I cannot get spybot to install, I have virus of some sort not allowing it to install, it wont let me ms update, or go to any antivirus site. It even does this in safemode, I have xsoft and it wont allow it to run either. What do I do? I have a post in malware forum but nobody has ever helped me hjt log included. I had to rename the hjt for it to be able to run :( Thanks for any help please

Your thread in the Malware Removal Forums is here:
http://forums.spybot.info/showthread.php?t=41776
-
Do not respond to your own thread, because that is considered bumping and volunteers to will help you look for threads with zero replies.

Can you try renaming the default Spybot desktop icon?

Sorry, i wasnt trying to bump it. Spybot starts to install until it trys to connect to the net, thats when it is stopped, just like ms update, i can go to microsoft.com, but when i go to update it stops me. I was able to get this from nod32 later: win32/kryptik.cv trojan, moduleie.gs, sscantqs.exe, dc3/uninstall exe were removed but problem still there. Should I make a new post so it shows no replys? Thanks

Leave your post the way it is. It seems that you are infected and the malware is blocking your connection to Microsoft Updates.

No, you should not start a new one.

Ok thanks, Just trying to get a clue of what it is so i can research a fix. If anymore info is needed please let me know. Thanks

Since this is a trojan, I would strongly suggest you keep the infected machine from connecting to the Internet. This is because the trojan will use your connection to download more malicious components, so basically its a cycle, and cleaning them will bring them back again because they are downloaded again.

It seems the same thing happened to me guys. :sad: By the way, I have SSD version 1.5.2.

Today I'm surfing the net when up popped a firewall warning alerting me to a request to hijack my internet connection by a file called wjqs.exe or something similar. Of course I say deny. Next comes a SSD pop up asking me to verify the following change:


value "BootExecute" (new data: "autocheck autochk * ") changed in Session manager!
I have no clue what that is so I deny.

Next I notice my Internet pages taking longer loading. So I open Adaware to scan my system but it say Adaware can't connect to the server!!

Next I attempt to open SSD but it flashes quickly and disappears!! I try to Google these variants and when I click the Google results I am redirected to spyware sites!!

Notice I never try to install SSD 1.6.

So I install Malwarebytes and I reboot the computer to go into Safemode but guess what happens? My computer won't boot into safe mode!! It reboots normally but just hangs at the XP login screen after I input my password!!

After many attempts to log into safe mode, I finally get in and I choose Last Known Good Configuration.

Then I reboot normally and run Malwarebytes. Below is what it finds on my PC:


Two registry keys infected with tdssdata (Trojan.Agent)

Four dll files infected with Trojan.TDSS

One driver infected with Trojan.TDSS

Two temp files infected with Trojan.FakeAlert

One dll file infected with Rootkit.Agent

and various other files infected with downloader trojans!!


Once these were cleaned from my system I was able to open and run SSD successfully! :D:

Since this is a trojan, I would strongly suggest you keep the infected machine from connecting to the Internet. This is because the trojan will use your connection to download more malicious components, so basically its a cycle, and cleaning them will bring them back again because they are downloaded again.

drragostea is right. Before I cleaned my system thoroughly, I disconnected my internet from the PC so the trojans cannot make connections.

That prompt you are getting is because you've installed Lavasoft's AdAware.

That sounds exactly like what i have, nod32 is not finding anything now just alot of files errors, i have installed malwarebytes and it wont run even in safemode just like xsoft. not sure what to try

Luke, if there is no reply by tomorrow, you can post in the Waiting Room.
http://forums.spybot.info/showthread.php?t=1137
-