Trojans veto spyware removal

[rio143]

Hi,

I just found that my browser was hijacked because I was suddenly directed to sites other
than the ones I had typed in my browser or clicked on while doing a search.

I ran a SuperAntispyware check and after running one minute it disappeared completely. I found it again and reopened it and tried to do a scan again an a box popped up that said "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I unstalled and reinstalled the program and the same thing happened.

I switched to Spybot Search and Destroy and ran the program. Thinking that it too might disappear, when two trojans and one rogue showed up in the scan I clicked on "next" and it quarantined and removed them asking me to reboot the computer. I did but when I went
back to this program thinking that I would run the full program now that the major offenders had been removed, it did the same thing. It disappeared within a minute of running the scan. I found the program again and reopened it and this
time it said the same thing as the SuperAntispyware check "You may not have the appropriate permissions to access the item."

I switched to CCleaner and started to run it. It ran for less than one minute and disappeared completely. I, like the other two programs, found it again and went to reopen it and run it and it did the same thing and the above two.

There is something besides the two trojans and one rogue that is still on my computer and it is still hijacking my browser and preventing me from running any spyware/malware scans. I only removed and reinstalled the SuperAntispyware program I had thinking that a reinstallation would solve the problem but it didn't.

Any help as to what I can do about this would be much appreciated. Thanks.

[Canuck]

Our spyware fighters are really busy these days, not only here on our site, but they have other commitments that come before volunteering here at Help2Go.

Two things that may help you, 1) I see you've tried some of the programs, but go through the list of programs here to see if any will help. 2) Have you tried running the programs in Safe Mode .. this may work.

In the meantime, your patience is appreciated.

[rio143]

Have you tried running the programs in Safe Mode .. this may work.

Thank you, Canuck, for your reply. I tried your suggestion and the same thing happened. It said I didn't have permission to access the item. It is now saying that for all of my spyware
programs.

I noticed that in reinstalling the Spybot Search & Destroy program that , at one point, it indicated that it had a problem with file C:\ProgramFiles\Spybot=Search&Destroy\SpybotSD.exe . I clicked on " Retry" numerous times and it wouldn't process so I clicked on "Ignore" and it continued with the installation. However when I tried to run program it said " C:\ProgramFiles\Spybot=Search&Destroy\SpybotSD.exe Access denied. Create Process failed. Code 5. unable to execute that file" so clicking on "Ignore" had created a problem with that file which is probably the reason why I kept getting the message that I didn't have permission to access the file whenever I tried to run that program.

I don't know about the other spyware programs I tried to run. They just say I don't have permission to access the file and I can't run them. My browser is still being hijacked.

[rio143]

I tried to post a Hijack This logfile. Half-way through a box popped up that said:

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HiJackThis may NOT be able to fix this. If this happens you need to edit the file yourself. Click Start, Run and type in 'notepad C:\Windows\System32\drivers\etc\hosts' and press Enter. Find the line(s) HijackThis reports and delete them. Save the files as "hosts"(with quotes) and reboot."

When I did that it said

"this is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names."

and what followed was approx 500 IP addresses to host names. I'm not proceeding further
because the next step says to delete.

So, as it stands now, I cannot submit a logfile because, for some reason, I'm denied access to do so.

[Canuck]

Create a new Restore point and then download Windows Install Cleanup utility and delete all the utility programs that aren`t working. Reboot and download a new copy of HJT and see if it works. Keep us posted.

[rio143]

Create a new Restore point and then download Windows Install Cleanup utility and delete all the utility programs that aren`t working. Reboot and download a new copy of HJT and see if it works. Keep us posted.

Thank you, Canuck. I tried it but it didn't work. Since yesterday I've tried several other
spyware scan programs. I have to because everytime one runs for several minutes whatever it is recognizes that something is running to wipe it out and it will suddenly delete the whole scan. Sometimes it will shut down the whole computer -not suddenly- but
as though I was turning the computer off....Windows is shutting down,etc.

I tried one spyware scan that Spybot Search & Destroy recommended because when I
was uninstalling and reinstalling their program they asked why. I said why and they said to try this spyware scan. When I did, before I ever scanned, it said " Found-system modification caused by ROOTKIT activity." I started the scan and within minutes it showed up about 12 globalroot\Device\_hidden. The program went on longer than several minutes, however, and whatever it is noted that and shut down my computer.

I'm just surmising here but I think what I need may be an anti-spyware program that will scan within several minutes or less I had a program that did that but it didn't recognize whatever it is because it could have been in a hidden file.

[JohnB151]

Hi and welcome to the Help2Go forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

These rules are good for you to know:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me how long it will take so the topic will not be closed.

These rules are to make my voluntary work more comfortable:

• Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• Please reply to this thread. Do not start a new topic.
• Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.

One last very important thing for people with Vista: When I tell you to run a tool or program always right-click and choose 'Run as Administrator' instead of just double-clicking the icon.

Finally, please let me know how your computer is running at the moment.

Regards,
John.

[JohnB151]

Due to inactivity I have now closed this topic.

If at any time after this post you still need help or need help again please start a new topic.