Whorbital
2009-02-12, 12:25
Removal Assistance : Tricky Malware
Hello all.
My poor computer seems to have caught something nasty. Whatever it is does the standard Spybot kill (won;t run, can'r access the basic website, etc), and redirects me from any google sreach result to a different than listed website. likely a clickthrough so whomever designed it can make money. Furthermore, I can only enter my harddrive using the rightclick-> explore option, cannot update or install windows components, and, worst of all, seems to have disabled my external CD drive from being able to read anything so I can;t do a fresh install of windows.
I am willing to destroy all data on the drive as nothing is essential, I just can't figure out how to a) get rid of the blocks so i can clean the system, or b) get it to allow the system CD to run so i can make a fresh install of windows. Here is the HijackThis log if it helps in some way
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:29 AM, on 2/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFF5F303-F7A8-4C24-B3EB-F3C978FF1ADE}: NameServer = 85.255.116.85,85.255.112.147
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 1263 bytes
I'm in a unique position in that I can afford to demolish all data on the system, I am just at my wits end trying to figure out how to get a foothold so I can begin.
Thank you in advance for responses of a computer skill level I could only dream of acheiving
Hello all.
My poor computer seems to have caught something nasty. Whatever it is does the standard Spybot kill (won;t run, can'r access the basic website, etc), and redirects me from any google sreach result to a different than listed website. likely a clickthrough so whomever designed it can make money. Furthermore, I can only enter my harddrive using the rightclick-> explore option, cannot update or install windows components, and, worst of all, seems to have disabled my external CD drive from being able to read anything so I can;t do a fresh install of windows.
I am willing to destroy all data on the drive as nothing is essential, I just can't figure out how to a) get rid of the blocks so i can clean the system, or b) get it to allow the system CD to run so i can make a fresh install of windows. Here is the HijackThis log if it helps in some way
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:29 AM, on 2/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFF5F303-F7A8-4C24-B3EB-F3C978FF1ADE}: NameServer = 85.255.116.85,85.255.112.147
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 1263 bytes
I'm in a unique position in that I can afford to demolish all data on the system, I am just at my wits end trying to figure out how to get a foothold so I can begin.
Thank you in advance for responses of a computer skill level I could only dream of acheiving