I'm hoping you can help me as you have helped others with similar problems.
My problems are:
- clicking on google links redirects me to either other random sites (most often lesser known search engines) or I get IE cannot display webpage message
- can get to some websites (i.e. yours) by typing in URL but cannot access others (i.e. www.bleepingcomputer.com). Again get IE cannot display webpage message (annoyingly this also happened the first time I posted this log & I am now having to use a different pc)
- unable to download software i.e. CCleaner, SuperAntispyware, Malwarebytes' Anti Malware - get either IE cannot display webpage error or .exe is not a valid win32 application error
I am running XP SP2 but do not have the latest security updates due to the 3rd reason above.
I also got infected with Antivirus XP 2008 and removed it manually using instructions provided elsewhere (incl reg settings). I originally thought this was what was causing the other problems but it appears not! The same problems were occurring before I manually removed Antivirus XP 2008.
I have a Hosts file which I originally got from MVPS & this looks ok.
Here's my HijackThis log - are you able to help or am I beyond it??
Logfile of HijackThis v1.99.1 Scan saved at 17:49:21, on 27/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Run a scan with HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O4 - HKLM\..\Run: [msserv] C:\WINDOWS\System32\lvsrev.exe
1. Click Start button, then go to Programs, Accessories and click on Windows Explorer. 2. Select the Tools menu and click Folder Options. 3. Select the View Tab. 4. Under the "Hidden files and folders" heading please check Show hiddenfiles and folders. 5. Uncheck the Hide protected operating system files (Recommended) option. 6. Click Yes to confirm. 7. Click OK.
Delete these files:
C:\WINDOWS\System32\lvsrev.exe
C:\Windows\System32\drivers\InvisibleDrvNT.sys
Reboot normally, post new hijackthis log and tell how things are running ?
I have followed your instructions but don't have an lvsrev.exe file appearing either in HijackThis or C:\WINDOWS\System32. I don't have an InvisibleDrvNT.sys file in the drivers folder either.
I do however have a xx_lvsrev.exe file in the System32 folder.
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh hijackthis log.
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Cannot download from here either. Same problem: IE cannot display webpage.
Shall I try removing the files (& any registry settings) for the original stuff I found & see what happens? (xx_lvsrev.exe file in the System32 folder & also xx_apigrab.dll and xx_wartsvr.exe)
Yes, try to delete the files. You´ll probably have to do it from safe mode. If you can´t delete them, then see if they can be renamed to - filename.old.
Reboot.
You should be able to download malwarebyte from her:
Deleted files ok but made no difference. Have rebooted pc. Can see the Malawarebytes site & able to save the exe to my c:\ but when I try to run the setup exe I get an 'exe is not a valid win32 application' error. Same thing happens if I try to run it from the website.
Can you think of anything else I could try before I try re-installing XP? Thanks again
(By the way I checked Winsock and that seems to be ok)
That didn't work either. Can't do a system restore as can't restore to anything before the current month & have been on holiday for most of Aug so no decent points to restore back to.
I'll leave it a couple of days before I re-install XP so let me know if you have any other suggestions. Thanks for all your help
Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) and save it to your desktop.
When you have done this, please boot into Safe Mode (Tap F8 during startup).
Open the extracted folder- C:\ SDFixand doubleclick on RunThis.bat to start the script.
Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.
Open the SDFix folder on your desktop and copy and paste the contents of Report.txt
I'm having the exact same problems as Kaz. However, for some reason, now when I went to the site you gave below (under safe mode), I receive an error box that says "The setup files are corrupted. Please obtain a new copy of the program." I used to receive the same messages as Kaz. Do you have any ideas for me? I'm really going nuts here.
Touch said... Ok. I´ve found a new link for Malwarebyte, see if you can download it from there ->
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh hijackthis log.
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Currently it is Thursday, December 04, 2008 8:19 PM (GMT +1) There are a total of 64.634 posts in 15.923 threads. In the last 3 days there were 21 new threads and 135 reply posts. View Active Threads
Who's Online
This forum has 27355 registered members. Please welcome our newest member, bigstu. 49 Guest(s), 0 Registered Member(s) are currently online. Details
|