clean" machine and run the scans from there. Sometimes *running* malware is able to interfere with the scanners you're using to try to clean it and when you connect the HD externally to another machine the malware may not be able to run allowing for a more thorough cleaning of the infection.

the Monk

So, I have a slight problem, the malware killed IE completely. It also resets the connection every time I try to go to microsoft.com on a different browser.

No update allowed.

Grrrrr.

System Restore is being evil, and the most recent restore is half a year ago.

I shall try something else.

Format

Reinstall

Cant backup, but have over 6 gigs of personal mods.

have over 6 gigs of personal mods.

the most recent restore is half a year ago.

There is a lesson in there somewhere.

Good luck.

well thanks anyway

Find a friend who has a flash drive. Use their PC to download Malwarebytes, SpyBot S&D, and free Avast A/V.

Install these to your PC, starting with Malwarebytes. Do a full scan. Kill everything it finds. Reboot. Install/run SpyBot S&D, full scan, kill it all. Reboot. Install/run Avast, set it to run a boot time scan. Kill all it finds.

If you need to, do these things in safe mode. BTW, Have you tried booting into safe mode with networking to see if IE will work that way?

Then, when all is done. Open a command prompt in admin mode and type in sfc /scannow to see if any system files were damaged.

Once everything is normal, BACKUP your mods, turn off system restore, reboot, then turn system restore back on (this clears the restore points) .

Don't delete the restore points in disc cleanup, this gets rid of all but the most recent one. The most recent one may be full of malware/viruses. Using this restore point would do what? Restore the malware/viruses.

Doing it by turning system restore off, rebooting, then back on gets rid of ALL restore points.

Malwarebytes and Spybot

If one doesn't get it the other will.

Like someone already said, scan the registry with Hijackthis and then paste the log file here http://www.hijackthis.de/

Any entry with a red X or yellow question mark will need to be addressed.

All the things mentioned may well solve the problem, especially running sfc /scannow.

Then again you just may save some time and frustration by doing a reforment and reinstall from backup, which you may have to do after trying all the suggestions.

If this is not a primary computer that you need right away then time might not be a consideration.

Quoting Anthony R,

reply 14

Like someone already said, scan the registry with Hijackthis and then paste the log file here http://www.hijackthis.de/

Any entry with a red X or yellow question mark will need to be addressed.

HiJack this is a good app, but it won't show a red x or a yellow question mark. Only a list.

Ok, I just got off the internet, ran another scan and found that my java was infected.

I tried to reinstall it but it continues to block things like this.

Windows malicious software removal tool was also blocked.

I ran a second scan after updating Avira and found something about heuristics?

Should I delete Java?

Just deleting programs I don't think is going to do much good. If in fact you have some type of virus or malware it may not let you or leave behind some infection. You may just have to except that you are going to have to do a reformat and either a reinstall from your back up or a clean install. By what you are finding it doesn't look good.

I just ran a third scan and discovered a wealth of html corruptions.

I deleted Java and it isnt blocking anymore...

Quoting Syneptus,

reply 17

Ok, I just got off the internet, ran another scan and found that my java was infected.

I tried to reinstall it but it continues to block things like this.

Windows malicious software removal tool was also blocked.

I ran a second scan after updating Avira and found something about heuristics?

Should I delete Java?

Have you done as I suggested in reply number 12?

Have you tried running the blocked programs in safe mode?

Ya it doesn't look good...

Here is what I would do:

restart pc ( boot to safe mode)

run antivirus scan

run Malwarebytes scan

run Spybot S&D scan

run Ccleaner and run the registry scan

start menu > run in dialog box type msconfig > in the start up tab uncheck everything except the antivirus

reboot

If still not gone the last resort is to reformat and reinstall...( but at least the malware/virus will be gone).

I am still running through a scan now... I will do something else after the scan finishes.

I still cannot upload anything... I wonder what contributes to that.

I'd forget all the AV and malware scans.............Ask yourself a question...........You've been infected by a pretty nasty virus..........Are you ever going to be sure that its gone and won't rear its ugly face again?.............Will it start attacking your personal data again? Will it compromise your personal data? Has the machine or could the machine be hijacked............I'd quit messing around and format and reinstall

I'm reluctant to reformat...

Everyone is, but sometimes that is the best thing to do.

You can fool around trying to find the single corrupt file or bad reg entry for days, or much longer. Sometimes forever.

Or you can reinstall the OS fresh, update it, then install programs as you need them - in much less time. And it usually results in a much better running machine.

You can burn your critical data files to DVD's, or copy them to a flash drive or external hd. But once the OS has been compromised it can be next to impossible to fix it.

The Forums Are Now Closed!

The content will remain as a historical reference, thank you.

Need some help with my comp