1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I really need some help...please??

Discussion in 'Computer Security' started by pengie, Jul 31, 2008.

  1. pengie

    pengie Bit Poster

    29
    1
    3
    Hi everybody,

    Yesterday my Mums desktop pc started acting very odd. Everytime a website address is typed into the address bar it takes me to the google search page which gives me the results for the address i typed in rather than actually taking me to the website....2 error messages also keep popping up...the first message is when the pc is first switched on which says the following..

    Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

    The other message which pops up is...

    16 bit MS-DOS Subsystem
    C:\WINDOWS\System32\SoftwareDistrbution32\mmc.exe
    The NTVDM CPU has encountered an illegal instruction
    CS:0000IP:e467 OP:74 db 3c 45 75
    Choose close to terminate the application


    Just before this started Alot of pop-ups started appearing.
    I have run Norton Internet Security - Full system Scan and it threw up something called WinReanimator but said that it cannot be removed from an unsupported file and so it doesnt give the option to fix or remove.

    Can somebody help...please?!
    Thank you for taking the time to read this.

    From a very worried pengie x
     
  2. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Sounds like some malicious software is on the computer. Try another Antivirus program, my personal opinion is nortons is bollocks and not as good as some free stuff like AVG.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  3. pengie

    pengie Bit Poster

    29
    1
    3
    Thank you for replying...
    This may sound like a silly question but how could I download AVG if I cant get to their website??...even when I get redirected to google I still cant click on any of the links as a pop-up popps up instead.

    Any ideas??

    pengie x
     
  4. Cockles

    Cockles Megabyte Poster

    664
    24
    74
    Could you not download AVG as an executable file on another PC, save it on a flash drive, then install it back on the infected PC, that's what I did with my one (my home PC is not online), then do a scan?

    Failing that, you could do the same with another browser like FireFox, stick it on a flashdrive and again install it on the home PC and see if that too is also bothered by whatever it is.
     
    Certifications: None
    WIP: Trying to find my car keys
  5. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    good ideas there
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  6. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    If you are running XP, you could try System Restore to a previous date and see if this fixes the issues or allows you to download AVG.

    I would also recommend downloading Adaware or Windows Defender as well to remove any 'spyware'.

    Also, go into IE7 and Click Tools > Manage Add Ons & Disable All Addons that are not required. This may mean that you are able to access the Web for download AVG.

    If you are running Vista, again try a System Restore and Click Start > All Programs > Accessories > System Tools > IE7 No Addons

    Please let us know how you get on.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  7. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Just googled the issue and it appears it can be something to do with itunes or quicktime.

    Taken from Tech Guys Forum

    "I can offer you a solution and fix to this one

    I'm willing to guess it is being caused by a program called dit.exe which is installed by some card reader software to allow you to name the drives and for them to have individual icons.

    It runs on startup and is a pretty much useless process.

    Initially you should test to see if it is causing you problems.

    Run msconfig and if it appears in your startup list disable it and restart

    if that solves your problem then delete dit.exe from your windows folder (you can also get rid of dit.dll, dit.ini and ditxp.exe)

    You should now do a registry sweep to get rid of any dit.exe entries

    Hope that fixes the problem for you"
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  8. disarm

    disarm Byte Poster

    150
    3
    24
    Run Spybot on the bitch, and get rid of Norton!
     
  9. pengie

    pengie Bit Poster

    29
    1
    3
    I have got rid of Norton and installed AVG.

    The problem regarding being redirected to google has now stopped but Im still get ALOT of pop-ups appearing and warnings of tracking cookies...any ideas on how to solve this issue??

    ALSO - Do I need a firewall or any other programme now Iv got rid of Norton??

    P.S - Thanks for the help regarding getting rid of norton and using AVG!!
     
  10. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    yes get a firewall. If you are looking for a free firewall look at comodo firewall it's very good but quite advanced. If you are looking for the best security suite (firewall and antivirus and spyware killer) try NOD32 you can get a 30 day free trial at the moment. www.eset.co.uk

    Vist www.trendmicro.com and run the free scan it will scan your computer for spyware, greyware and viruses. It sounds to me like there are still some bad things running in the background which you may have allowed by accident.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  11. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Have you tried a AV scan in safe mode?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  12. pengie

    pengie Bit Poster

    29
    1
    3
    I havent tried an AV scan in safe mode...how would i do that??

    I have also noticed that i keep setting the privacy settings to default and applying them onlt to find that the next time i check them they have set themselves to "accept all cookies"...could this have something to do with why the pc is acting so weird with all the pop-ups??

    GBL - Thanks for the firewall information you have given.

    pengie x
     
  13. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    When you boot or start the computer you get whats called the post screen with all the info on your system, whilst it displays this info press F8 windows will boot into a mode that attempts to protect its settings by only using minimal apps and drivers.

    When windows boots try a scan with your antivirus.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  14. pengie

    pengie Bit Poster

    29
    1
    3
    I have run an AV scan in safe mode but the pc is no different.
    When i turn the pc off and then back on again the AVG resident shield keeps popping up in the bottom right hand corner of the screen telling me that a threat has been removed the threat is...

    File name: C:\WINDOWS\system32\pjuezl.dll
    Threat name: Trojan horse BHO.FCF
    Detected on open.

    I must have had at least 100 of this exact same file name and threat name pop-up on the AVG resident shield in 2-3 minutes.

    Another thing i have noticed is that i cant turn on windows automatic updates...its says its on but i keep getting a balloon in the bottom right had corner of my screen telling me to switch it on...the security/cookie settings are still remaining at "accept all cookies" although i cant sign on to any site and if i do i get booted out if i move to another page on the site...it takes me ages to sign in here even if i tick the box to "remember me".

    I have the windows xp firewall switched on...I have run adaware and spybot s&d.

    What else can i do...nothing i do seems to be making any difference:(

    pengie x
     
  15. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Try running a rootkit scan using Stinger from McAfee or a different one. If there's nothing there then at this point if the anti-virus is not helping you might want to start backing up your stuff and consider doing a reinstallation of windows. Basically deleting the partition, recreating a partition and installing windows.

    Before you wipe out the partition try running "hijack this" and see if there's anything showing up in that app.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  16. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    BHO is a Browser Helper Object. In this case something has got hooked into IE, hence your problems with browsing etc.

    It will probably show up in HijackThis, but knowing which entry to delete is sometimes difficult.

    There is an excellent site at CastleCops that has a procedure to folow, and expert help if that procedure fails to fix the problems.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  17. derkit

    derkit Gigabyte Poster

    1,479
    54
    112
    May also be worth having a look for an application called ComboFix - have used this successfully a couple of times.
     
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293
  18. pengie

    pengie Bit Poster

    29
    1
    3
    Again thank you for your replies.

    I have visited the castlecops procedure like hbroomhall said and ran the hijackthis scan like it said, it then said
    "next step - The control panel - add/remove programs"
    "Temporarliy disable real time monitoring program"

    The thing is I dont know what im supposed to be disabling or how to do it...could anybody tell me so i can finish the rest of the procedure??

    pengie x
     
  19. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    If you click the link it gives expanded info on various things like Adaware, and why you need to do this.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  20. pengie

    pengie Bit Poster

    29
    1
    3
    While following the castlecops procedure the pc has begun to keep restarting itself so i cant actually scan the pc with superantispyware...Im just lost now, I have no idea what to do other than what was said earlier about deleting and recreating a partition but how would i go about doing that??
     

Share This Page

Loading...