MapMistress
2012-09-08, 15:02
Hello,
I've had a problem with some sort of malware-hijacker or spyware on my computer for 3 weeks now. I've even tried overwriting the harddrive in every possible format, Windows, DOS, filling the drive with zeros and then reformatting the drive and installing a new operating system. But whatever it is, that doesn't seem to work either.
I realize that I reinstall Win98, old OS, but relatively few malware works on such an old OS which is why I like to use it. But this one has me stumped and it is literally deleting parts of Spybot Search & Destroy software so that I can't quite figure out what it is to remove.
I'll get really detailed as I've kept detailed handwritten notes of what components of Spybot it has deleted.
DETAILS OF WHAT COMPONENTS OF SPYBOT ARE DELETED
#1) I downloaded two older versions of Spybot from OldApps.com. The first didn't work (not enough memory on my computer for 1.6.2). So I downloaded a 2nd which was version 1.4.
#2) When I began the installation process, something was already wrong during the 2nd download for the install. In the section of the install which read Current File and Overall process it displayed a series of characters.
Current File Progress $öÄ(double bars)KB of ¼ÿ(triple bars)ú¿ñ KB (¼ÿÄ(triple bars)ú¿ñ%)
#3) When the 2nd portion of download completed, I opted to get the rest of .sbi files before 1st boot of program, so they were instantly downloaded and I started the program for the 1st time.
#4) On first scan, it did detect both
CoolWWWSearch.Leftovers
Fraud:UltraAntivir2009
Both of which were supposed to have been removed. But there was a 3rd problem, I began getting error messages during the scan, like something was blocking the scan or deleting scan files from within the .sbi files of Spybot. From the Sep-5-2012 download of the "includes".
Error messages read:
There were problems in the include file C:\PROGRAM FILES\SPYBOT - SEARCH_DESTROY\Includes\Adware.sbi.
See 'Include errors.log' for details.
The specific files omitted giving error messages from the Spybot first boot scan were:
3581 of 169613 in the Adware.sbi
4982 of 169613 in the AdwareC.sbi
33977 of 169613 in the Hijackers.sbi
95432 of 169613 in the Malware.sbi
97231 of 169613 in the MalwareC.sbi
131001 of 169613 in the PUPS.sbi
132511 of 169613 in the PUPSC.sbi
141954 of 169613 in the Spyware.sbi
145465 of 169613 in the TrojansC-03.sbi
151523 of 169613 in the TrojansC-04.sbi
#5) I went into Advanced options and tried to have a look at the different .sbi files and I'll admit that at that point in time, there was a list of files in the different Trojan.sbi's-- all of them. I tried a few more scans and each came up clean. But on the third scan I began getting memory error messages and had to Alt-Ctrl-Delete to close the program. It was saying "Not enough memory resources". And I had closed out every program in operation, except Windows Explorer.
#6) On 2nd reboot, I went back into Advanced options to have a look at what the names of the scanned files might be in all those .sbi files. BUT. Some of the entire files were then empty. Nothing in them anymore. Specifically all the Trojan scan files were gone. Trojans.sbi was empty. TrojansC.sbi was empty. TrojansC-02.sbi was empty. TrojansC-05.sbi was empty.
Another odd thing about 2nd reboot is that some program autochecked two programs to "ignore" in the PUPS.sbi. The autochecked "ignore" files, were CDilla and Side Step.
#7) Tried to uninstall program from Control Panel in so I could reinstall and redownload. Wouldn't uninstall. Froze up computer. So I did a Cyberscrub-Gutmann of whole program (including files in Applications folder).
#8) I started up the 1st part of Spybot install again, to redownload the 2nd portion of download. Same thing as before. Only this time I did first boot of program before downloading the .sbi files (includes.exe). When I downloaded the includes.exe (this time from a different server), it immediately gave me memory error messages and I had to close out program and restart. Upon 2nd boot of program, again, all the Trojan .sbi files were empty, even though fully downloaded.
So I figure that whatever is on my computer is somehow stopping Spybot from scanning for it, giving the error messages during the scan and then on 2nd reboot of Spybot, all Trojan .sbi files are deleted. And once again, in the PUPS.sbi section, CDilla and Side Step were checked to "ignore". I didn't check those files myself, so it must have been automated on the Trojans .sbi files delete.
Can anyone tell me what these files are in each of the .sbi's error messages so I can figure out what I have on my computer?
3581 of 169613 in the Adware.sbi
4982 of 169613 in the AdwareC.sbi
33977 of 169613 in the Hijackers.sbi
95432 of 169613 in the Malware.sbi
97231 of 169613 in the MalwareC.sbi
131001 of 169613 in the PUPS.sbi
132511 of 169613 in the PUPSC.sbi
141954 of 169613 in the Spyware.sbi
145465 of 169613 in the TrojansC-03.sbi
151523 of 169613 in the TrojansC-04.sbi
Any suggestions? I've already overwritten the harddrive in Windows, DOS, filled it with zeros wiping the partitions, reformatted partitions and reinstalled the OS......TWICE, and not even that gets rid of what this is. Even wiped the BIOS for 48 hours and switched out memory chips to clean memory chips. That doesn't seem to help either.
Any suggestions would truly be appreciated as I've been at this for 3 weeks.
Please help or tell me what this is so I can remove it from my harddrive. I know Blog.com blocks my browser completely from logging in telling me malware is on my computer. I can't log in or view anyone's blogs. And I tried to ask them, but got no response to what name of program of malware that they were blocking. Do you have any idea? Since this is what it does to Spybot, deleting or stopping certain scans within the .sbi files?
On final note:
IPs that tried to send "Red Packets" thru my firewall during Spybot downloads were.
210.177.15.244 on 1st download
159.253.133.130 on 2nd download
222.186.27.87 when logging into forum to post this
I've had a problem with some sort of malware-hijacker or spyware on my computer for 3 weeks now. I've even tried overwriting the harddrive in every possible format, Windows, DOS, filling the drive with zeros and then reformatting the drive and installing a new operating system. But whatever it is, that doesn't seem to work either.
I realize that I reinstall Win98, old OS, but relatively few malware works on such an old OS which is why I like to use it. But this one has me stumped and it is literally deleting parts of Spybot Search & Destroy software so that I can't quite figure out what it is to remove.
I'll get really detailed as I've kept detailed handwritten notes of what components of Spybot it has deleted.
DETAILS OF WHAT COMPONENTS OF SPYBOT ARE DELETED
#1) I downloaded two older versions of Spybot from OldApps.com. The first didn't work (not enough memory on my computer for 1.6.2). So I downloaded a 2nd which was version 1.4.
#2) When I began the installation process, something was already wrong during the 2nd download for the install. In the section of the install which read Current File and Overall process it displayed a series of characters.
Current File Progress $öÄ(double bars)KB of ¼ÿ(triple bars)ú¿ñ KB (¼ÿÄ(triple bars)ú¿ñ%)
#3) When the 2nd portion of download completed, I opted to get the rest of .sbi files before 1st boot of program, so they were instantly downloaded and I started the program for the 1st time.
#4) On first scan, it did detect both
CoolWWWSearch.Leftovers
Fraud:UltraAntivir2009
Both of which were supposed to have been removed. But there was a 3rd problem, I began getting error messages during the scan, like something was blocking the scan or deleting scan files from within the .sbi files of Spybot. From the Sep-5-2012 download of the "includes".
Error messages read:
There were problems in the include file C:\PROGRAM FILES\SPYBOT - SEARCH_DESTROY\Includes\Adware.sbi.
See 'Include errors.log' for details.
The specific files omitted giving error messages from the Spybot first boot scan were:
3581 of 169613 in the Adware.sbi
4982 of 169613 in the AdwareC.sbi
33977 of 169613 in the Hijackers.sbi
95432 of 169613 in the Malware.sbi
97231 of 169613 in the MalwareC.sbi
131001 of 169613 in the PUPS.sbi
132511 of 169613 in the PUPSC.sbi
141954 of 169613 in the Spyware.sbi
145465 of 169613 in the TrojansC-03.sbi
151523 of 169613 in the TrojansC-04.sbi
#5) I went into Advanced options and tried to have a look at the different .sbi files and I'll admit that at that point in time, there was a list of files in the different Trojan.sbi's-- all of them. I tried a few more scans and each came up clean. But on the third scan I began getting memory error messages and had to Alt-Ctrl-Delete to close the program. It was saying "Not enough memory resources". And I had closed out every program in operation, except Windows Explorer.
#6) On 2nd reboot, I went back into Advanced options to have a look at what the names of the scanned files might be in all those .sbi files. BUT. Some of the entire files were then empty. Nothing in them anymore. Specifically all the Trojan scan files were gone. Trojans.sbi was empty. TrojansC.sbi was empty. TrojansC-02.sbi was empty. TrojansC-05.sbi was empty.
Another odd thing about 2nd reboot is that some program autochecked two programs to "ignore" in the PUPS.sbi. The autochecked "ignore" files, were CDilla and Side Step.
#7) Tried to uninstall program from Control Panel in so I could reinstall and redownload. Wouldn't uninstall. Froze up computer. So I did a Cyberscrub-Gutmann of whole program (including files in Applications folder).
#8) I started up the 1st part of Spybot install again, to redownload the 2nd portion of download. Same thing as before. Only this time I did first boot of program before downloading the .sbi files (includes.exe). When I downloaded the includes.exe (this time from a different server), it immediately gave me memory error messages and I had to close out program and restart. Upon 2nd boot of program, again, all the Trojan .sbi files were empty, even though fully downloaded.
So I figure that whatever is on my computer is somehow stopping Spybot from scanning for it, giving the error messages during the scan and then on 2nd reboot of Spybot, all Trojan .sbi files are deleted. And once again, in the PUPS.sbi section, CDilla and Side Step were checked to "ignore". I didn't check those files myself, so it must have been automated on the Trojans .sbi files delete.
Can anyone tell me what these files are in each of the .sbi's error messages so I can figure out what I have on my computer?
3581 of 169613 in the Adware.sbi
4982 of 169613 in the AdwareC.sbi
33977 of 169613 in the Hijackers.sbi
95432 of 169613 in the Malware.sbi
97231 of 169613 in the MalwareC.sbi
131001 of 169613 in the PUPS.sbi
132511 of 169613 in the PUPSC.sbi
141954 of 169613 in the Spyware.sbi
145465 of 169613 in the TrojansC-03.sbi
151523 of 169613 in the TrojansC-04.sbi
Any suggestions? I've already overwritten the harddrive in Windows, DOS, filled it with zeros wiping the partitions, reformatted partitions and reinstalled the OS......TWICE, and not even that gets rid of what this is. Even wiped the BIOS for 48 hours and switched out memory chips to clean memory chips. That doesn't seem to help either.
Any suggestions would truly be appreciated as I've been at this for 3 weeks.
Please help or tell me what this is so I can remove it from my harddrive. I know Blog.com blocks my browser completely from logging in telling me malware is on my computer. I can't log in or view anyone's blogs. And I tried to ask them, but got no response to what name of program of malware that they were blocking. Do you have any idea? Since this is what it does to Spybot, deleting or stopping certain scans within the .sbi files?
On final note:
IPs that tried to send "Red Packets" thru my firewall during Spybot downloads were.
210.177.15.244 on 1st download
159.253.133.130 on 2nd download
222.186.27.87 when logging into forum to post this