Re: Webtracer - SEVERE malware problem

From: John Murray (john_at_MurrayComputing.com)
Date: 08/22/05

  • Next message: Kim K: "Permissions question" 
    Date: Mon, 22 Aug 2005 14:52:20 -0700

    Robear -- thanks for the offer, but we've wiped it clean and rebuilt
    everything. This is a very challenging problem, no one seems to know how to
    fix it. I think a key to understanding what happens is that in msconfig,
    the Startup, System.ini and Win.ini tabs are all completely blank, even
    though the *.ini files are intact in the Windows folder...go figure.

    Thanks again, Robear; hope someone eventually finds the answer to this one!
    John
    <<>>

    "PA Bear" <PABearMVP@gmail.com> wrote in message
    news:ei4mrhSpFHA.1968@TK2MSFTNGP14.phx.gbl...
    > It's Robear, please. <wink>
    >
    > If you'll cite the URLs for the forums where you've posted your log, one
    > or more of us may be able to help with interpretation and removal of your
    > hijackers.
    >
    > Also see http://castlecops.com/postp321283.html
    > --
    > ~Robear Dyer (PA Bear)
    > MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
    >
    >
    > John Murray wrote:
    >> Hello Robert -
    >>
    >> Thanks for the reply; the HijackThis program we are using does allow us
    >> to
    >> designate items for removal and then cleans those items, such as home
    >> page
    >> url settings and etc. -- that's always what I've done with that program.
    >> We have already uploaded the HijackThis listing to a number of places
    >> with no positive results.
    >>
    >> The reason I posted here was in hopes of finding someone who has actually
    >> had experience with Webtracer, NOT "expert analysis" -- have you ever
    >> seen this problem? The forums you mention in your reply all have a
    >> number of entries for Webtracer with absolutely no solution. We've been
    >> at this for days now, hopefully this thread will provide some help.
    >>
    >> Thanks again,
    >> John
    >> <<>>
    >>
    >> "PA Bear" <PABearMVP@gmail.com> wrote in message
    >> news:e2vCRfsoFHA.2156@TK2MSFTNGP14.phx.gbl...
    >> > HijackThis, on it's own, doesn't clean anything.
    >> >
    >> > When all else fails, HijackThis v1.99.1
    >> > (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
    >> > use. It will help you to both identify and remove any
    >> > hijackware/spyware. **Post your log to http://forums.spywareinfo.com/,
    >> > http://castlecops.com/forum67.html or
    >> > http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
    >> >
    >> > --
    >> > ~Robear Dyer (PA Bear)
    >> > MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
    >> >
    >> >
    >> > John Murray wrote:
    >> > > Hello to All -
    >> > >
    >> > > Helping a friend with his Windows XP SP2 PC.
    >> > >
    >> > > Browser is hijacked, porn sites added to fav's,
    >> > > we have not found any solution to fix this problem.
    >> > >
    >> > > Some of the imposed home-page sites and keywords:
    >> > > utruuh
    >> > > globe-finder
    >> > > webtracer
    >> > > ...others
    >> > >
    >> > > Mostly .cc some .ru often /Bayzm
    >> > >
    >> > > HijackThis finds the urls and cleans them, but
    >> > > as soon as they are cleaned they return, with or
    >> > > without reboot, and again become the home page.
    >> > >
    >> > > Many, many hours of searching online on the various
    >> > > terms above and following any steps to clean the
    >> > > problem(s) that make sense. No one claims to have
    >> > > the answer, none of the fixes appear to persist.
    >> > >
    >> > > We have used every good program we know to
    >> > > clean my friend's PC, plus all updates, plus antivirus
    >> > > scans, tons of registry cleaning, etc. Nothing works!
    >> > >
    >> > > Adaware, Spybot, MS AntiSpyware beta, AVG
    >> > > antivirus, Norton antivirus, CWShredder, Trend Micro
    >> > > Spyware Scanner, others, and lots of manual cleaning.
    >> > >
    >> > > Safe Mode, Normal Mode, Command Prompt, none
    >> > > of the modes appear to make any difference.
    >> > >
    >> > > One of the "strange" things I noticed with this problem
    >> > > is that when I run msconfig there is NOTHING in the
    >> > > Startup listing, nothing at all. No checkboxes, nothing!
    >> > >
    >> > > What we are doing now is leaving the machine turned on;
    >> > > the problem seems to completely regenerate at reboot and
    >> > > we have cleaned just enough to be semi-functional online.
    >> > >
    >> > > We can format and reinstall, but without knowing if
    >> > > his data is infected we would rather clean than rebuild to
    >> > > keep from losing his files.
    >> > >
    >> > > Any and all help will be greatly appreciated, Thanks.
    >> > > John
    >> > > <<>>
    >

  • Next message: Kim K: "Permissions question"
    • Quantcast