There is a computer in my home that is majorly screwed up.

Basically, whatever has infected this computer has disabled Microsoft Security Center, disabled system restore, and won't let the user access anything that might be able to find the cause of this problem (hijack this, AVG, or any online virus scanner)... basically any program that might be able to determine the cause of the problem.

The only thing that the computer can do to scan itself is Spybot and it pulls up an entry with Fake MSN 8 Beta.

The user told me that a week or so ago, he received a message over MSN that read something like, is that you in the photo, providing a link. He says he clicked on the link, but didn't accept the file that it attempted to download.

So not only in addition to not letting the user do anything to scan the computer, it also goes to a different homepage than originally set Messenger Site wxx.messengersite.net/portal

Help please!!!

Hello.

Can you download HJT to a clean PC if one is available.

Instructions for producing a HJT log here:
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)


Burn to disc or load on floppy
Upload to infected machine
Place HJT into own folder
Run HJT on the infected PC and post the log you produce using the clean PC in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Then a helper will take a look at the logs as soon as available and give any further instructions necessary.

If you cannot do that please let us know and we will start off with a Spybot-S&D log.

Cheers.

I can't get HiJack this to initialize... well, it will start, but whatever the problem is on the computer will shut the program down again. I will post a SpyBot log file just as soon as I can.

Also, do you think that http://www.hijackthis.de/ really interprets the log file accurately?

Hi there.

Have you tried an on-line Anti Virus scanner as shown here:

"BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288)

In regards to your question.

Post #3 same topic:
http://forums.spybot.info/showpost.php?p=16208&postcount=3


I do not recommend attempting do-it-yourself using on-line HiJackThis analyzers if you are seeking one on one assistance.

While on-line analyzers may detect some infections, they may not take into account certain malware variants that should be removed in sequence and/or by using special tools.

If you have used an analyzer and 'fixed' items before requesting advice here, please inform your helper so they are aware.


In other words, in the hands of an inexperienced person it could make the cleanup that much harder for a trained malware removal helper.

That is not to say such programs are not worthwhile, but in the malware forum we do work one on one. ;)

Spybot-S&D Version 1.4 :Systems Supported (http://www.safer-networking.org/en/spybotsd/index.html )

If you do not have version 1.4 please let us know.

Close all browsers
Open SpyBot, check for and get any updates available
Check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
Uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select (near the top) view report.
Click export and in the 'save in' box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

If you cannot attach the Spybot-S&D log take as many posts as needed, however the instructions given usually produce manageable logs.