Can not enter User name and password on web form such as Hotmail

Discussion in 'Virus Information' started by Jan Il, Apr 24, 2005.

  1. Jan Il

    Jan Il Guest

    Hi vic :)

    It would appear that there is a hijacker or malware on the system. In
    addition to updating and running your AV, download, install and run the
    programs below in Safe Mode with Hidden Files enabled. This will remove
    the nasty you have and any others it may have let in the back door. Some
    malware can replicate itself repeatedly if not removed properly, so even if
    you have already run some programs, run them again according to the
    information below. Follow all instructions carefully:

    First, Clear the TIF's and empty the recycle bin:

    If so, then do the following:

    WARNING>>>> Backup all documents and files before removing any spyware!!

    How to properly scan for scumware (read first, if possible)

    Download and install BHODemon from
    Your problem may be caused by a bad BHO.

    Most importantly, download install and run CWShredder here
    and About Buster, which searches for hidden .dlls that recreate the malware.
    Then visit these two sites to test for parasites and help basic cleaning:
    On-Line Check
    Quick-Fix Protocol.
    Basically, throw everything here at your "infection".

    Then download, install and immediately update these three programs before
    AdAware SE - Update immediately after installing
    AdAware Tutorial -
    SpyBot S &D - Update immediately after installing
    SpyBot S&D Tutorial -
    Microsoft Windows Antispyware Program (Beta)

    Also download, install and run CWShredder:

    Next, do an Online scan here (if possible) -
    Make sure that you choose "fix" or "clean".

    Download PocketKkillbox from
    and put it on the desktop where you can find it easily

    Download, install, and run HiJackThis - it is one of the most important
    tools to help clean your system of scumware. Follow the instructions

    How to download and install HiJackThis: (it does not need to be updated)

    Please DO NOT post your log to this newsgroup. It is important that you go
    to one of the HiJackThis Support Forums below and allow the experts there
    to analyze it for you.
    AumHa HiJackThis Forum
    or Bleeping Computer Forum
    to allow the experts there to evaluate your log and advise you of any
    necessary steps to clean your system.
    (Note: You will have to Register before posting on these Forums. Please
    follow all posting instructions carefully to avoid having your log deleted
    or ignored.)

    Also, please post a link to the forum where you post your HJT log back to
    this thread so that we can follow your progress there.

    CAUTION!!!!! Before you try to remove spyware using any of the programs
    below, download a copy of LSPFIX from any of the following sites:
    (if your OS is Win2k or XP) The process of removing certain malware may kill
    your internet connection. If this should occur, this program, LSPFIX, will
    enable you to regain your connection.

    You should also get a copy of WINSOCKXPFIX available at:
    WinsockXP Fix- WinXP
    with instructions, at
    also... From LavaSoft- all versions of Windows-
    (NOTE: It is reported that in XP SP2, the command netsh winsock reset
    will fix this problem without the need for these programs.)
    or Winsock Fix Utility

    How to Restart in Safe Mode

    How to Show Hidden Files

    If you cannot access the Internet to download the necessary removal tools
    above, then download them to another machine, copy to floppy's if possible,
    or burn to a CD, and then copy to the affected machine and install from

    Hope this helps :)

    Jan :)
    MS MVP - IE/OE
    Smiles are meant to be shared,
    that's why they're so contagious.

    Replies are posted only to the newsgroup for the benefit or other readers.
    How to make a good newsgroup post:

    Jan Il, Apr 24, 2005
    1. Advertisements

  2. Jan Il

    Guest Guest

    Recently one of the non privilege accounts on a XP SP2 Home workstation run
    into a problem. The user can not enter his user name and password on
    hotmail and other forums that required user id and password. He can not get
    the mouse to focus on neither the user id box or the password box. Left
    mouse click did not get the focus. Right mouse get the focus if you hold
    the button down but will loose it when you release it. This only happen to
    one of the non privilege account. The machine is now disconnected to the
    network. When logon to administrator level accounts, spybot dectected
    attempts to change registry value of {EFA24E64-B078-11D0-89E4-00C04FC9E26E}.
    McAffe Virus Scan, AD WARE Personal, Spybot and HyjackPro did not detect
    anything. It is very easy just to rebuild the box. But I would like find
    out what it is? Can you help?

    Guest, Apr 24, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.