MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Software Support arrow Operating Systems : Microsoft arrow Topic: Help unhijack my computer please
November 12, 2019, 03:56:42 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 12, 2019, 03:56:42 PM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Help unhijack my computer please  (Read 3289 times)
ihatetrojins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 4


Bookmark and Share

View Profile
« on: January 30, 2010, 03:40:38 AM »

 Sad I recently came down with a Trojan and I don't know how to get rid of it. Now it is very hard for me to start into regular windows. It takes several tries to start up into windows to get it to start up into windows. What it will do is start up. Then It gets to the flag and then goes to the black screen like it is supposed to do before I see the Blue Starting Windows Screen. But before it goes to the Blue starting windows screen the computer automatically restarts itself and it will keep doing that several times. I have to trick the computer by going into safe mode then restarting into regular windows. Going into the repair tool then restarting to go into windows just for it to go into regular windows. Some times I will see the Blue Start up screen then it quits and restarts also. But it starts up in safe mode just fine. Do you need me to install Hijack this and give you a Hijack this report?... I really do believe this is a hybrid version of the Downloader Trojan unlike the original Downloader Trojan that you probably already know about. Sense then I did run run the Malwarebytes program and managed to get rid of 10 different Trojans and sense then it has bean easyer for me to get into windows but my browser is still Hijacked. Both Mozilla Minefiled aka the latest FireFox in Alpha testing and Internet Explorer are hijacked. Periodically while I am on the computer it will give me an error "Windows must now restart because the Plug and Play Service Terminated Unexpectedly"

The Trojan came from this Website after I downloaded the 3 files from it. h t t p : / / billgable.com/sony-vegas-pro-9-0c-build-896-rapidshare-megaupload-keygen-serial-crack . h t m l. without spaces. I don't know what Keygen is and I don't know what a serial or the crack is for. But anyway I downloaded the 3 files and it installed the Downloader Trojan witch threatfire caught some of the bad Trojans but I don't know if it actually got rid of all of it or only some of it. Also I think it installed something else with it on my computer because no matter what browser and what search engine I use. When ever I click on a link in a search engine to go to that particular site I am automatically redirected to an add ware site... Weither that be to try to sell me an anti virus or what have you... But the Originating site is from the site above... Other people are having these same problems and have tried everything to get rid of it but couldn't. So this could end up being a serious problem..


Please help me get rid of this Trojan

Sincerely: ihatetrojins
Logged
ihatetrojins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 4


Bookmark and Share

View Profile
« Reply #1 on: February 03, 2010, 01:23:17 AM »

I am trying Malwarebytes now because when I run the Spyware Doctor it gets halfway through on the last scanning step then the computer restarts with that same error message every single time. When the computer restarts back up I get this message. Windows has recovered from an Unexpected Shutdown.
details of the shutdown.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82624417
BCP3: 807244E4
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini020210-03.dmp
C:\Users\Aaron\AppData\Local\Temp\WER-144690-0.sysdata.xml
C:\Users\Aaron\AppData\Local\Temp\WEREBB5.tmp.version.txt


I will attach the Unexpected Shutdown log files...

I also get this error after Windows Restarts as well..

Windows could not connect to the System Event Notification Service service. This problem prevents limited users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond.

The cause of the errors I believe is a Backdoor Trojan Horse or a Backdoor Virus..

P.S.  It wont let me upload the 2 files but it will only let me upload the one file...
Logged
ihatetrojins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 4


Bookmark and Share

View Profile
« Reply #2 on: February 03, 2010, 03:14:37 AM »

This is the first log of the first scan I did

Malwarebytes' Anti-Malware 1.44
Database version: 3658
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

1/29/2010 2:14:09 PM
mbam-log-2010-01-29 (14-14-09).txt

Scan type: Quick Scan
Objects scanned: 4
Time elapsed: 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Aaron\Desktop\new folder\0030.DLL (Spyware.Passwords) -> Quarantined and deleted successfully.
Logged
ihatetrojins
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 4


Bookmark and Share

View Profile
« Reply #3 on: February 03, 2010, 03:17:47 AM »

This is my Second Log of Malwarebytes scan I did.

Malwarebytes' Anti-Malware 1.44
Database version: 3658
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

1/29/2010 5:57:44 PM
mbam-log-2010-01-29 (17-57-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 272959
Time elapsed: 2 hour(s), 22 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\disableregedit (Hijack.Regedit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\spool\prtprocs\w32x86\151D.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\wexe.exe (Trojan.Small) -> Quarantined and deleted successfully.

It deleted these files but I am still having the redirect problem.  After this I upgraded to the latest Malwarebytes and was able to do a complete scan and it didn't find anything..
Logged
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 12, 2019, 06:21:08 AM