Simviation Forums

Got something nasty in my PC that just won't die... and now it's become truly maddening. Adaware, Malwarebytes, RegCure, and Spybot S&D are no match for it. First it hijacked my web browsers, then a folder on my HDD... forced me to log on at startup (wasn't set for that). It then would not allow me to run Malwarebytes, nor could I download a new version. Any page with reference to that program was denied. Pretty slick.
Got MWB elsewhere and installed it off a zip drive... fixed a number of problems, but success was not 100%...suddenly my sound drivers were gone, or corrupted. Fixing this got so hairy I was forced to do a repair of XP (did I mention Restore Points and Add/Remove Programs, and firewall controls were also disabled?). Didn't use Repair Console, I did it the "better" way. Well, that went OK, but I still can't use System Restore, Add/Remove Programs, the firewall,or my (onboard) audio. And when I went to re-install SP2, this trojan (?) now will not allow me to access any web page that has it available for download, even 3rd party downloads. Isn't that cute?  >:(  >:( 



I'm thinking of doing a full reinstall of XP, but not sure if it's worth it, even though Windows 7 would probably require a lot of work to play nice with my installations (I also really don't want o spend the dough on a new OS, not yet).

And I'm not sure exactly where the infection is...I've considered getting another HDD, but I'm not even sure if it's safe to try to pull anything off that HDD before removing it, sprinkling it with holy water, smashing it into 1000 pieces, then burning it and sinking what's left into the ocean. 
 
... any thoughts? 

This sounds suspiciously like the virus JBaymore warned about in this topic. http://205.252.250.26/cgi-bin/yabb2/YaBB.pl?num=1258377948

This sounds suspiciously like the virus JBaymore warned about in this topic. http://205.252.250.26/cgi-bin/yabb2/YaBB.pl?num=1258377948

You can be sure I've never DLed any "helpful" pop-up thing... but I do know that some of them cannot be clicked away; if it pops up, it is getting in. It's a possibility.

I've had the bug in J Baymores thread on two different machines and 6 months apart. First time, I just bought a new hdd and spent 7 hrs formating and reloading all my stuff. 145 $ and 7 hrs. New years day the other machine got hit so I took to a shop that does virus removal. 65$ flat fee. However, he's had it 3 days now and it still wasn't ready to pick up today.
If could just get within a 1000 meters from the basterds that spread this I'd fill thier brain cavity with lead.

PS. Bad web search habits have little to do with this one.

Go to bleepingcomputer, maybe they can help

http://www.bleepingcomputer.com/

Since it is all volunteer they are not the fastest, but you can give them a try.

Either that or completely reformat your HD, do not restore, do not repair, completely reformat!

If you take anything off of it you need to only take known good files that you can not replace and only take files with known good files extensions like txt, doc, xls etc.

Any file that is exe do not take unless you are postive about the origin of the file and if you have any doubts do not take a copy and put it on you reformatted HD. 

Anything that you can get off the internet like Auto Thumbnail, AICarriers2, etc. leave it and just download it off the net on to your reformatted HD.

Rod

Not to hijack this thread but I picked up my standby PC from the virus remover guys today. They tried to do the fix
without reformat. Bless them for the effort but the PC failed right after boot. Pop ups everywhere. Can't turn them all off. I phoned the boys and they said they will dump everything and reformat for free. But one of them kept saying that one of my other PCs could be infecting my standby PC via my router. I don't get it. Both of my other PCs are running like a champ with no indications of any problems. I am not on a network, so each PC should be seperate from each other.
My question is, can a virus move from a normaly running PC to another through the router? Only disableing one PC and not the other?

Not to hijack this thread but I picked up my standby PC from the virus remover guys today. They tried to do the fix
without reformat. Bless them for the effort but the PC failed right after boot. Pop ups everywhere. Can't turn them all off. I phoned the boys and they said they will dump everything and reformat for free. But one of them kept saying that one of my other PCs could be infecting my standby PC via my router. I don't get it. Both of my other PCs are running like a champ with no indications of any problems. I am not on a network, so each PC should be seperate from each other.
My question is, can a virus move from a normaly running PC to another through the router? Only disableing one PC and not the other?

I highly doudt it since they are not networked plus the fact as you say, if that was the case all would be infected, a virus is not just going to infect one and leave the other alone.

Rod

Not to hijack this thread but I picked up my standby PC from the virus remover guys today. They tried to do the fix
without reformat. Bless them for the effort but the PC failed right after boot. Pop ups everywhere. Can't turn them all off. I phoned the boys and they said they will dump everything and reformat for free. But one of them kept saying that one of my other PCs could be infecting my standby PC via my router. I don't get it. Both of my other PCs are running like a champ with no indications of any problems. I am not on a network, so each PC should be seperate from each other.
My question is, can a virus move from a normaly running PC to another through the router? Only disableing one PC and not the other?

I highly doudt it since they are not networked plus the fact as you say, if that was the case all would be infected, a virus is not just going to infect one and leave the other alone.

Rod

That's what I thought. Maybe the techy was hoping to con me into bringing him 2 more pc for more cash.
Thanks for your reply.

This sounds suspiciously like the virus JBaymore warned about in this topic. http://205.252.250.26/cgi-bin/yabb2/YaBB.pl?num=1258377948

You can be sure I've never DLed any "helpful" pop-up thing... but I do know that some of them cannot be clicked away; if it pops up, it is getting in. It's a possibility.

Rotty,

You don't have to deliberately download it (or it makes you think you are not doing that).

I will probably just re-format the drive and re-install XP... started backing stuff up today. Sigh....