Please Help Me ! ! ! Im New ! ! !

[cleverboy123]

Hi People I have been looking around these forums and It seems a though this the one of the largest forums aroound. Anyway I have Quite a Big Problem with spyware at the moment and need your Help to fix it ! ! !

I have been getting a huge ammount of port and network attacks and my Sygate firewall keeps telling me that My network is being accessed from another remote computer and Is being attacked many times with port Attacks. I have saved the logs and have the IP addresses of these attackers and was going o report them but much to my despair they may be using a Proxy Server.

Also I think It has disabled me from going to security realted sites like norton antivirus and McAfee etc.

Also I have been lately been experiencing slow reboots, Freezes and many Microsoft error messages. My Antivirus seems to be telling me that I have bloodhound.exploit.6 on my computer and many other unknown viruses.

Please Help Me Through This Problem

Greatest Thanks

[WinAntiVirus_Guy]

Hi

Looking through your post I make some conclusions and want to propose you next steps:

1. Patch from that exploit which you catch:

http://www.microsoft.com/technet/sec.../ms04-013.mspx

It is official Microsoft patch.

2. You have Firewall and Antivirus on your comp, I see they didnt help U... Its a pity. I reccomend you to use newest version of Antivirus to prevent such situations. Or if you already have it - update your bases...

Most important notice to you - install good firewall on your computer. It will help you to prevent such situations with smb on your computer.

Now you need to make full scan of your computer and remove all malwares you have.

If there some more questions - ask.

[cleverboy123]

Hi there m8 thanks for the quick reply !

I have downloaded the patch already but i am currently unable to access the microsoft website as it keeps redirecting me to a funny lookin search engine !

I have Anti-Vir
AVG
Norton Antivirus
Trend Micro Antivirus

I have updated each one to the latest update but the problem is that it cant disinfect it it has no rpoblem with finding it. It also deletes he files but somehow they come back !

The File affected is called TWUNK_16 and has the bratle.b virus . It also has a load of other suspicious files and unknown viruses. Some of the infected files appear to be Trojans.

http://securityresponse.symantec.com...n.tooso.l.html

Another thing about this is that it prevents me from accesing security related sites. (eg.microsoft-anivirus)

My firewall is currently Sygate and is working fine but i still seem to be gettin attacked from remote computers on ports.

I have done another scan but no luck the same result.

Hope you can help me

thanks

[Blackspear]

Hi cleverboy123 welcome to Wilders.

You will need to download and run “Hijack This” found here and post your log at one of the HijackThis Specialist Forums, the two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

Once your system is clean I would suggest that you take a look here: Why did I get infected in the first place? Also, for further information on security and how to make your system that much stronger, see here, as well there are discussions here and even more here.

Hope this helps...

Let us know how you go.

Cheers

[cleverboy123]

there seems to be no problem with my log though !

any other suggestions ??

Thanks for your help anyway !

[cleverboy123]

Also any1 know what bloodhound.exploit.6 is it keeps tellin me norton.

please help me thx

[ronjor]

Quote:

If Norton Antivirus' AutoProtect Settings are set to High for Bloodhound, the program will produce false positives for many files. The default level is recommended for most protection.

http://www.pchell.com/virus/bloodhound.shtml

[ravin]

download a trial of ewido and webroot's spyweeper and remove anthing found. also since you have trendmicro go to thier homepage and do a search on system cleaner it's easy to create and run - should fix probs.

Hi Thanks I have done as requested but it keeps coming back after a rebboot !

Any other suggestions ? plz

[ronjor]

Try turning off system restore and reboot into the safe mode and do a scan.

http://www.pchell.com/support/safemode.shtml

already tried that it says file unable to delete error message !

Dou think that there is any possibility left ! plz say yes !

[ronjor]

http://www.claymania.com/removal-trojan-adware.html

already tried those m8 they keep comin back after a reboot !

Reformatting should i come to !

[ronjor]

http://www.wilderssecurity.com/showthread.php?t=50662

Reformat if you must.

actually i need real time help cos reformattin will loose my settings all these years. Something can come from nothing dont you think ronjor. I appreciate all your help ! thx

[ronjor]

All that can be recommended is you post a hijack log as suggested in post four.

[ravin]

try downloading avast home free and it's downloadable detection database. boot into safe mode and turn off system restore. then install avast - should prompt for scan on next boot - select yes. if not caught during reboot go back into safe mode install the updated database signatures you downloaded and schedule another scan on boot. worth a try before reformattin.

[Vikorr]

It appears that some spyware has infected your Hosts file (among other things). The infection of the Hosts file is the reason you are getting redirected from certain sites to other sites. You will need to edit the Hosts file with wordpad. It's found in c:\windows\system32\drivers\etc

If you don't know what a hosts file is, when you open it, delete everything except 'localhost 127.0.01'

Also, have you tried running programs like CWShredder ? (as what you describe is similar to CWS spyware behaviour...but other spyware could do the same). It's one of the harder pieces of spyware to remove. Some newer versions are coming with coding to hide them from scanners (CWShredder may not remove the lastest versions of CWS, as it is no longer being updated - last I heard)

Another thing that may be worth trying is Kaspersky Antivirus who have a free online scanner at www.kaspersky.com

You may also want to try
Ewido antitrojan (free) at www.ewido.com
Microsoft Antispyware (free) http://www.microsoft.com/athome/secu...e/default.mspx

Hope they help.

[Blackspear]

Quote:

Originally Posted by cleverboy123

there seems to be no problem with my log though !

What specialist forum have you posted your log at?

Cheers

[The Hammer]

Quote:

Originally Posted by Vikorr

It appears that some spyware has infected your Hosts file (among other things). The infection of the Hosts file is the reason you are getting redirected from certain sites to other sites. You will need to edit the Hosts file with wordpad. It's found in c:\windows\system32\drivers\etc

If you don't know what a hosts file is, when you open it, delete everything except 'localhost 127.0.01'

Also, have you tried running programs like CWShredder ? (as what you describe is similar to CWS spyware behaviour...but other spyware could do the same). It's one of the harder pieces of spyware to remove. Some newer versions are coming with coding to hide them from scanners (CWShredder may not remove the lastest versions of CWS, as it is no longer being updated - last I heard)

Another thing that may be worth trying is Kaspersky Antivirus who have a free online scanner at www.kaspersky.com

You may also want to try
Ewido antitrojan (free) at www.ewido.com
Microsoft Antispyware (free) http://www.microsoft.com/athome/secu...e/default.mspx

Hope they help.

CWS is still being updadated. It is now owned by Trend Micro but still free. Latest version 2.15.

[cleverboy123]

Hi there People,

I have as you said removed all entries but 127.0.0.1 from my hosts file and it seems to stop the redirecting. I cannot downlaod those CW files because i cant for some reason comlete it fully it stops somewhere in the middle.

Blackspear i have posted my log in that Spywareinfo forum but i am waiting for a rely however i have also posted my log in nerdhelp and majorgeeks and they seems to come up with the solution that there are 2 entries i could remove and these are it :

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

Can anyone here back this up plz ?

Oh this is weird i restart my computer and my homepage has changed o about;blank and keeps advertisin and windows is tellin me that i need to downlaod a spyware remover then it seems to be a rogue one as it is sayin that its free but askin for card details !!!

[Vikorr]

Re the one with Navload.ini, see this link http://castlecops.com/s5609-NavLoad_ini.html - it's safe to delete.

I would imagine that any BHO registry entry with no file reference is safe to delete, and the techies at spywareinfo should know, so I'd personally delete them.

I did a quick google search and came accross the following sites -
About Blank is a CWS variant, and there appear to be a number of variations of about blank (I don't know these sites, just ones I came across, but at least they give a starting point for understanding About Blank)http://www.siena.edu/antivirus/Spyware/aboutblank.asp
http://www.pchell.com/support/aboutblank.shtml
http://www.answers.com/topic/coolwebsearch

[Blackspear]

Quote:

Originally Posted by cleverboy123

...i have posted my log in that Spywareinfo forum but i am waiting for a reply...

Please do NOT delete anything, wait until you receive a reply and then follow their instructions precisely.

Cheers

[Primrose]

Welcome to the wonderful world of search hijacking. You have been poisioned.

http://www.lurhq.com/ppc-hijack.html





http://www.spywareinfoforum.com/inde...opic=54043&hl=