help.....I think I've been hit with deewoo and my computer has an open IEXPLORER window I can't close...my desktop icons show through without my normal wallpaper, there are no borders I can find, alt-f, alt-x has no effect
Task manager has been disabled
I managed to copy the HJTinstall file across my network.......but something is stopping the install
If I try to open a browser window I get the error message that it has encountered a problem and needs to close.

Anyone able to get me started in the right direction???

Thanks in advance!!!!!!!!!!!!

Hi caughtvirus

Try to install HijackThis in safe mode, reboot to normal mode and post back HijackThis log taken in normal mode, please :)

HI Shaba,

no luck, in safe mode ?? when I double click on HJTInstaller.exe I get the warning window "OPEN FILE - SECURITY WARNING" Do you want to run this file?
I click on run, the warning window goes away but nothing else appears to happen. Is there some place to look to see if it installed??

the HJTInstall.exe description from allowing the cursor to hover over the icon shows file version 1.0.0.1 793 KB. When I went to trendmirco to download it showed version 2.0.2 still 793 KB. Do I have the right executible?

Also, even in safe mode I am getting the same "virus" warning popups. Is there a way to know for sure I am in safe mode.

I am an inexperienced newbie when it comes to viruses!!! I would be totally lost with out this type of intervention.

Thank you for you help!!

Hi

Then do this.

1) Disconnect from internet (=unplug network cable)

2) Disable your antivirus

3) Try to now install HijackThis

Let me know how it went :)

Same thing.........double clicked HJTInstall.exe icon nothing happened.........

a few seconds later.......screen blinked (like a refresh) the icon was no longer highlighted.......

Thank you for your help!!!!!

Hi

Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.

I left out that I did get the same "open file window"...do you want to run this software?

I clicked on run and then same thing nothing, a few seconds later the screen blinked, HJT icon was no longer highlighted........and nothing else except the yellow popup boxes in the lower right corner......keep warning of internet attack even though it not connected to the net.


Again Thank you.........

I have no way of getting the DSS file......MAIN.TXT to you.

The EXTRA.TXT file was not created. I looked in the DSS folder under programs MAIN.TXT is there but not EXTRA.TXT.

The problem computer will only connect to select internet sites. I cannot get to this forum on the problem computer.

I tried to copy MAIN.TXT across my network to another computer which is how I was able to get DSS to the problem computer, but after running DSS when I copy and paste in the windows explorer window, I get the error message xxx(destination) is unaccessable.

Is it possible that a screen saver type program is running that is not showing up in the system tray or the bar at the bottom of the screen? If so, how can it be disabled.......also same question for Internet Explorer?

Thank you for your help!!!!!!!!!!

Hi

What do you exactly mean by this?

"Is it possible that a screen saver type program is running that is not showing up in the system tray or the bar at the bottom of the screen? If so, how can it be disabled.......also same question for Internet Explorer"

when the system reboots.........if I am fast enough to get the task bar at the bottom of the screen to come up it shows a screen saver tab/button I right click on it hit alt-f4 it closes........and I have a little time to work other wise.......


I end up with a entire screen filled with a blue background with a large textbox in the center of the screen warning viruses have been found, etc.........and I can not get out of it by any means I know except power down by means of holding down the power button until it goes off, after a count of 20 pressing the button again and starting back up.

I ask the same question about Internet Explorer, can it be running in background that I cannot see, if so where do I find it and how do I shut it down, because I have new programs installed "antivirusXP2008, malware" that I didn't do.
Again Thank You!!!!!!!!!!!

Hi

I see. Yes, it is possible but not likely.

Try to run this next:

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post combofix report

Hi again,

I double click on the ComboFix.exe icon on the desktop > the CF icon highlights/selected > get the arrow/hourglass cursor/ > the screen blinks (like a refresh) or a popup comes up > the CF icon in no longer selected and the cursor returns to the normal arrow...............nothing else happens

This happens in both normal and safe modes....................

anytime I three finger salute (ctrl,alt,del) the error "Taskmanager has been disabled by the administrator." is displayed


Again, Thank You

Hi

Try this next:

1) Rename combofix.exe to caught.exe and move it to c: root (c:\)
2) Boot computer and choose safe mode with command prompt from boot menu
3)Once you are in command prompt, type:
cd\ and enter
caught and enter
4) If combofix now starts and reboot, reboot back to safe mode with command prompt.
5)Reboot normally and post back a combofix log if successful.

Hello again,

I just want to be sure of the steps before I begin............

I understand the command prompt, type:
cd\ and enter
caught and enter

4) If combofix now starts and reboot, reboot back to safe mode with command prompt.

I think what you are wanting with the above is: If CF starts, let it run through its reboot, interrupt CF rebooting back to safe mode (once in safe mode I assume CF will continue automatically), when CF finishes and displays the log..........step 5 below....

5)Reboot normally and post back a combofix log if successful.

If that is correct then I will proceed, but it will be much later tonight or tomorrow. I to get ready for work.


Again Thank You for your help!!!!!!!!!!

Hi

Yes but choose safe mode with networking and not plain safe mode.

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.