Re: Holy cow have I been hijacked

On Sat, 23 May 2009 03:24:08 +0530, scabble
<scabble.3slz3c@xxxxxxxxxxxxx> wrote:


To start, I was surfing using Firefox and I got a ton of alerts asking
"Do you want to make Explorer your default browser?" then a grey shield
appeared in my tray and an AV scan appeared to start. I am sorry but I
don't recall the name because I immediately killed it and all the
associated tasks and processes with task manager then ran a sweep with
Spysweeper. (I *think* it was "AV something 2008"). Obviously I didn't
get it all.

Since then, my browser is hosed- search engines are hijacked, leading
me to all sorts of sites I don't want. If I try to go to the sites of
any (reputable) AV software I get page load errors and address not found
messages. Even if I can get to the site I get page not found errors when
I click any links for download of the software. I have the Spysweeper
with Antivirus loaded, and it will run a sweep but it won't update. I
thought it was a simple hosts redirection so I renamed my HOSTS file to
HOSTS.bak and still see the same problems.

Worst of all, somehow my ability to do a system restore has been
compromised. I can launch the utility, but after selecting a restore
point the "next" arrow is unresponsive.

I was able to run smitfraudfix.exe and it seemed to locate several
items but it didn't help (if anything it hosed things up more.)
Spysweeper also found several items but quarantine then deletion seems
to have no effect overall on the system.)

I have tried to use:
Malwarebytes (site won't load, and after finding the installer
elsewhere the app won't run)
Superantispyware (download link not found, after getting the installer
elsewhere the app won't run- gives error)
Spybot s&d (won't install- server name or address could not be
resolved)
Windows Spyware Removal tool (error says not a valid system32
application)
AVG (error says not a valid system32 application)

I tried to load Malwarebytes and Superantispyware onto a thumb drive
but they wouldn't run, and I tried both in safe mode, too.

Is there a fix? This is the second time this has happened to me in a
month and this is a fresh install of WIndows- last time I got so
frustrated I wiped the HD and started from scratch. I DO NOT want to do
this again if it can be avoided.

Help?

Help?

The solution is to get a program such as Acronis True Image. It images
you entire hd, system files and all. I cannot tell you how many times
this program has saved my ***. Just make damn sure you undate
incrementally, just in case you do get something on your disk that you
weren't aware of and saved it to a True Image backup. With incremental
backups, you can choose one before the SHTF.

You also better get MBM plus a REALLY good AV like AVIRA, AVAST, or
Kasperky BEFORE you get hit again.

Get the HOST file at mvps and keep it updated.
http://www.mvps.org/winhelp2002/hosts.htm

Oh, yeah...there is a thing called Safe Hex. You better start practicing
it and paying attention to where you go and what you download on the Web
or Usenet.

I use AVAST, MBM, SuperAntiSpyware and Trojan Remover - all of them are
the paid versions. Since I wised up some years back, I haven't had a
single AV event. I have downloaded a bummer here or there, but my
resident programs caught them and saved my ***.

- End of Sermon :o)
.