Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hijacked Computer

Unread postby imrjeffrey » December 10th, 2011, 9:55 am

SystemLook 30.07.11 by jpshortstuff
Log created at 05:49 on 10/12/2011 by Jeffrey
Administrator - Elevation successful

========== filefind ==========

Searching for "Replacefile.bat"
C:\Users\Jeffrey\Documents\Replacefile.bat --a---- 204 bytes [04:33 08/12/2011] [05:37 10/12/2011] 6EFD2F1FF257E4D4A6677732E1465917

Searching for "Replace*.*"
C:\Users\Jeffrey\Documents\Replacefile.bat --a---- 204 bytes [04:33 08/12/2011] [05:37 10/12/2011] 6EFD2F1FF257E4D4A6677732E1465917
C:\Windows\System32\replace.exe --a---- 16896 bytes [08:32 02/11/2006] [09:45 02/11/2006] 087CA00C620CFEFABEF53C38347C53A4
C:\Windows\System32\en-US\replace.exe.mui --a---- 2560 bytes [12:41 02/11/2006] [12:41 02/11/2006] B83BA3EAD0A15358F77AE838273128F5
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\replace.exe --a---- 16896 bytes [08:32 02/11/2006] [09:45 02/11/2006] 087CA00C620CFEFABEF53C38347C53A4
C:\Windows\winsxs\x86_microsoft-windows-m..utilities.resources_31bf3856ad364e35_6.0.6000.16386_en-us_83499576f6b96134\replace.exe.mui --a---- 2560 bytes [12:41 02/11/2006] [12:41 02/11/2006] B83BA3EAD0A15358F77AE838273128F5

-= EOF =-
imrjeffrey
Regular Member
 
Posts: 34
Joined: February 3rd, 2011, 2:05 am
Advertisement
Register to Remove

Re: Hijacked Computer

Unread postby Gary R » December 10th, 2011, 11:17 am

Looks like you saved the Replacefile.bat file to your Documents folder.

If you open your Documents folder, then click Start > Computer > C:\, so that both folders are open at the same time, you should be able to drag and drop the Replace.bat file into the C:\ folder.

Once you've done that .....

Check that Replacefile.bat is actually in the C:\ folder, and if it is ....

Reboot into Recovery console.

  • Restart your computer and as it reboots, press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select Command Prompt
    • A Command Window will open with the cursor flashing next to X:\Windows\System32>
    • Type C: and hit Enter
    • The cursor should now be flashing beside C:\>
    • Type Replacefile.bat into the Command Window
    • You should get a 1 file copied reply in the Command Window.
    • Type Exit into the Command Window then hit Enter to re-boot your computer into Normal Mode.

If all has gone successfully then please run a scan with E-Set online scanner ....

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Any problems following any of the instructions above, please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hijacked Computer

Unread postby imrjeffrey » December 10th, 2011, 1:59 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
imrjeffrey
Regular Member
 
Posts: 34
Joined: February 3rd, 2011, 2:05 am

Re: Hijacked Computer

Unread postby Gary R » December 10th, 2011, 7:05 pm

Do I take it that the E-Set scanner didn't find any infected files on your computer ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hijacked Computer

Unread postby imrjeffrey » December 11th, 2011, 7:43 pm

Dear Gary,
Kay Annette and I would like to thank you profusely for helping us with this problem. As you know, computers can be quite challenging. We do appreciate your spending your time and your expertise in this manner. Please say hi to The Queen and her family for us. Just kidding;-). Happy Holidays to You and Yours from across The Pond. Jeff and Kay Annette
imrjeffrey
Regular Member
 
Posts: 34
Joined: February 3rd, 2011, 2:05 am

Re: Hijacked Computer

Unread postby Gary R » December 12th, 2011, 3:49 am

You're welcome, I was glad to help. :)

Since everything seems to be accounted for now, it's time to do a little housekeeping to safely remove the tools we've been using to clean your computer.

First

Lets clear out Combofix and any files and folders it created.


Delete CF_Uninst.exe when finished.

Next

Let's clear out OTL and the files and folders it created. This will also remove SystemLook.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

As far as Malwarebytes Anti-Malware is concerned ....

Malwarebytes' Anti-Malware is Freeware, so you can keep or remove it as you wish. Personally I think its one of the better Anti-Spyware scanners around at the moment. However if you wish to remove it, use Control Panel > Programs > Uninstall a program

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

You asked me some questions earlier about security .....

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If you have any questions after reading it please feel free to ask me, I'll leave this topic open for a couple of days to allow you time to reply.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hijacked Computer

Unread postby imrjeffrey » December 14th, 2011, 1:55 am

Dear Gary,
The only other problem we have is that when we start up the computer, we get this error message. This was happening even before the computer was infected and it only happens when we first start up the computer. It's one of those little annoyances, so if you can't help us we'll understand. We were able to run the remove programs and it looks like they are gone. Thanks again, Jeff & Kay Annette

Script Error
Line 30
Char 3
Error Error in loading DLL
Code 0
URL file:///C:/Program%20Files/Dell%20Support%20Center/sscommon/common/inc/ss_shellinclude.js

This always ask me if I want to proceed, Yes or No, and I always answer Yes.
imrjeffrey
Regular Member
 
Posts: 34
Joined: February 3rd, 2011, 2:05 am

Re: Hijacked Computer

Unread postby Gary R » December 14th, 2011, 2:53 am

From what I've been able to find out, that message is appearing due to a recent Dell Support Center update.

  • Uninstall Support Center using Start > Control Panel > Programs > Uninstall a program.
  • Reboot your coputer.
  • Reinstall a new copy of Support Center. The Support Center downloads are HERE for both the 32 and 64-bit Windows versions.

If you don't use Support Center you can just uninstall it and not bother to reinstall a new copy.

Let me know if this works for you.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hijacked Computer

Unread postby Gary R » December 17th, 2011, 12:35 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware