I'm having a serious, recurring problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Xandrus

Thread Starter
Joined
Jul 12, 2007
Messages
2
Hello there, a few days ago I had an issue with my computer that is now recurring. Here's what happened in a nutshell.

My girlfriend recieved a message from a friend of hers in Windows Messenger, with a hotlink. Because it was someone she knew, she clicked on it. Curious, she asked me and forwarded me the link as well. This has installed something in my computer I can't quite identify, and hers as well.

Anytime web pages are attempted to be opened, this malfunction redirects away from any security related websites (grisoft, ewido, symantec, etc), as well as repeatedly attempts to change the homepages of the web browser.

We have run Spybot and detected the following things, which Spybot had cleaned, but then came back.

Windows Defender also picked up SettingsModifier:Win32/PossibleHostsFileHijack.

After cleaning these things, after a period of time they would resurface at least once daily.

Obviously the scanners are picking up the symptoms, but not the source. Help please?

I've also been trying to use HijackThis to get a log, but for some reason anytime I try to open it to perform the scan, or retrieve the log from the directory to paste here, my screen will flash blank and then reload with everything closed down but otherwise operating normally. Suggestions?

If it helps, this was the hotlink from the message:
http://www.impichost.net/[email protected]

My suspicion is that this program hijacks the contact lists of whoever it's infected, and spams messages to others on the contact lists thus propagating itself that way.
 

Attachments

Xandrus

Thread Starter
Joined
Jul 12, 2007
Messages
2
There we go got the HijackThis log up on there as well, I had to upload via exploring any other way trying to copy/paste wasn't working.
 
Joined
Sep 7, 2004
Messages
49,014
Please post the logs in quick reply - NOT attach

Please Download MsnVirRem.exe to your desktop from one of the following sites.
http://downloads.malwareremoval.com/MsnVirRem.exe
http://www.thespykiller.co.uk/index...326d76342249f3027e9f82b&action=tpmod;dl=item9
http://www.greyknight17.com/spy/MsnVirRem.exe

· First close any other programs you have running as this will require a reboot
· Double click MsnVirRem.exe to run it
· Once open, click the button labelled "Search and Destroy"
<<Your computer will now be scanned for Infected Files>>
· When scanning is finished you will be prompted to reboot only if infected, Click OK
· Now click the "REBOOT" Button.
· After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
· A Message should popup from MsnVirRem if not, double click the program again and it will finish

Please Post the contents of C:\msnvirrem.log
===============

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

This will take some time!!!!!!!!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top