-
March 19th, 2009, 10:42 PM
#11
Junior Member
Thanks
Just wanted to say a big thank you to NukEvil and others for clear, precise, simple no-nonsense instructions on how to get rid of windowsclick trojan. Process worked a treat! Thanks!
-
March 25th, 2009, 05:20 PM
#12
Junior Member
-
March 25th, 2009, 06:35 PM
#13
Seems that Google has indexed this thread..
Anyways, remelian, I assume you've read this thread? If so, did you try the Recovery Console method, or renaming the anti-malware program?
Windowsclick is rather easy to remove after you've found an easy way to remove it.
-
March 25th, 2009, 09:11 PM
#14
Junior Member
I tried renaming 2 of the anti malwares. That did not allow them to work either.
This is running XP 2002, so finding any disc is going to be a challenge, buried somewhere in this room...I bought this right before Gateway gave up their brick and Mortar stores. It has served me well, Fire dog guys were suprised how fast it booted when I added memory last year...So I would like to keep it running and NOT depend on my Viao with Vista I really hate Vista. My Viao stuff and my EEEP stuff will not work.
yes I found you all through Google.
I am getting ready to download to my Viao, one of the techies at work warned me that since my external HD has been hooked up to my Gateway, it could be infected too. I have a 40 gig external HD for my EEEP (it has like 12 gig, so if I want my music camping it has to be on an external HD) so I can download the set up through my Viao into my mini external HD, I hope.
-
March 25th, 2009, 11:47 PM
#15
Disable System Restore, dump AVG and install Avira AntiVir instead.
Install Ccleaner (www.ccleaner.com) and manually delete as many
contents of temp folders as you can on that PC.
Update everything: SpyBot, MalwareBytes, AntiVir.
Then run 'em again.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
March 26th, 2009, 03:19 AM
#16
If you are going to connect the external drive, make sure when you go to copy stuff that you do not open it by clicking the drive's icon, instead open my computer and click the Folder button above the addresse bar
and on folders bar open the drive that way.
and when accessing the copied files on the infected machine do the same..
-
March 26th, 2009, 08:00 PM
#17
Junior Member
Avira sees it (well I can see the file as it cascades through) but does not trap it.
I think I have now the Cleanest registry in the State of DE...(private computer)...
Avira keeps trapping the same 2 things, one is a root kit.
t34b4g5, I did not know there was another way to get to the flash or external HD. There are no icons for the H drive (external) and G drive (flash) on my desk top. So I guess that is a good thing.
My work computer let me download the setups for malbytes and and something with the icon of a lion(???) onto my flash drive and let me change the names and the extension, but when I changed the extension, it did not recognize it. My brain is foggy with lack of sleep and all this technical stuff.
I did find my restore disc last night at the bottom of the software drawer, so if all fails, I will back all my music, and do a full disc restore. the rest is pretty well backed up or easy enough to re-down load, with the exception of my DVD Santa and ca couple of other paid with only one key things...most of what I have is free ware. I ahve not ahd to do that in years and years and never on this really reliable Gateway...teaches me NOT to be where I really should not be...
-
March 27th, 2009, 12:52 PM
#18
Junior Member
I ran Combofix and within seconds it ID'd a bunch of UACd files.
I completed the run, did what it said to do.
I rebooted.
Then went back into the internet. Nope windowsclick is still redirrecting.
I ran Avira, it picked up a root kit. I got rid of that (quarantined)
Then I re-ran Combofix, hard drive was clean.
I downloaded the root kit tool from Avira, that came up clean.
Went back into the internet, and got redirected again...methinks that it might be something in my external HD...I guess I need to wipe it clean since I cannot figure out how to get Combo fix to look at it.
I left for work running a full scan with Avira, I have my external HD and my flash drive being scanned in the full scan.
I defraged the C drive last night and where I had 24.7% free space on my C drive, I now have 37.8% free space, so I had a lot of junk that was removed. Malwarebytes removed one of my paid for antiviruses as a "rogue".
I have had this gateway since 2001, found files I installed back to there. It has seen Verizon internet and now Comcast, as well as a local ISP before I made the plung to Verizon. So this computer is like an old friend. Like an old friend, I hate when someone is sick...
I am going to dump all the files on the External HD and reload from the C Drive. I had EVERYTHING backed up including the hidden files. I also have a brand new 500 gig External, I may just try backing up into that and seeing what happens after a full scan.
-
March 28th, 2009, 12:36 AM
#19
Remelian try following this guide and let me know if it helps.
Originally Posted by t34b4g5
I recently had to fix a friends computer that was doing the same thing..
here's the way that i was able to fix it.
try going to my computer.
Click the folder button and make sure view hidden files/folders is turned on and check your drives for "resycled" and "autorun.inf" files/folder
They will appear in the root directory..
If they are there then go to a command prompt and change the attrib settings to the "resycled" folder and the “autorun.inf” file
attrib -r -s -h
then while still in the command prompt just use the del command on both.
then do a search for autorun.inf on your drives and after the scan just right click on each one and open with notepad or wordpad and check each one, and if any happen to have "boot.com" before a string of jumbled letters numbers then delete.
the "boot.com hides in the “recycled” folder and when the “autorun.inf” files is loaded it loads the “boot.com” file and your browser will continually get redirected.
restart computer and then go to my computer and click folder and check to make sure there both gone..
this thing was not only not letting me access the computers drives it also decided that it would re-direct the browser to www{X}copy-book{X}com {Note don't click site got active malware} all the time a little and i did the above and it should solve the issue.
Also
Start Windows in safe mode, then click Start -> Run. Type in regedit and click okay.
Now at the top of the registry editor,
click Edit -> Find.
Type boot.com and click Find Next. Every time it finds a new boot.com, press the delete key and then enter. It should find a dozen or so copies.
Now, plug in any external drives or flash drives you have used with this computer.
Open
My Computer. Click Tools -> Folder Options -> View and select "Show Hidden Files and Folders" and click okay.
For each drive, open it and delete the “recycled” folder and “autorun.inf”. Back up each “autorun.inf” before deleting them off external drives, because they might be important.
Restart the computer and the problem should be gone.
Any removable usb drives you've plugged into that computer will also be infected with the virus, so make sure you clean them out too (note if you clean your comp, then plug-in the usb drives it'll re-install itself)
any computers you've plugged that usb drive into are also infected
a summary of what this thing does - its installed itself as a windows driver with a random dll file name, you'll have to track down ALL instances of it and eradicate it completely. Booting in safe-mode will assist, the drivers wont show up in control panel or admin tools either as its hidden
other things you will need to remove this damn virus
malware-bytes anti malware
SmitFruadFix Scan
hijack this
gmer
this thread should help you: http://www.bleepingcomputer.com/forums/topic191577.html
if you download and install the latest version of those programs they should work fine without and update, the virus re-directs the update URL's as well. You will find its system-wide not browser specific!
I think that you have a variant..
-
March 30th, 2009, 08:16 AM
#20
Hmmm, are you able to run an online scan tool?
www.pandasecurity.com/activescan
Post the log here ...
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
Similar Threads
-
By CyberB0b in forum The Security Tutorials Forum
Replies: 20
Last Post: August 15th, 2008, 11:07 AM
-
By cheyenne1212 in forum Microsoft Security Discussions
Replies: 9
Last Post: July 24th, 2007, 03:30 PM
-
By alakhiyar in forum The Security Tutorials Forum
Replies: 1
Last Post: December 17th, 2006, 11:31 AM
-
By Kamikaze Badger in forum The Security Tutorials Forum
Replies: 5
Last Post: August 18th, 2004, 10:01 PM
-
By khakisrule in forum The Security Tutorials Forum
Replies: 7
Last Post: July 10th, 2002, 02:34 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|