Quad, I too am having this issue. Can review the attached log file and let me know what needs to be ticked? Thansk in advance for your help.
<<Edit: Subject edited to reflect the issue for the moved post>>
NOTE: a lot of rogue infections come with TDL 2, 3 or 4 behind what can be seen.
Now start Hijackthis and you will see beside each entry a little box that you can tick the entries you want.
With Hijackthis tick / check this entry below,
O4 - HKCU\..\Run: [bxhmpbal] C:\Users\The DeLuca's\AppData\Local\rktlcrxmx\qgdkcnktssd.exe
Now Click the "Fix Checked" button. That should remove those entries.
Now restart the PC, the rogue should not start up on the restart.
Next, check the Internet Connections so that the Proxy is NOT selected, see the link below
All I have done is disabled the Rogue, Now in Normal Mode you should be able to install, update the definitions and run a Full Scan with Malwarebytes.
Quads
Hi Quads,
Can you help me out too? I've attached the log file as a txt.
Greatly appreciate it.
Your log does not show the Rogue "Antispyware Soft"
Quads
I guess that could be because I ran the program while in Safe Mode? How else can I run this if everytime I tried when logged in normally it would close immediately after opening program?
With the latest in the family of which is "Antispyware Soft" having the Hijackthis executable named "explorer.exe" allows Hijackthis to run in Normal Mode and in the infected account.
Quads
I fixed it using the instructions from http://www.myantispyware.com/2010/01/30/how-to-remove-antivirus-soft-uninstall-instructions/
It was a 2-step process using HiJackThis and MalwareBytes Anti-Malware (both free).
I'm VERY disappointed that a Norton full system scan (it took 45 mins., updated definitions) did NOT detect any problem on the computer when it was clear there was something wrong...
chocodude wrote:I fixed it using the instructions from http://www.myantispyware.com/2010/01/30/how-to-remove-antivirus-soft-uninstall-instructions/
It was a 2-step process using HiJackThis and MalwareBytes Anti-Malware (both free).
I'm VERY disappointed that a Norton full system scan (it took 45 mins., updated definitions) did NOT detect any problem on the computer when it was clear there was something wrong...
Notice how the files given in the link above are not complete,
Quads
Hi Quads,
So my Norton detected it and eliminated it. However, now my Chrome or IE won't work now! I get a Page Not Found when opening a browser window. Firefox does open and that's what I am using right now. Google Groups said to use this HiJack tool to see if the virus/spyware changed anything in my settings. Can you help?
log attached
See the link in Message 2 above, about programs like IE Chrome, MSN, Skype......................... that use the "Internet Connections" settings
And I notice in your latest log how you were using hijackthis as "Hijackthis.exe" which is why with the rogue it doesn't want to run, as the name needs to be changed to like "explorer.exe".
Quads
I've been having trouble with this too and was following this thread.
I couldn't run hijackthis as iexplorer.exe of explorer.exe
i had to renmae it firefox.exe
lasfdjfd wrote:I've been having trouble with this too and was following this thread.
I couldn't run hijackthis as iexplorer.exe of explorer.exe
i had to renmae it firefox.exe
As others on threads and myself have tested "explorer.exe" works, "iexplorer.exe" won't as that is NOT a file name in the OK basket, don't know what that file belongs to LOL
Another file that is OK is "svchost.exe"
On downloading the Hijackthis executable version to your Desktop you rename the executable to the file names that work. The executable version is not the same as the Installer version. The Executable version does not get installed and can run from what ever location you downloaded it to. No installing and not Shortcuts on desktop.
The reason "explorer.exe" works is that the Rogue "Antispyware Soft" family allows the Windows "explorer.exe" to run, so the infected PC has the taskbar and desktop icons etc.
Quads