badly infected

  paul 20:56 17 Nov 2008
Locked

I have been asked to help clean a wndows XP machine that has the ' about blank' problem.....also AVG will not update and I am being stopped from visiting some malware sites.....please can someone help

  peter99co 21:02 17 Nov 2008

I think this is also referred to as a Homepage Highjack.

  Halmer 21:04 17 Nov 2008
  Halmer 21:05 17 Nov 2008
  hiwatt 21:55 17 Nov 2008

Can you get into safe mode(by continuously tapping f8 at boot up)and choose safe mode with networking and try an online scan with click here also see if you can download and run malwarebytes click here and see how you get on.

  paul 23:26 17 Nov 2008

right - bit of an update CW shredder was clear...

The antivirus Clam win shows several infections shown below......and I'm now going to work on Hiwatt's suggestions

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f: Permission denied
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D413599.exe: Trojan.OnlineGames-1517 FOUND
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7591542F.htm: Trojan.Downloader-4132 FOUND
C:\Documents and Settings\paul\Local Settings\Temp\nsh97.tmp: Permission denied
C:\Documents and Settings\paul\Local Settings\Temp\~DF7B47.tmp: Permission denied
C:\Documents and Settings\paul\Local Settings\Temp\~DF7B8C.tmp: Permission denied
C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\Content.IE5\FS3KHTQI\_freescan[2].htm: Adware.Fakealert-560 FOUND
C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\Content.IE5\HCOWM3OW\xp[2].htm: Adware.Fakealert-564 FOUND
C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\Content.IE5\PGNVD8M7\xp[1].htm: Adware.Fakealert-564 FOUND
C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\Content.IE5\XYBNH84Z\SmitfraudFix[1].exe: Trojan.Killproc-1 FOUND
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\Installer\377d2ef.msp: [\]

  DieSse 23:38 17 Nov 2008

From your list

Delete the temporary Internet Files cache by running Disk Cleanup.

Permission denied reports are locked items that cannot be scanned - not viruses.

Finding a virus in another virus programs quarantine folder is infantile - it should know that quarantined items are by definition going to be viruses.

That leaves only the last item on the list suspicious. Try deleting it.

  paul 23:54 17 Nov 2008

done as Diesse suggests.....

also tried the links hiwatt suggests and no joy - something called antivirus 2009 is diverting my pages

  hiwatt 00:34 18 Nov 2008

Here's some info on how to remove antivirus 2009 click here

  hiwatt 00:38 18 Nov 2008

Actually don't download spyhunter.Have a look here click here

  lotvic 00:41 18 Nov 2008

PCAdvisor how to remove antivirus 2009 click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

Interview: Camille Walala on her giant 3D installation inspired by childhood funfair visits

Best iPad buying guide 2017

Où regarder le British Open 2017 ?