I think my registry is f*ed up. I need help. I keep getting mad popups and my desktop keeps resetting itself to some warning page. Basically Im infected and I cant fix it.
C:\WINDOWS\system32\spywarewarning.mht is what my internet homepage keeps getting reset to. My desktop keeps reappearing as a blue page with the writing Warning:Spyware Threat has been detected on your PC.
I keep getting told that I may have been infected with spyware.cyberlog-x and 20 some other trojans.
I have run adaware, spyware doctor.... Im sure its in the registry and pretty sure its malware. It wont let me erase it. It keeps hijacking my browser so running a hijackthis is hard as hell because it wont connect properly. Im not fluent in hijackthis so I dont wanna go to gung ho.
Help me please.
Help please
-
Killjingle
- Diamond Member
- Posts: 1714
- Joined: Tuesday Dec 10, 2002
- Location: Elton
- Contact:
Help please
Everyone wants to go to heaven but noone wants to die
-
lonewolf
- Diamond Member
- Posts: 6249
- Joined: Thursday Sep 25, 2003
- Location: Anywhere, Earth
- Contact:
Try Spybot Search & Destroy.
http://www.safer-networking.org/en/index.html
If that won't do it, the only thing I can think of is Hijackthis. You need to have it downloaded on your computer and run it in safe mode.
http://www.safer-networking.org/en/index.html
If that won't do it, the only thing I can think of is Hijackthis. You need to have it downloaded on your computer and run it in safe mode.
...Oh, the freedom of the day that yielded to no rule or time...
-
Killjingle
- Diamond Member
- Posts: 1714
- Joined: Tuesday Dec 10, 2002
- Location: Elton
- Contact:
-
lonewolf
- Diamond Member
- Posts: 6249
- Joined: Thursday Sep 25, 2003
- Location: Anywhere, Earth
- Contact:
Here is something that might take care of this:
http://www.precisesecurity.com/tools-re ... tfraudfix/
Download it and run it according to the removal procedure listed below the download. If the Smitfraudfix is blocked, you can rename it to FIXIT.exe and run it.
If that doesn't work, try using Hijackthis:
Here are the processes:
%CurrentFolder%\smmain.exe
%CurrentFolder%\spunst.exe
%ProgramFiles%\Video ActiveX Access\iesmin.exe
%CurrentFolder%\smunst.exe
%CurrentFolder%\smmon.exe
DLLs:
%CurrentFolder%\splug.dll
CurrentFolder = System folder = C:\Windows\System32 for Windows XP
Registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\”rare” = “%CurrentFolder%\smmain.exe”
HKEY_CURRENT_USER\Software\Protection Tools\”65005″ = “1″
HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02}
http://www.precisesecurity.com/tools-re ... tfraudfix/
Download it and run it according to the removal procedure listed below the download. If the Smitfraudfix is blocked, you can rename it to FIXIT.exe and run it.
If that doesn't work, try using Hijackthis:
Here are the processes:
%CurrentFolder%\smmain.exe
%CurrentFolder%\spunst.exe
%ProgramFiles%\Video ActiveX Access\iesmin.exe
%CurrentFolder%\smunst.exe
%CurrentFolder%\smmon.exe
DLLs:
%CurrentFolder%\splug.dll
CurrentFolder = System folder = C:\Windows\System32 for Windows XP
Registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\”rare” = “%CurrentFolder%\smmain.exe”
HKEY_CURRENT_USER\Software\Protection Tools\”65005″ = “1″
HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02}
...Oh, the freedom of the day that yielded to no rule or time...
-
Killjingle
- Diamond Member
- Posts: 1714
- Joined: Tuesday Dec 10, 2002
- Location: Elton
- Contact:
-
bassist4life2004
- Diamond Member
- Posts: 1050
- Joined: Wednesday Nov 17, 2004
- Location: Milroy, PA
- Contact:
Chad there are some new nasty trojans out there right now. I got one on my work laptop a few weeks ago that got past our daily updated virus protection and caused me to eventually reformat after wrestling with it for a few days. Luckily I back everything up.
The one you have sounds a lot like it. Here are a few things it would not let me do:
Start in safe mode
Access the registry editor
Access the task manager (it was grayed out when I hit cntrol-alt-delete)
I even tried pulling the laptop drive, connecting it with an adapter to another machine and running several anti-virus programs on it (so the OS running the anti-virus wasn't the infected one). The anti-virus programs could find them but couldn't clean them.
The only good thing was that it did allow me to copy files to a USB drive without infecting them, so if you have files on the infected laptop that you want to save, you should be able to save them if you have access to a USB drive.
The one you have sounds a lot like it. Here are a few things it would not let me do:
Start in safe mode
Access the registry editor
Access the task manager (it was grayed out when I hit cntrol-alt-delete)
I even tried pulling the laptop drive, connecting it with an adapter to another machine and running several anti-virus programs on it (so the OS running the anti-virus wasn't the infected one). The anti-virus programs could find them but couldn't clean them.
The only good thing was that it did allow me to copy files to a USB drive without infecting them, so if you have files on the infected laptop that you want to save, you should be able to save them if you have access to a USB drive.
... and then the wheel fell off.
-
Killjingle
- Diamond Member
- Posts: 1714
- Joined: Tuesday Dec 10, 2002
- Location: Elton
- Contact:
Looks like the same thing I just had in my computer. My spyware and antivirus programs couldn't get it. My task manager got disabled by it. I kept getting these "your computer is infected with spyware" messages. Had the same desktop pic as you. IT EFFING SUCKED! I had to wipe everything out and reinstall. I believe the name that came up on my virus and spyware scans was Virtumonde. That sux bro. Still don't know exactly how I got it.
-
Killjingle
- Diamond Member
- Posts: 1714
- Joined: Tuesday Dec 10, 2002
- Location: Elton
- Contact: