Can not enter User name and password on web form such as Hotmail

Discussion in 'Virus Information' started by Jan Il, Apr 24, 2005.

  1. Jan Il

    Jan Il Guest

    Hi vic :)

    It would appear that there is a hijacker or malware on the system. In
    addition to updating and running your AV, download, install and run the
    programs below in Safe Mode with Hidden Files enabled. This will remove
    the nasty you have and any others it may have let in the back door. Some
    malware can replicate itself repeatedly if not removed properly, so even if
    you have already run some programs, run them again according to the
    information below. Follow all instructions carefully:

    First, Clear the TIF's and empty the recycle bin:
    http://www.mvps.org/winhelp2002/delcache.htm

    If so, then do the following:

    WARNING>>>> Backup all documents and files before removing any spyware!!

    How to properly scan for scumware (read first, if possible)
    http://aumha.org/forum/viewtopic.php?t=5878

    Download and install BHODemon from
    http://www.definitivesolutions.com/bhodemon.htm
    Your problem may be caused by a bad BHO.

    Most importantly, download install and run CWShredder here
    http://www.majorgeeks.com/download3019.html
    and About Buster, which searches for hidden .dlls that recreate the malware.
    http://www.majorgeeks.com/download4289.html
    Then visit these two sites to test for parasites and help basic cleaning:
    On-Line Check
    http://aumha.org/a/noads.htm
    and
    Quick-Fix Protocol.
    http://aumha.org/a/quickfix.php
    Basically, throw everything here at your "infection".

    Then download, install and immediately update these three programs before
    running:
    AdAware SE - Update immediately after installing
    http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
    AdAware Tutorial -
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=48
    SpyBot S &D - Update immediately after installing
    http://www.majorgeeks.com/download2471.html
    SpyBot S&D Tutorial -
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=43
    Microsoft Windows Antispyware Program (Beta)
    http://www.microsoft.com/athome/security/spyware/software/default.mspx

    Also download, install and run CWShredder:
    http://www.majorgeeks.com/downloadget.php?id=3019&file=11&evp=9e0433de9f8fd8e137fd6b3ff02edc90

    Next, do an Online scan here (if possible) -
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    Make sure that you choose "fix" or "clean".

    Download PocketKkillbox from
    http://www.thespykiller.co.uk/files/killbox.exe
    and put it on the desktop where you can find it easily

    Download, install, and run HiJackThis - it is one of the most important
    tools to help clean your system of scumware. Follow the instructions
    carefully:

    How to download and install HiJackThis: (it does not need to be updated)
    http://www.bleepingcomputer.com/forums/topict309.html

    Please DO NOT post your log to this newsgroup. It is important that you go
    to one of the HiJackThis Support Forums below and allow the experts there
    to analyze it for you.
    AumHa HiJackThis Forum
    http://forum.aumha.org/viewforum.php?f=30
    or Bleeping Computer Forum
    http://www.bleepingcomputer.com/forums/forum22.html
    to allow the experts there to evaluate your log and advise you of any
    necessary steps to clean your system.
    (Note: You will have to Register before posting on these Forums. Please
    follow all posting instructions carefully to avoid having your log deleted
    or ignored.)

    Also, please post a link to the forum where you post your HJT log back to
    this thread so that we can follow your progress there.

    CAUTION!!!!! Before you try to remove spyware using any of the programs
    below, download a copy of LSPFIX from any of the following sites:
    http://www.cexx.org/lspfix.htm
    http://www.spychecker.com/program/winsockxpfix.html
    (if your OS is Win2k or XP) The process of removing certain malware may kill
    your internet connection. If this should occur, this program, LSPFIX, will
    enable you to regain your connection.

    You should also get a copy of WINSOCKXPFIX available at:
    http://www.spychecker.com/program/winsockxpfix.html
    and
    WinsockXP Fix- WinXP
    http://www.spychecker.com/program/winsockxpfix.html
    with instructions, at
    http://www.iup.edu/house/resnet/winfix.shtm
    also... From LavaSoft- all versions of Windows-
    http://digital-solutions.co.uk/lavasoft/whndnfix.zip
    (NOTE: It is reported that in XP SP2, the command netsh winsock reset
    will fix this problem without the need for these programs.)
    or Winsock Fix Utility
    http://www.dfwonline.net/files/WinsockFix.zip

    How to Restart in Safe Mode
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    How to Show Hidden Files
    http://snipurl.com/6rl8

    If you cannot access the Internet to download the necessary removal tools
    above, then download them to another machine, copy to floppy's if possible,
    or burn to a CD, and then copy to the affected machine and install from
    there.

    Hope this helps :)

    Jan :)
    MS MVP - IE/OE
    Smiles are meant to be shared,
    that's why they're so contagious.

    Replies are posted only to the newsgroup for the benefit or other readers.
    How to make a good newsgroup post:
    http://www.dts-l.org/goodpost.htm


    ....
     
    Jan Il, Apr 24, 2005
    #1
    1. Advertisements

  2. Jan Il

    Guest Guest

    Hi,
    Recently one of the non privilege accounts on a XP SP2 Home workstation run
    into a problem. The user can not enter his user name and password on
    hotmail and other forums that required user id and password. He can not get
    the mouse to focus on neither the user id box or the password box. Left
    mouse click did not get the focus. Right mouse get the focus if you hold
    the button down but will loose it when you release it. This only happen to
    one of the non privilege account. The machine is now disconnected to the
    network. When logon to administrator level accounts, spybot dectected
    attempts to change registry value of {EFA24E64-B078-11D0-89E4-00C04FC9E26E}.
    McAffe Virus Scan, AD WARE Personal, Spybot and HyjackPro did not detect
    anything. It is very easy just to rebuild the box. But I would like find
    out what it is? Can you help?

    TIA,
    Vic
     
    Guest, Apr 24, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.