|
|
|
re: System hijacked by malware?
Friday, April 11, 2008 at 11:17 am
Windows XP Annoyances Discussion Forum
Posted by cc
(11 messages posted)
Possibly a root kit; have you tried root-kit removal?
On Friday, April 11, 2008 at 7:50 am, Gill wrote:
>I'm listing the symptoms here, as I don't have a clue what's causing this.
>
>1. On Monday I was surfing in Firefox when the desktop just crashed (this almost
>never happened in firefox but usually in IE after long surf sessions). Explorer.exe
>failed to revive it, I had to navigate using Ctrl+Alt+Del for a while, but then
I
>decided to reboot to restore the desktop.
>
>2. On reboot, I clicked on stuff and they just won't respond, for instance the internet
>login link would not open, clicking on Start, the button would just look depressed
>without actually opening the Start menu.
>
>3. I rebooted in Safe mode and things worked fine, I tried ccleaner, spybot (results
>were clean), stinger (clean), SDfix, Combofix. Nothing made a normal startup work
>as normal.
>
>4. Finally thought of System Restore -- restored to last Thursday (April 3), things
>went back to normal.
>
>(Things stayed normal for 2 days)
>
>5. Wednesday, was surfing again, opening explorer windows began to look buggy again
>in that the whole menus would not display right, so I rebooted.
>
>6. Same symptoms as (2) above, so I rebooted in Safe mode.
>
>7. In Safe mode, Combofix failed to initialize, used SDfix until it asked for restart,
>restarted but the log failed to show up as the desktop totally hanged midway.
>
>8. Back in Safe Mode again, tried to look for a System Restore point, there was
none!
>I thought they are only deleted after 90 days?
>
>9. Still in safe mode, tried running Spybot again, the screensaver kept starting
>after 1 minute, I right clicked on desktop to set it to 15 minutes, it just set
itself
>to 1 minute again (malware?). Spybot showed a clean result.
>
>10. Rebooted normally, hanged a few times when opening a folder, clicking on the
>manual internet login link or even right click desktop (will not show desktop settings
>menu).
>
>11. Reconfigured router to auto-login mode to bypass the manual login desktop link,
>managed to connect to internet.
>
>12. Tried to make a HijackThis log, failed on two reboots, each time it shows:
>
>"This action cannot be completed becasue the other application is busy. Choose "Switch
>To" to activate the busy application and correct the problem"
>
>It just stayed that way with the error message, I clicked Switch To and Retry without
>success.
>
>Strangely, the Windows Task Manager's performance tab did not show a high CPU or
>PF usage,
>
>13. I used ccleaner's registry cleaner in Safe Mode, there's a bunch of stuff related
>to Real player, so I deleted them all and uninstalled realplayer.
>
>- combofix could run again
>- ran SdFix but the log that appeared on a normal boot can't be saved as it hanged
>when I chose"Save as.." but I saw the words "Trojan Found.." in the log.
>-A Spybot scan showed nothing
>
>(all the above were done while in Safe Mode)
>
>I'm now in Safe Mode, I can't navigate in normal mode as the system will hang upon
>opening anything.
>
|
All messages in this thread [show all]
 |  | re: System hijacked by malware? (cc: Fri, Apr 11, 2008, 11:17 am) |
| |
| |
Return to the Windows XP Discussion Forum
|
|
|
|
