malware stopping spybot & comodo firewall. simplified talk thru would be lovely

[sundancepete]

hello, ive read through many of the other posts that cover this problem but im getting a bit lost. The first thing people are posting is a highjack log, i dont know how to do this so I guess thats where ill start off with asking??

the symptoms like everyone elses ive read are I cant run spybot, tried reinstalling on safe mode to no avail. My comodo firewall cant update, and its virus scanner crashes.
Many web pages are rediredted by something called advert tracker i think and wont open pages.

If someone can run me throught what to do here id be very greatfull, but keep it simple. I have a general knowlage but the grandest thing ive ever manbaged to do is install a soundcard & reinstall windows. So go easy please

i dont know what you need to know in terms of what im running..
pete

[pskelley]

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hi Pete, please take the time to read and carefully follow the directions pinned (sticky) to the top of this forum and posted above. Then post the HijackThis log as is plainly described in those directions.

I suggest you read all of the pinned (sticky) topics, they are there for your benefit.

Thanks...Phil

[sundancepete]

super thanks for replying, i had glanced over them this morning but have now read over it all. so first off
I have backed up the registry with erunt.
HJTInstall.exe dosn't appear to work, i think the suspect problem is blocking this working as it is with spybot & comodo. I think i read on another post about renaming the file & it will run? shall i do this before we proceed...

[pskelley]

Pete, the hackers are trying to make it hard for you to clean the computer, likely they want to get you to buy a worthless rouge product, that is the source of the problem to start with. Let's see if we can get combofix to run and come back to HJT.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/comb...o-use-combofix

First, see if it will run as posted, if it will not then try this:

You must rename it before saving it, save it to your Desktop.



Thanks...Phil

[sundancepete]

mmm combo fix will not run either.. plan C?

[pskelley]

I have no endless list of plans, if you can not get the tools to run, your option is to reformat the computer. Try booting into safe mode and see if combofix will run there.
http://spyware-free.us/tutorials/safemode/

Keep in mind also that this information is available to the folks who hacked you and they have limitless time and unlimited $$$ to do this.

[sundancepete]

really is that my only option a total reformat?? that sucks, well i guess if i cant get any of the afore mentioned programs to run even in safe mode then i guess thats that.
thatnks for your time & reply.
pete

[sundancepete]

hi well this is me afsresh after the reinstall. I got everything back installed and have comodo avast & sybot on the go. When i put the external harddrive back in it all went a bit nuts but avast sorted that out. Now i have things hopefully clean shall i post my log again now things are working maybe you could tell me if there is anything amiss. I have run spybot & avast it al seems clear..

thanks again, pete

[pskelley]

I'd be glad to look at the HJT log, it should be clean after a reformat. You will need to install HJT to do this:

Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com...HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.


Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg