Websites blocked, computer slow

AMD Athlon
November 29, 2008 at 23:09:59
Specs: Windows XP Pro unregistre, 1.6Ghz/768mb

I just recovered from a very very invasive virus using a Windows installation CD. Amongst many symptoms I had my task bar removed, my copy & paste and drag & drop functions disabled, a lot of websites (mainly security related) blocked, search engine results redirecting to ads, pop-ups to download Antivirus 2009, all my administrator privileges disabled, all my services except for networking ones disabled, all my non-password-protected accounts locked with a mysterious password and my instant messengers and web browsers corrupted.

Most of the handicapping symptoms are gone, but websites are still blocked and search engine results are still corrupted, and my computer is incredibly slow and somewhat unstable. I can't register Windows because it cannot access certain microsoft servers. There is a lot of antivirus software I can't download and if I get them from websites I can access a lot of software requires access to a server I can't access during installation.

I checked my host files and they seem fine. I tried removing them and putting them back, no changes. When I use a proxy the search engine results are ok but the blocked websites remain unaccessible.

I checked my task manager and lsass and winlogon seem to be constantly hogging the CPU power. I checked and they were in the system32 folder which usually would mean that they're not viruses.

Hijackthis has detected suspicious files such as ddcaqQjb.dll, geBuSJbx.dll as well as winlogin. I can fix winlogin but the dll files come back instantly and even after the antivirus or security task managed has quarentined them the problems persist and they end up getting reinstalled at startup anyway.

Any ideas? Thanks for your help.

Note: I have Avira AVG, Avast (it's unable to update) and the demo version of Security Task Manager. I could not install SpyBot and I cannot access support.microsoft.com


See More: Websites blocked, computer slow

Report •


#1
November 29, 2008 at 23:59:25

It really seems like a bad virus problem. I think in such cases its good to reformat the system, and do a fresh install.
But again, if the virus are infected in the files that u backup, then the virus may infect the system again.

Are u using three antivirus all at once? U should have only one installed at a time, or they conflict. Avast and Avira are the best of the lot. You can manually try to update Avast by downloading its standalone definitions and see if that works.

Did u scan for antispywares?
As a start, you should first of all turn off system restore, then login to safe mode and do system scan with antivirus and antispywares.

Some good antispywares are Spyware Doctor Starter Edition, Superantispyware, Ad-aware, SpywareTerminator, Spybot.
Also scan ur PC with Malwarebyes Antimalware.
Combofix is also a good removal tool.

Also, post a log of HiJackThis, so that an expert can look at it, and suggest u further.

Best of luck.

Anupam


Report •

#2
November 30, 2008 at 06:52:02

I would not format the computer just yet.

Try this first.

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and click the + sign to the left, you should see something like TDSSserv.sys in that list.
Highlight that driver and right click on it and select DISABLE - NOT uninstall.
Now RESTART your computer.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

If you have trouble installing or running MalwareBytes or do the following:

If you got them downloaded rename the setup file then try installing them again.

Right click the mbam-setup.exe file> click rename> rename it something.exe then try to run it. If it installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename the mbam.exe file then try to run it again, if still no luck rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

Post a new Hijack This log please.


Report •

Related Solutions


Ask Question