View Full Version : Infected and can't install spybot or run ERUNT
Running XP infected with a hijack which redirects to epoclick and others. The malware blocks access to spybot server with: Error Sending Request
Server name or address could not be resolved
shelf life
2010-11-25, 15:24
hi chitema,
Sorry for the delay, no shortage of posters. If you still need help reply back.
Hi, no worries. I am still infected and can't do anything about it. I have installed Avast and it is blocking some of the pages but it is still hijacking my browser.
I can't install Spybot as it is blocking the server.
shelf life
2010-11-26, 01:56
ok we will get two downloads to use. The first is called combofix. There is a guide you need to read first before using it. Read the guide then apply the directions on your own machine. Post the log in your reply. Next is Malwarebytes. Links:
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
If you cant run either one while in 'normal" mode for some reason you can try running them in safe mode. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option from the list: safe mode, log in to your usual account. When at the safe mode desktop try running them.
Thanks a lot, that seems to have worked, I can even log on to this forum! The log is attached. Do I have to do anything else?
shelf life
2010-11-28, 04:04
You ran Combofix? Did you reboot after Malwarebytes was finished with its scan?
Stupidly I saved the log before I told Malwarebytes to fix the problems, here is the new log. It seems to be fixed though.
Yes, I ran Combofix and rebooted after the Malwarebytes scan was finished.
shelf life
2010-11-28, 19:35
Can you post the combofix log. Look in your root drive C:Combofix.txt and see if you spot it.
Here it is. The problem is not solved, I am still getting hijacked.
shelf life
2010-12-01, 00:17
I am still getting hijacked. I see that in the combofix log.
We will get another download to use:
Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.
Once the scan completes you can click the continue button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
"After clicking Next, the utility applies selected actions and outputs the result."
"A reboot might require after disinfection."
A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Please copy and paste the log results in your reply.
This thread has been archived due to inactivity.
As it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. If you still require help, please start a new topic and include a DDS log with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.