kevin from Chi-town

New Member
Joined
Jan 11, 2009
Messages
714
This came from part of a HiJackThis log....

Hosts- 74.XXX.40.xxx paybillsnow.com (this is not the address, I will not give real link because it hyperlinks directly to infection)
(There are multiple addresses linking to these browser HiJacks, I'm only showing one)

This seem to be some sort of browser Hijack...but I can't figure out what in the registry was attacked. The infected PC had 784 pieces of malware and trojans, most of them as were .exe's. I believe this was 1 or 2 viruses that were executed which led to the PC to be bombed. Those were successfully removed. What you see above are the remnants of the bug, and nothing I've tried will kill these browser hijacks. These don't pop up in Autoruns, so I can't find the in the registry, CWShredder doesn't see them, HijackThis sees them but can't remove them, Spybot, or Lavasofts Adaware have been of no use either. I've also run a rootkit scan to no avail.
Any thoughts???
 
Last edited:
Solution
I found it....

Its another bogus spyware remover, that is actually malware itself. Symantec calls it VirusDoctor. Its crapware that infects everything it touches. I'm giving another half an hour before I suggest wiping it. Thank for your input boys...
I'm sorry, I ran malwarebytes, thats what got the 784...now I'm just stuck with the browser hijacks. I'd be really ticked if this were my PC but its not. Unfortunatly, I have a friend who allows his young kids to play on his PC.
 
I found it....

Its another bogus spyware remover, that is actually malware itself. Symantec calls it VirusDoctor. Its crapware that infects everything it touches. I'm giving another half an hour before I suggest wiping it. Thank for your input boys...
 
Solution
well I usually recommend the kids (ages 4-10) have thier own pcs due to the infectious games that are targeted at kids. He found out the hard way.....its getting wiped.