Really Bad Virus!

Intel mother board / Home built tower
February 8, 2009 at 02:04:01
Specs: Windows XP Pro, 2.8GHz pentium 4/2 GBytes Ram
I've got one very nasty virus. It first started when I click on what appeared to be a YouTube video. Shortly thereafter, my SpySweeper/Antivirus program popped up and then just vanished. Trying to run it was impossible and all attempts at reinstalling it failed even with the help of SpySweeper online support. I then noticed that clicking on any Google search result wasn't getting me to the proper links and I could only do so by directly inserting the http address in and clicking on the go arrow in my FireFox browser. Then I did some research on this and found out I had a Google Redirecting Virus and followed the instructions on removing it. Even after removing numerous viruses and things looking normal again the problems soon returned along with the viruses even after running several other spyware programs several times each. It seems that whenever I connect to the internet, the virus(es) start to take over again so I'm keeping the infected computer offline and using my other computer that connects to the same DSL Modem. It seems to have escaped the trouble I'm having and I don't even have a spyware program installed on this one. After running PC Tools Spyware Doctor, I've succeeded in reinstalling my SpySweeper/Antivirus spyware software but if I allow my computer to connect to the internet, SpySweeper fails to load on boot up. If I boot up with my network enabled, there's a long wait before I can do anything such as starting to run some software programs. Clicking on their icons does nothing and as soon as I disable my network connection, all the Icons that I'd clicked on start working and the software programs boot and run. I'm very tempted to reformat my three hard drives and reinstall all my software because I've been struggling with this problem for just over a week. But I'm curious about this and finding a possible fix for it and maybe helping others, along with the fact that it would take me a long time to reinstall all of my software. It would be a good month before I get it back the way it should be. The last suggestion I've received was to remove tweakui so I'm doing this now.
Will removing tweakui fix this problem or is there more work to be done??
Thanks for any and all help here!

See More: Really Bad Virus!

Report •

February 8, 2009 at 06:31:52
Removing tweakui is a good idea but undo anything that you have done with it first.

Depending on the redirect version this may temporaryily help :

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and click the + sign to the left, you should see something like TDSSserv.sys in that list.
Highlight that driver and right click on it and select DISABLE - NOT uninstall.
Now RESTART your computer.

If that did not work go start > run type cmd and press enter or ok.
type ipconfig /flushdns (The space between g and / is needed)

Then press Enter, type Exit, press Enter again, then see if the redirects have stopped.

Please download Malwarebytes' Anti-Malware from one of these sites:



Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Report •

February 8, 2009 at 18:45:12
At the beginning of installing (clicking on Run) Malwarebytes, my SpySweeper popped up this notice:

"File System Shield has Quarantined a potential unwanted program."

Clicking on this popup shows me 5 items as listed here:


I think I will not run this Malwarebytes software.

My system now has been operating just fine after removing TweakUI so I think all is well. I'll update this thread if further problems appear in the future.


Report •

Related Solutions

Ask Question