spywareblaster: ERROR: This program has been damaged..

ok running TDS-3 full scan and updated it.

do i need to have mirc running? right now i dont.. but hopefully itll scan the exe.

 

heres what TDS-3 returned:

Scan Control Dumped @ 04:13:17 25-04-04
Positive identification (embedded in file): TrojanSpy.Win32.Briss.c (UPX)
File: c:\windows\cracksws2.exe

Positive identification (embedded in file): TrojanSpy.Win32.Briss.e (dll)
File: c:\windows\cracksws2.exe

Positive identification: Adware.IeSearchBar Dropper
File: c:\windows\bar.exe

 

still getting the same error when i try to open spywareblaster

 

just turned on the computer, opened IE to visit google.. and im being infected again

spywareguard is catching it like before.

c:\windows\system32\hfihba.dll

 

Hi CWSjim,

Start with the following:
Go here:
http://www10.brinkster.com/expl0iter/freeatlast/PVtool.htm
And download "Xfind.zip" from there.
Unzip, run the 'find.bat' inside.
Wait till it terminates and find 'log.txt' inside which
you'd need to attach into your next reply.

Regards,

Pieter

 

heres the contents of file.text in the xfind folder:


C:\WINDOWS\System32\MSJKM.DLL +++ File read error

 

ooops, that should say file.txt .. not text.

thanks for the help.

 

Hi CWSjim,

First run runme.bat in the pv folder again and choose option 7.

Then download TheKillbox from here: http://download.broadbandmedic.com/VbStuff/KillBox.zip

Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\MSJKM.DLL

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The filenameand path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

Run AdAware as described here: https://www.wilderssecurity.com/showthread.php?t=15913

Download and run: http://www.spywareinfoforum.com/~merijn/files/CWShredder.exe
Use the Fix button and follow the instructions you will receive.

Regards,

Pieter

 

followed your instructions and then ran find.bat (xfind) again.. the entry is still there

C:\WINDOWS\System32\MSJKM.DLL +++ File read error


is there another way to remove it?

 

None sofar that come with guarantees I'm afraid.

Download and run:
http://www.diamondcs.com.au/index.php?page=apm
Then close IE.
Use APM to Unload MSJKM.DLL from explorer

Then repeat the last procedure starting with option 7 form runme.bat

Regards,

Pieter

 

hmm.. it doesnt come up in the bottom list when i click explorer.exe in the top one.

 

Hmmm.

Click Start Run > copy&paste regedit /e c:\bhos.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"

Then find bhos.txt and post the content.

Regards,

Pieter

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
@="SpywareGuard Download Protection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

 

Is your about: blank still hijacked?

Regards,

Pieter

 

at the moment it isnt.

but im still not able to open up spywareblaster, which i was able to open before my browser got hijacked.

the error is that "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it." one.

 

Javacool is looking into that. I hope he found something.
This probably means that the Hijack will be back sooner or later, but for the moment it's the best we can do.

Regards,

Pieter

 

yea, i dont think its only spywareblaster.. because fraps 2.1.0 also gets the same error when i try to open it.

 

thanks for the help though, ill try it again later if it comes back.

 

its baaaaaaaaaaack!

brothers friend turned on the computer and started up planetside.. which has a webbrowser in its patch screen.

bam, spywareguard caught it and they freaked haha.. so i just let it take over until i can fix it later since theyll be playing in the game and not using IE.

this is driving me crazy :!

 

Your not alone! I'm having the same exact problem running windows xp. So far ive been able to fix the about:blank hijack using CWShred and Hijackthis. But now 2 progams I've noticed so far (Hypersnap and UltraEdit) are giving me the "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it." error. When using xfind it came up with kbl.dll which i tried using killbox to delete but it is as if the file doesnt even exist. HELP PLZ!

 

yup, exactly the same just diff programs and dll name

 

its back again but this time im getting popups saying "YOU HAVE SPYWARE INSTALLED" with a link to searchx.cc.

damn this thing damn it to hell!