My PC has been hijacked!

Compac
July 26, 2008 at 21:07:50
Specs: Windows XP Media Edition , 250 gig HD, 1 gig ram

Last night my computer was infected from a virus and hijacked. The virus has changed my controls: I cannot chenge my disply/themes, task manager, C drive, a majority of my desktop icons. I get a 404 error when trying to access the internet. It was popping up fake spyware errors every 2 minutes, and had manipulated my internet to where only THEIR (fake) spyware sites come up. I have since tried running anti-virus in safe mode and normal mode. I have run AVG antivirus, AVG antispyware, Microsoft Malicious Software Removal, and lastly SUPERanti-spyware. Each program has located and removed/quarrantined numerous viruses, trojans, and spyware. However, I still cannot access my task manager, desktop, or C drive (C-drive I can access through backdoor manners). Is there ANYTHING that will effectively and thoroughly get rid of this junk, preferrably FREE or free trial???? It seems to be EVERYWHERE. I really don't want to lose my 75 gigs of music, 75 gigs of video, or 1,000s of pictures. Thanks you!

See More: My PC has been hijacked!

Report •


#1
July 26, 2008 at 21:09:45

slave your hard drive in another pc, grab the data off it and then reformat.

Report •

#2
July 26, 2008 at 21:40:17

Before doing something as drastic as reformatting, I would try running the same scans in safe mode. I would also try running Super Anti Spyware Terminator from the Ultimate Boot CD for Windows. Download it from and burn it to a CD. You would have to make sure that your bios is set to boot from the cd drive before the hard drive.


Report •

#3
July 26, 2008 at 21:48:51

"You would have to make sure that your bios is set to boot from the cd drive before the hard drive."

As far as the above you made, how do I do this?


I have the website of theboot thing, and am having my wife copy it to disc from her laptop and will try that as soon as SUPER anti-spyware is done in safemode. Thanks!


Report •

Related Solutions

#4
July 26, 2008 at 22:12:05

Look for something like boot order in the bios. To get into the bios, you would have to keep tapping a certain key, like the delete key, though it might be different on your computer, such as the F1 key.

Report •

#5
July 26, 2008 at 23:21:34

Make sure you turn off system restore, before running anti-virus programs, else you'll just get re-infected. It means you'll lose all your restore points, but at least you can start again with clean points.

Please let us know if you found someone's advice to be helpful.


Report •

#6
July 27, 2008 at 07:10:51

Download & run CCleaner. And make sure to turn off system restore as was suggested above.

http://www.filehippo.com/download_c...

Also, run MSCONFIG from the start menu & check the startup tab. Uncheck anything suspicious.

http://netsquirrel.com/msconfig/msc...


Report •

#7
July 27, 2008 at 09:31:24

And maybe the first thing you should do is back up all your music, videos, photos, etc. You should have been doing that all along.

Report •

#8
July 27, 2008 at 19:22:38

Thank you to everyone everyone with *helpful* and *positive* advice. I'm currently doing several anti-virus programs over and over until nothing is left to remove, and am in the process of copying the UBCD4WIN build to CD for use. Thanks again, I'd have been lost without you!

Report •

#9
July 29, 2008 at 10:41:50

THANKS TO DOUG KNOX!!!!!! This gives back access to REGEDIT!
http://www.dougknox.com/security/sc...
regtools.vbs - Disable/Enable Registry Editing tools in Windows
© Doug Knox - rev 01/10/2000 This code may be freely distributed/modified.
Usage: Download regtools.vbs Save the file to the folder of your choice. Double click the VBS file. The VB Script file will check for the appropriate value and if not found will create it. If the value was found, it will be toggled to its opposite state and you will be informed that you need to log off/back on or restart your computer. One note. This change is made in HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System. Disabling the tools takes effect immediately. Enabling requires a restart. This script can be viewed in Notepad or any text editor, as to the specific Registry key and value that are updated. Your antivirus software may report this script as potentially malicious, or a possible virus. This is because the script writes to the System Registry.

Then go to regedit and edit the following
HKEY_CURRENT_USER
SOFTWARE
MICROSOFT
WINDOWS
CURRENT VERSION
POLICIES
EXPLORER

ONCE YOU GET HERE START AT THE BOTTOM OF THE LIST AND DELETE THE ENTRIES----YOU CAN DELETE THEM ALL BUT I LEFT THE TOP ONE WHICH IN MY CASE WAS “ AB DEFAULT”

Then, check the registry to see if "NoDispCpl" had been added.
"Deny Access to the Display Settings"
http://www.winguides.com/registry/d...

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\System]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\CurrentVersion\Policies\System]
Value Name: NoDispCPL
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)
In regedit use the edit option to FIND any of the following entries in the registry
DisableRegistryTools delete any entries found
DisableTaskMgr delete any entries found
NoDispCpl delete any entries found
Virus Alert!
Also if the worm put VIRUS ALERT! By the time go control panel---regional and
Language----click customize---------and delete VIRUS ALERT!


Report •


Ask Question