Major PITA computer problem - Chicagoland Sportbikes
Chicagoland Sportbikes
Open Forum This forum is for all off-topic discussion.

LinkBack Thread Tools Display Modes
post #1 of 4 (permalink) Old 02-11-2005, 10:49 PM Thread Starter
Join Date: Jul 2002
Posts: 646
Major PITA computer problem

Okay, I work for a small company around 30 full timers, 30 temps.. We don't have a dedicated IT department, so myself and the accountant take care of it. I don't consider myself an IT professional, just a average power user I guess. We are on a 2000 network, mix of 2000 and xp workstations.

Anyway, we have got one XP pro machine (system restore disabled) that has picked up a browser hijack and adware program that I just can't shake. It allows MSN to be opened but no other website will come up if typed into the address bar - but you can type in addresses in the MSN search bar, then click the provided links to get around The ads popping up are usually for Spyware blockers, Anitvirus and shit like that. Yeah, great idea.. give money to the monkeyfuckers that messed up your machine in the first place. It also pops up a search window any time you type somthing in MSN search.. as if it tries to answer your request, but nothing is relavant to your search. It also puts porn links and other random garbage links into your favorites listing.

We use server based Trend Micro office scan anti-virus, which works pretty well and updates on the fly regularly. The Anit-virus notices right away when you open IE that there is a virus or adware program attached, but it says that it cannot clean or quaranteen the file - and to read about how to remove it on the trend website. Well, the website says just to be updated and delete all the infected files that a full system scan finds (DUH!). Problem is that when doing a full system scan, trend finds nothing! Then as soon as you open the browser, it pops up again. The file names infected had changed a few times but were always located in the system32 directory and were dll files. I went in and specifically looked for the files it listed as infected and they were not visible! All settings for view all files, do not hide system files ect. are set to show everything.

I read about the prog online and apparently there are many versions. The one I have did not have any of the registry entries or files that were noted online on any of the boards I read on how to manually remove it.

I have run a up to date version of Ad-aware, Spybot SD and Hijack this... all of them found things that they didn't like.. many things linked to broswer hijacks.. All the progs said that they removed all bad files.. none of them really did a damn thing though. The shit is still there. I did go through and clean out all the temp files and all the temp internet files..

I called Trend Micro for support and as far as they got me was to boot in safe mode and install a 2.5mb stand alone virus scan utility off thier website.. The lady told me, okay - so I expect you call back when scanning finished. I said okay.. let it scan and tried to call back after it found nothing at all, but whadda know.. they closed about 40 minutes ago. Thanks a bunch Trend!

By now, after going through multiple scans for spyware and the like, and deleting lots of the junk - the machine has become unstable. Anytime you try to open windows explorer, control panel or just about anything, stupid mf'in drwtsn32 crashes and nothing opens. You can still get around in safe mode, but regular mode is as good as useless. And the fucking browser pop ups are still going strong while Dr. watson crashes everything else.

sheesh, I think I did everything - but I couldn't win. I feel kinda bad, since I stayed a little over 4 hours late working on this thing trying to get it fixed so monday morning will be smooth, and got nowhere. I like taking the OT, but I really wish I could have resolved the problem. Like I am getting paid for doing nothing. But I have tried all that I can think of.

Trend calls it HTML_winshow.AK but I believe that the one I have might be a different variant. Or newer, pumped up version. The bastard just WILL NOT GO AWAY!

What do I have to do aside from formatting the machine? Monday is gonna suck guys, I feel the shit attitutes coming already.
Mike is offline  
Sponsored Links
post #2 of 4 (permalink) Old 02-12-2005, 12:05 AM
Join Date: Feb 2004
Posts: 86
well what you are going to have to do is first find out what DLL and other associated files with it, go into the windows registry delete the file. that is what i like about norton it actually tells you where to look for it in the registry. I deleted all of mine out of my registry and didnt have to reformat. and now i havent had any infections for probly about 6 months.
AndyRed98R/T is offline  
post #3 of 4 (permalink) Old 02-12-2005, 04:00 AM
stuck in 6th gear
Ernie's Avatar
Join Date: Apr 2002
Location: Palatine
Posts: 7,632
Location: Palatine
Sportbike: '99 SV650, GSX-R1K2, CRF230F5, '08 HM-S
Years Riding: not enough lately *(&%# work...
How you found us: LBK back in the day
Ernie is offline  
post #4 of 4 (permalink) Old 02-12-2005, 11:11 AM
Registered User
BusaDave's Avatar
Join Date: Apr 2002
Location: Naperville
Posts: 5,002
Location: Naperville
Sportbike: 2002 Turbo Hayabusa
Years Riding: Lost Track
How you found us: Tony
Sounds like you have a program running that is putting the hijack back. Check your registry entries to make sure you expect everything that is being started:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\Curre ntVersion\Run and RunOnce

Check the task manager for any stange tasks running that could be restoring what you delete (including putting registry links back). Sometimes doing this stuff in Safe Mode is required if there are multiple tasks that watch over each other.

BusaDave is offline  

Quick Reply

Register Now

In order to be able to post messages on the Chicagoland Sportbikes forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Please enter a password for your user account. Note that passwords are case-sensitive.


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:


Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

For the best viewing experience please update your browser to Google Chrome