Pages in topic:   [1 2] >
Got a hijack / adware / trojan and anti-virus doesn't work. Any ideas? ('system restore')
Thread poster: Edward Potter

Edward Potter  Identity Verified
Spain
Local time: 08:14
Member (2003)
Spanish to English
+ ...
May 27, 2005

I've got a real mean hijacker on my system. I'm using one of my backup computers right now.

It seems that I may have inadvertently installed a hijack/adware/trojan program. Superimposed on my desktop I have a sign saying "Warning you're in danger! All you do with your comuter is stored forever in your hard disk. When you visit sites...etc." and tells you to click at the bottom to fix the problem. I tried just about everything else, so I finally clicked it and it sends me to a site selling "Anti-Virus Gold" based in Panama. Apparently they screwed up my system and want to charge me $39.00 to fix it.
Other problems caused by this evil entity now on my system are: 1) a new icon on my task bar that says "Your computer is infected! Protect your Computer From Viruses. You need to use antivirus software." 2) When I was still able to connect to the Internet, my browser immediately went to the anti-virus site rather than my normal home page. I cannot browse any other site! That is to say, my Internet browser has been hijacked. 3) Now my modem will not work on that computer so I cannot even connect any more.

I have done the following with poor results:

1) Run an updated version of CWshredder
2) Run an updated version of About: Buster
3) Run an updated version of Spybot S&D
4) Run an updated version of Norton Anti-Virus.

Does anyone have any ideas?


Direct link Reply with quote
 

Gillian Searl  Identity Verified
United Kingdom
Local time: 07:14
Member (2004)
German to English
Symantec hotline May 27, 2005

Go to the Symantec site and get the hotline number. It will cost but I guess by now you are ready to pay. Make sure you have a credit card handy.

http://www.symantec.com/techsupp/static/ts_contact_asa_intro.html


Direct link Reply with quote
 

Florence B  Identity Verified
France
Local time: 08:14
Member (2002)
English to French
+ ...
Ouch.. May 27, 2005

Can you locate this program?
(from Ctrl+Alt+Del - is there anything suspiscious?)
If so, can you find it in your registry?

You could as well try "Hijack this", see
http://forum.pcastuces.com/sujet.asp?SUJET_ID=8269

Good luck

F


Direct link Reply with quote
 

LegalTransform  Identity Verified
United States
Local time: 02:14
Member (2002)
Spanish to English
+ ...
Windows XP May 27, 2005

If you are using Windows XP, simply do a "System Restore" and restore your computer back to a past date (prior to the date of infection - if you don't know the exact date - guess ). You will not lose any data (documents, e-mails, etc.) and the infection will be gone.

Direct link Reply with quote
 

Edward Potter  Identity Verified
Spain
Local time: 08:14
Member (2003)
Spanish to English
+ ...
TOPIC STARTER
System restore May 27, 2005

Hi Jeff,

Very interesting idea. I was starting to think along those lines. I attempted to reinstall XP but could not do so because my CD and current updated version were different and the CD would not let me go back to a previous version.

In any case, your idea makes more sense. How do I do it? It isn't this, is it? - Control Panel > System > System Properties > System Restore?

[Edited at 2005-05-27 14:27]


Direct link Reply with quote
 
xxxOlaf
Local time: 08:14
English to German
No it's Start > Programs > Accessories > System Tools > System Restore. May 27, 2005

Edward Potter wrote:

In any case, your idea makes more sense. How do I do it? It isn't this, is it? - Control Panel > System > System Properties > System Restore?

[Edited at 2005-05-27 14:27]


No, this option is for creating system restore points. To restore a system choose Start > Programs > Accessories > System Tools > System Restore.

If this works, I'd recommend that you get Mozilla Firefox and Zone Alarm. It's much safer to browse with Firefox, because it cannot as easily be hijacked. (I use IE only for the windows update.)
And Zone Alarm will prevent programs from connecting to the Internet.

Good luck!
Olaf


Direct link Reply with quote
 

Natasa Grubor  Identity Verified
Bosnia and Herzegovina
Local time: 08:14
Member
English to Serbian
+ ...
internet May 27, 2005

Sorry to hear that,

Did you erased internet history? Poor attempt but once helped to me. Make sure to erase history and cashe. Then go to system restore if needed. Also scan puter but NOT online.

Burrr... good luck!


Direct link Reply with quote
 

Edward Potter  Identity Verified
Spain
Local time: 08:14
Member (2003)
Spanish to English
+ ...
TOPIC STARTER
Fixed! (I think, I hope) May 27, 2005

Jeff,

Thank you so much! I realized what Olaf mentioned right after posting. Yes, it was Start > Programs > System > Accessories > System Tools > System Restore.

It worked!!!!!!! I spent the better part of the last 24 hours desperately trying to get this crapola off of my computer, and the system restore worked great.

Olaf,

Thank you as well. Where can I get that software you mentioned? Is it payware?

And thank you to everyone else for your suggestions and definitely for the moral support. Malicious stuff, but an ingenious plan - screw up someone's computer then sell him the software to fix it. I hope the guy sees a good 10 years in jail for that.

Take care everyone.

Edward


Direct link Reply with quote
 

Piotr Sawiec  Identity Verified
Local time: 08:14
English to Polish
+ ...
websites May 27, 2005

Hi

there are some websites, where someone knowledgable may help you to solve this problem, although from what I read, this requires a lot of work. An example:

http://castlecops.com/postp553162.html

when I searched for "warning you're in danger" there were many Google records from one Polish domain oferuje.wolomin. Probably there is a link, even an active one, directing you to a website that can infect you with something, or even such an object (ActiveX?) can be responsible for this infection.

because all the procedures described in castlecops and similar websites look quite time-consuming, usually I backup all important data and reinstall everything, unfortunately. I guess it takes less time.

good luck, and next time use Firefox browser, it does not use ActiveX

Piotr


Direct link Reply with quote
 
xxxOlaf
Local time: 08:14
English to German
Download links for Mozilla Firefox and ZoneAlarm May 27, 2005

Edward Potter wrote:

Where can I get that software you mentioned? Is it payware?

Edward
\

No, both are freeware:

Mozilla Firefox (free Internet Browser) can be downloaded from:

http://www.mozilla.org/

You can download many of extensions for it. I like Adblock, which allows you to block ads.

ZoneAlarm (a free software firewall) can be downloaded from:

http://www.zonelabs.com/store/content/home.jsp

(Click the "Free ZoneAlarm and Trials" link.)

Olaf


Direct link Reply with quote
 

Dr. Janos Annus  Identity Verified
Hungary
Local time: 08:14
Member (2005)
English to Hungarian
+ ...
Manual cleaning May 27, 2005

A few weeks ago I had similar problem. All antivirus etc. could detect the Trojan horse and other malware, but could not delete them, because they were made read only. At some experts' suggestion I made a "manual cleaning". Booted my PC in safe mode (press the F8 key while booting -for XP -, select Safe mode) and then delete all the files previously identified by the antivirus program. Of course one has to clean the Windows Registry as well, because if the reference to those files remains in the Registry, then they reinstall themselves. Very tricky and sticky stuff. I recommend this only if you are familiar with the registry, otherwise more harm can be done. Btw, Restore did not work in my case, for some reasons I don't know.

Direct link Reply with quote
 

Kirill Semenov  Identity Verified
Ukraine
Local time: 09:14
Member (2004)
English to Russian
+ ...
Windows BBS May 27, 2005

Whenever you have a problem with removing an annoying adware/malware, visit

http://windowsbbs.com/

register, and describe your problem at the `Removing Spyware & Viruses' forum:

http://windowsbbs.com/forumdisplay.php?f=41

It's great if you've downloaded and run HiJackThis before asking:

http://www.majorgeeks.com/download3155.html

There are great specialists at the forum, and they will surely help you. In my case it took a couple of days, but it didn't require a system restore resulting in data lost.

ADDED:

And -- yes, installing a firewall may be the best solution, in any case.

[Edited at 2005-05-27 19:39]


Direct link Reply with quote
 

Edward Potter  Identity Verified
Spain
Local time: 08:14
Member (2003)
Spanish to English
+ ...
TOPIC STARTER
Almost there, but not 100% May 27, 2005

Restore put everything back the way it was a couple of days ago before I got this nasty bug. However, I lost my Internet connection in the process. The problem is that I can neither uninstall or reinstall my ADSL router. It is kind of frustrating.

Whenever I put in the installation CD, then ask for a dynamic IP address I get either one of these two errors: 1) "Win PoET v4.0 - An installation support file could not be installed. The system cannot find the file specified". 2) "Telefonica USB ADSL Lan Adapter - The InstallShield Engline (iKernel.exe) could not be installed. IKernel.exe could not be copied to 'C:\Program Files\Common Files\InstallShield\Engline\6\Intel 32´. Make sure that you have the appropirate privileges to copy files to this folder. (0x20)"

So what is this all about?


Direct link Reply with quote
 
xxxOlaf
Local time: 08:14
English to German
See http://consumer.installshield.com/kb.asp?id=Q108247 May 27, 2005

Edward Potter wrote:

2) "Telefonica USB ADSL Lan Adapter - The InstallShield Engline (iKernel.exe) could not be installed. IKernel.exe could not be copied to



This is a known Installshield bug. There's most likely another instance of ikernel.exe in the memory which you'll have to kill via the task manager, before you start the installation.

Good luck!
Olaf


Direct link Reply with quote
 
Pilar T. Bayle  Identity Verified
Local time: 08:14
English to Spanish
+ ...
Another approach May 27, 2005


It worked!!!!!!! I spent the better part of the last 24 hours desperately trying to get this crapola off of my computer, and the system restore worked great.


There is a freebie in the Norton SystemWorks CD that I truly like: Go Back, by Roxio. It's fantastic in order to go back to the way things were before a virus or something like that. This program makes goback points, any time you start your computer, and every X minutes/hours, whenever you change something in your configuration... Then you only have to chose to go back to that time. Only inconvenience is that whatever you did with your files or received in the mail in that period will be erased, so you have to get it onto a CD, diskette, another HDD or whatever.
It will take you back about 24 hours, more than enough for quickly detectable mishaps.

P.
www.pbayle.com

[Edited at 2005-05-27 22:33]


Direct link Reply with quote
 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Got a hijack / adware / trojan and anti-virus doesn't work. Any ideas? ('system restore')

Advanced search






Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »
CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use SDL Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search