1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I'm having a serious, recurring problem

Discussion in 'Virus & Other Malware Removal' started by Xandrus, Jul 12, 2007.

Thread Status:
Not open for further replies.
  1. Xandrus

    Xandrus Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    2
    Hello there, a few days ago I had an issue with my computer that is now recurring. Here's what happened in a nutshell.

    My girlfriend recieved a message from a friend of hers in Windows Messenger, with a hotlink. Because it was someone she knew, she clicked on it. Curious, she asked me and forwarded me the link as well. This has installed something in my computer I can't quite identify, and hers as well.

    Anytime web pages are attempted to be opened, this malfunction redirects away from any security related websites (grisoft, ewido, symantec, etc), as well as repeatedly attempts to change the homepages of the web browser.

    We have run Spybot and detected the following things, which Spybot had cleaned, but then came back.

    Windows Defender also picked up SettingsModifier:Win32/PossibleHostsFileHijack.

    After cleaning these things, after a period of time they would resurface at least once daily.

    Obviously the scanners are picking up the symptoms, but not the source. Help please?

    I've also been trying to use HijackThis to get a log, but for some reason anytime I try to open it to perform the scan, or retrieve the log from the directory to paste here, my screen will flash blank and then reload with everything closed down but otherwise operating normally. Suggestions?

    If it helps, this was the hotlink from the message:
    http://www.impichost.net/[email protected]

    My suspicion is that this program hijacks the contact lists of whoever it's infected, and spams messages to others on the contact lists thus propagating itself that way.
     

    Attached Files:

  2. Xandrus

    Xandrus Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    2
    There we go got the HijackThis log up on there as well, I had to upload via exploring any other way trying to copy/paste wasn't working.
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please post the logs in quick reply - NOT attach

    Please Download MsnVirRem.exe to your desktop from one of the following sites.
    http://downloads.malwareremoval.com/MsnVirRem.exe
    http://www.thespykiller.co.uk/index...326d76342249f3027e9f82b&action=tpmod;dl=item9
    http://www.greyknight17.com/spy/MsnVirRem.exe

    · First close any other programs you have running as this will require a reboot
    · Double click MsnVirRem.exe to run it
    · Once open, click the button labelled "Search and Destroy"
    <<Your computer will now be scanned for Infected Files>>
    · When scanning is finished you will be prompted to reboot only if infected, Click OK
    · Now click the "REBOOT" Button.
    · After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
    · A Message should popup from MsnVirRem if not, double click the program again and it will finish

    Please Post the contents of C:\msnvirrem.log
    ===============

    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595121

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice