This is the worst virus/malware I Have ever had and the first time I have had to seek advice for removal.
Here is HJT 2.0.2
StartupList report, 8/24/2008, 11:01:29 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Here is the HJT SCAN log
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 1015 AM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
First, it changed my desktop picture. The new picture was telling me my computer was infected lol.
Then A window popped up asking to install some kind of "anti virus". It had no cancel button, and could not be moved. Only an "AGREE/INSTALL" lol. I opened task manager and closed it.
So the first thing I do is open spybot. I run the update, it downloads and tries to connect to 127.0.0.1 for the install... which errors and fails. thinking it was a fluke I goto google to find spyboy and re-download...
only to find that it changes all of my google searches. Even if I copy the link its a long string of crap that sends me all over the place. So google fails. I goto download.com and download spybot from there, only to find the file corrupted. then I try downloading AVG... Corrupted. Whatever I have corrupts these files if I try to download, from firefox or IE i tried both.
So I find the spybot website and realize it also blocks websites. I cant even come to this forum from the infected computer, its blocked out. It blocks trend, norton, etc...
So to re-cap:
Corrupts anti-virus downloads
Redirects google searches
blocks websites associated with anti-malware
changed desktop picture
tried to install fake anti mal-ware program
ALSO Randomely freezes startup? I have to restard several times to get in.
Even safe mode freezes up.
So I come to an uninfected computer and download HJT, make a log bring the log back to this computer and here I am.
Yes I am planning a full restore, obviously I was just trying to avoid this if possible but can do easilly enough. I thought maybe you would have experience with this particular malicious pos
After some searching I realize I might need to get combofix, malwarebytes, javara, java runtime, and otscan it, I have downloaded all of these on my good computer (since infected computer wont connect to those sites) and I just need to run out and buy a blank CD to burn it all so I can bring it over to the infected one...
Because of the volume of posts to your own topic, it would have appeared you were already being assisted. Volunteer analysts look for topics with no response.
Computer Hijacked today, blocks S&D, blocks this website, corrupts AVG downloads, etc
Volunteer analysts look for topics with no response.