Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Jan 2013
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    mother of all virus/trojans

    I recently started getting a pop up " windows detected to be running slowly change your color scheme" The two choices given do nothing and the pop up persisted. I then received pop up "adjust your contrast" Then I noticed a MCRSFT alert that my Security Service has been closed and will not open. I then checked system restore and that was also closed and will not restart. Since then my Firefox browser has been hijacked and it redirects every site I try to open. Firefox will work in safe mode but not in normal operation. I am running Dell Inspiron Win 7 Ultimate 32 bit. I have mcrsft Essentials and MBAM installed and they have found nothing. I have run Smitfraud, Kapersky root Killer, CCleaner all to no avail. I tried to run Combofix but it ran for an hour and never stopped.I think the only answer is Windows repair but
    i do not have the installation CD. Any suggestions would be appreciated

  2. #2
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,797
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Did you run MalwareBytes in Safe Mode with the latest signatures?

    One thing to check (preferably in Safe Mode) is
    Control Panel > Internet Options > Connections tab > Lan Settings button > Make sure the "Use a proxy ..." radio button is not set. This could be the cause of browser redirections.

    One more thing to try is a Clean boot - http://support.microsoft.com/kb/929135

    If the problem is diminished in clean boot, re- enable things in groups until you find the culprit.

    Jerry

  3. #3
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    735
    Thanks
    15
    Thanked 80 Times in 78 Posts
    Lax,

    ".I think the only answer is Windows repair but
    i do not have the installation CD. Any suggestions would be appreciated "

    If jerry's suggestions don't work. do you have a factory restore partition on your Dell?? Or, you can download a new Win7 intall disc .iso, if you have the serial number to authenticate the installation.

    Zig

  4. #4
    New Lounger
    Join Date
    Mar 2013
    Posts
    7
    Thanks
    0
    Thanked 1 Time in 1 Post
    laxington,

    Do you have the Repair your computer option in the Advanced Boot Options menu of Windows 7?

    Check to see, if you wish to pursue your issues further:
    http://www.sevenforums.com/tutorials...t-options.html

  5. #5
    New Lounger
    Join Date
    Jan 2013
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you for your suggestion. The repair function gives you the option to RESTORE the computer but the virus already knocked out all restore points and the other options did nothing.

    I cleared the infection with COMBOFIX which deleted files for almost 4 hrs before it was finally clean. I think the infected files kept regenerating files and that is why it took so long. Although I have two antivirus programs running the virus reappeared the next day and I cleared it again but it knocked out the Security Service Center and I could not restore it.

    I finally went to DigitalRiver and down loaded the proper ISO for my Win7 edition and burned it to a flash drive and used the Windows upgrade to reinstall the OS. The upgrade reinstalled with all my programs, files and etc. I have repaired a lot of infected computers but have never come across one as tough as this . So far so good Thank you

  6. #6
    New Lounger
    Join Date
    Mar 2013
    Posts
    7
    Thanks
    0
    Thanked 1 Time in 1 Post
    laxington,

    Thanks for the update.

    Actually, we would have worked from the Windows Recovery Environment/Command Prompt option, vs. just clicking the Repair your computer and a Restore.

    There is a very good program that diagnoses and removes malware and Rootkits using this environment.

    However, you already pursued another course of action.

    Glad your system is working normally!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •