HijackThis "Does not work", there is no log produced, no scan ability with that program.
I have attached a text file with the programs that "Do work", and have produced logs.
Log includes reports from:
- AntiVir_RootKit (Full report)
- Mbam (Partial log, before death of Mbam)
- RootRepeal (Drivers, Shadow SSDT, SSDT, Process)
- - (Stealth and Hidden logs are empty.)
- Win32kDiag (Full report)
Warnings: None
Errors: None
Actiity: Popups randomly (Subdued by removal of A.exe, B.exe, C.exe, MSC.exe, Monopod, and NordBull.) MSIE 8 is functionally hijacked. Google links go to random ad pages, unrelated to links. Firefox and Chrome do not seem to be hijacked this way. Scanners have all been disabled, due to partial locking of critical files. No warnings, no errors, no ability to detect, no ability to uninstall, no ability to fix with installer, no ability to delete them, no ability to open them. (Not without a hack.)
Observations: Programs disapear (Die) instantly, once they attempt to scan or access "Some file/s", (The virus/malware). The program becomes locked-out due to "Permissions" set to "Everyone", and all other permissions get stripped.
Temporary fixes/hacks: See below for details of work-arounds, which I had to do, to get the programs to run long enough to create a log file. (The other programs did not have the same results with that same hack. They were killed and locked, every time.) Again, without error or notices, they just disapear from the screen.
UPDATE:
"AntiVir Personal" just died when it actively found a file. No info on the file it found, because it died without time to write it down.
Two suspicious files/folders have locked-out Command.exe when I tried to access them. (Command.exe function has been hacked to restore permissions, so it works again.)
C:\WINDOWS\TEMP\Google Tools\Google Tools
C:\WINDOWS\TEMP\_avast4_\_avast4_
Both folders are hidden, and are not actual folders acording to the ATTRIB function. They are "JUNCTIONS" encased in brackets. Permissions denied for delete, and Command.exe dies if I add ADMINISTRATOR permissions to the file. (I have renamed \TEMP\ to \TEMP2\, which has resulted in keeping my system stable enough to operate and post here.)
_____ Original post below, I will not repeat myself. _____
OS: Windows XP Home
MSIE 8 (Hijacked, Java client dies on load.)
Google links (JUMP: redirected) "Actually says JUMP in URL for a moment"
HOST file (Clean)
Google Chrome (Works fine)
FireFox (Works fine)
Running programs: (They still function, just not completely.)
AntiVir Personal (Actively scanning every file READ/WRITE. Demand scan ALL, finds nothing.)
Avast (Active scanning services seem to run, main program dies.)
Win32Diag (Runs fine, have logs)
Gmer (Runs 90%, dies on some scan, not sure which one.)
dds.scr (Extracts to TEMP, runs "Find.exe", files disapear and find.exe goes dormant. No action, no reports.)
Mbam (Dies on "Full scan". Have partial log.)
RootRepeal (Scans all, but dies on "Files". Have other reports. Hidden = no results.)
SUPERAntiSpywar (Runs, only finds cookies and tracking images.)
Antivir_rootkit (Runs, only finds "SecuROM" {NULL} and two other SecuROM listings.)
AVG8 (Died on scan, will retry install if it is requested. Was actively running while infected for weeks. Scanning all files.)
TrendMicro Online (Found four files, died trying to remove them.)
TrendMicro Offline (Died while scanning.)
Prior removals:
msc.exe
a.exe
b.exe
c.exe
Monopod
NordBull
Tried all of the suggestions in the forums, but my limited log ability does not reflect in comparison to the large logs which others are able to provide. I have played with every form of access permissions setting, attempting to let the programs live long enough to produce a log. Seems the LOG is the common killer. The programs that log as they scan, produce a partial file. The programs that wait until they finish, never log a thing, because they never finish.
Logs will not all fit in the post, I need to attach or you have to tell me which ones to post. (You might want to create a program that removes useless info. A simple javascript program can remove unwanted data.)
