Author Topic: Need Help!! (Virus hijacks PC as soon as I connect to internet)  (Read 6779 times)

Offline JPBoston

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Need Help!! (Virus hijacks PC as soon as I connect to internet)
« on: January 02, 2012, 01:39:34 AM »
Hey there,

Really hoping you guys can help me out, before I'm forced to re-install windows.  (Vista, Laptop)

My laptop has been hit hard by some kind of virus.... all loads well until I connect to the internet, then the system becomes overloaded and I can't do a thing.  I can't even update Avast.  Pretty sure that when I am able to open Task Manager, no real major cpu or memory usage is shown, despite the "thinking" light being on, so steady its not even blinking.

I've run a bunch of anti-virus programs that I was able to get updated in Safe Mode, and Avast (without a fresh update) did a boot-time scan and found several things, but still the problem persists.  I did try downloading the update file on this Avast site and copying it over to the laptop so I could update that way... but the update application fails.

I'm sorry for lacking in more detail... not used to having to fight off a virus like this.  Let me know what info you need to help and I'll dig it up for you.

Thanks in advance!!

-Joe

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 729
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #1 on: January 02, 2012, 04:28:43 AM »
http://forum.avast.com/index.php?topic=53253.0

follow the above link to the guide and attach all the logs.

essexboy is notified and he will be here to help u.check back by night.

Offline JPBoston

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #2 on: January 03, 2012, 03:52:00 AM »
Thanks for the quick reply....

Here are the OTL log files (I'll do more as I can get free time tonight):




Offline Dim@rik

  • Poster
  • *
  • Posts: 663
  • Gender: Male
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #3 on: January 03, 2012, 08:53:02 AM »
Thanks for the quick reply....

Here are the OTL log files (I'll do more as I can get free time tonight):






Hello!

Your hosts file is not original.

I can advise you to use curing utility Dr.Web CureIt!

http://www.freedrweb.com/cureit/?lng=en

It restore the hosts file and check for viruses, but when you run the utility disconnect completely Avast, Avast blocks it.




Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21644
  • Gender: Male
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #4 on: January 03, 2012, 10:07:07 AM »
From your OTL log it seems you have avast and Microsoft Security Essentials installed   ???

never install multiple AV as this can/will create all kind of windows errors and false positive detections

read the reply from quietman7 here
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

it is recomended to run a removal tool so all leftovers from the AV you remove is gone


run and reboot - Uninstallers for Security Software
http://thewebatom.net/uninstallers/security-software/

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28899
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #5 on: January 03, 2012, 06:51:56 PM »
Hi the log looks OK which means it is something deeper

Download aswMBR.exe ( 1.8mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 



On completion of the scan click save log, save it to your desktop and post in your next reply



Offline JPBoston

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #6 on: January 03, 2012, 07:21:10 PM »
Awesome, thanks guys.  I'll get that new log posted asap.

For the record... I only installed Microsoft Security after the virus attack.  I was attempting all options possible.  ;)

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28899
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #7 on: January 03, 2012, 07:39:32 PM »
    If aswMBR should fail to run then do the following please

    Download
RogueKiller  to your desktop
 
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe  

Please post the contents of the RKreport.txt in your next Reply.
[/list]

Offline JPBoston

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #8 on: January 03, 2012, 08:25:21 PM »
Just ran ASW... seemed to get hung up (for 20 mins)near the end in a Windows Live folder... it was so long I  couldn't read the whole file path.

So I saved the log even though it hadn't finished... running it one more time to see if I can get a full scan and then I'll move on to Rogue Killer.

Abbreviated ASW log attached.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28899
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #9 on: January 03, 2012, 08:31:41 PM »
Did you install the somoto toolbar ?

Offline JPBoston

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #10 on: January 03, 2012, 08:48:45 PM »
Did you install the somoto toolbar ?

Definitely not on purpose (I hate any toolbar add-ons, and I'm pretty good at keeping them from sneaking on from other program installs)... A quick look at my program files doesn't show anything from Somoto.

ASW is hung up in the same area again... file path that I can read is:

C:\USERS\Joe\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wl....

(The "...." at the end meaning that the window isn't big enough to read further then that, and I don't seem to be able to expand the window at all).

ASW still seems to be running and "thinking", and the computer isn't locked up or anything, so I'll leave it alone this time and see if it moves past it.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28899
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #11 on: January 03, 2012, 08:58:02 PM »
OK lets kill the toolbar and see if that removes the problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    [2011/10/19 15:50:43 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\1mz8nlvo.JP\extensions\{652853ad-5592-4231-88c6-706613a52e61}
    [2011/10/19 15:50:36 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\h8a4y122.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
    O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
    O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
    O3 - HKU\S-1-5-21-2297640326-2697785836-1506157427-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    [2009/10/27 13:46:41 | 000,000,024 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
    [2008/08/08 18:21:25 | 000,000,024 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
    [2008/08/08 18:09:07 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
    [2010/09/13 20:04:54 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\ooVoo Details


    :Files
    ipconfig /flushdns /c
    C:\Program Files\somototoolbar
    C:\Program Files\AskBarDis

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline JPBoston

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #12 on: January 03, 2012, 09:09:25 PM »
Thanks, Essex!  I'll run that later tonight, as I'm about to leave the house and probably shouldn't let it sit too long after its run its course.

Thank you for the quick replies --- really hoping we dig this sucker out.  :)

PS --- Should I hold off on the Rogue Killer for now then?

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28899
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #13 on: January 03, 2012, 09:14:21 PM »
Aye sorry I was going to add that ... The main thing I was looking for in aswMBR is not present so there is no need for roguekiller  ;D

Offline CompTeach

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Need Help!! (Virus hijacks PC as soon as I connect to internet)
« Reply #14 on: January 03, 2012, 09:16:51 PM »
Have you tried disabling everything at start up using msconfig.exe
disable all startup items except avast go to safemode and run malware bytes

here are to tools to help you

Malwarbytes

https://store.malwarebytes.org/342/cookie?affiliate=1879&product=29945&redirectto=http://files7.majorgeeks.com/files/679635e8efe21e055ae3693f6145f298/spyware/mbam-setup-1.60.0.1800.exe

RogueKiller

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

run these and you should be ok

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now