avalanche of spyware and trojans

Discussion in 'adware, spyware & hijack cleaning' started by jyodis, May 20, 2004.

Thread Status:
Not open for further replies.
  1. jyodis

    jyodis Registered Member

    Joined:
    May 8, 2004
    Posts:
    12
    ***Computer Background***

    The computer is some sort of older Dell Laptop. It has been without virus protection for years. Ad-Aware was installed on it almost half a year ago but never run.

    The computer has slowly been amassing popups and downloading programs that run in the background and slow everything down, but the situation was allowed to escalate for weeks.

    It hit a turning point when it started making it impossible to open Internet Explorer. This is when the computer was given to me. I was curious about it- it runs AIM, so it connects to the internet, but IE won't even open. Furthermore, if you try to open it you eventually have to force quit it, and then the computer will freeze up (amount of time until freeze is variable). If you never attempt to open IE, it won't freeze, but if you do, it will freeze up eventually.

    I tried to then open netscape but the computer did not have this program. I transfered the netscape download over AOL Instant Messenger from another computer to this laptop, and then installed it. It worked and the computer could get to the internet. After a restart though, the same problem came up. Couldn't open Netscape.

    However, I found out that if you open a related program that doesn't try to access the internet, such as Netscape Composer, and then open a new browser window from there, it works.

    This method of {Composer -> Open New Browser Window -> surf wherever you want} has worked for a couple weeks, even through many restarts. Netscape Navigator itself and Internet Explorer both freeze the machine though if opened initially. Outlook Express works fine and will send and receive email, and AOL works too. All other programs work; I assume no browser that connects to the internet will work if installed.

    ***Request for Help***

    Early on in this process, I tried to run your Ad-Aware/HackThis number combo and ask for help. I closed every program I could see open in trays and with screens open. Then, since the computer has Ad-Aware on it, I tried to go through that process.

    I hit the global key to update Ad-Aware.
    I did all the steps and ran the scan.

    I ran into problems: It went through and was finding over a hundred files that were foreign objects, probably more but it never made it to the end. I tried this multiple times and Ad-Aware always froze up in the C:\_Restore\TEMP section around 20,033 files explored.

    Specifically, it prompted that it was denied access to infected files, and before it froze it successfully spit out these three names, every time I tried this:
    C:\_Restore\TEMP\A0158995.CPY Downloader-FL
    C:\_Restore\TEMP\A0159068.CPY Generic BackDoor
    C:\_Restore\TEMP\1649283166475 Downloader DH.6

    I proceeded to give up trying Ad-Aware, go directly to the HackThis steps and then was going to post all the results.

    HackThis will not even download. If I try to download, the computer freezes. I tried this a few times.

    ***Where I am Now***

    I could attempt sending HackThis over AIM in the way I sent Netscape, or put it on a floppy and get it in there.

    I could try to do the same with SpyBot or any other program you suggest.

    I am open to all suggestions and comments.
    I called a friend or two that work in repair shops, and they want to wipe it out and re-install windows; I feel like I should be able to salvage something without doing that. There are many files and pictures on the computer.

    Thanks for the time and help.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  3. jyodis

    jyodis Registered Member

    Joined:
    May 8, 2004
    Posts:
    12
    The last restore point is over 2 years ago. I'm not sure how system restore works. Will I lose programs that were put on the computer between 2 years ago and now?

    It is running 2000 ME not XP, does that make a difference? How do you go through the process on 2000 ME?

    Thanks.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  5. jyodis

    jyodis Registered Member

    Joined:
    May 8, 2004
    Posts:
    12
    I disabled system restore. Then I restarted the computer. I then re-enabled system restore.

    I proceeded then to do the plan of Ad-Aware followed by HijackThis and post the log.

    Ad-Aware, like you predicted, did not freeze up on those three files because they were wiped out.

    However, it would not run all the way through.it found 62 Registry Keys, 8 Registry Values, and 52 Files messed up, and it was still scanning, when it froze at 50,702 objects scanned. It found a file it had no access to erase or clean, this object was

    C:\_RESTORE\TEMP\A0158995.cpy

    This confused me since it is in the restore folder and I thought that our last action wiped it. Ad-Aware froze up and I had to force quit.

    I re-ran Ad-Aware and scanned leaving OUT the _Restore folder. It stopped at:
    C:\WINDOWS\TEMP\164929.7612 *Downloader-FL
    Ad-Aware successfully deleted this file, although it then froze and I had to force quit.

    I then ran Ad-Aware once more, with the _RESTORE folder NOT included in the scan. It made it through the program, quarantined 56 files and folders, but I noted that without scanning that folder it did not find any of the registry key objects or values to be messed up (it found 1 malware and 55 data miners).

    Also, I cannot open anything on the desktop, any internet browser, or any folders from the start menu (such as control panel). To access and turn off system restore I had to go through the folders -> Accessories, etc etc and find a loophole that opened the folder indirectly.

    So this is where I am now. I can get Ad-Aware to scan without freezing if I let it do the entire C:\ drive with the _RESTORE folder included.

    I can't access certain programs, parts of the start menu, or the browser. I'm fairly certain the problem is with the registry, but I don't know what to do.

    The last few times I tried to download HackThis it would not work, but I could probably bring it in with a floppy disk.

    What is suggested??

    Thanks for the help.
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Windows ME is suitable for a reinstall to the same Windows folder (reinstall over itself) which leaves installed programs intact, and repairs default registry entries. If you dont get this solved you might consider that :)
     
  7. jyodis

    jyodis Registered Member

    Joined:
    May 8, 2004
    Posts:
    12
    If I did this re-install over the current windows, how would I go about it? I would need some CD or something with Windows ME to install, right? This computer was given to me and I have only the computer. If I have to reinstall Windows I'm not sure what I'll end up doing. Is there some other way to fix registry keys?
     
Thread Status:
Not open for further replies.