virus

Kansas · April 03, 2011, 11:22:38 AM

Not sure where to put this, so putting it here. This morning I apparently got a virus on my home computer (I'm typing from the work computer now). Suddenly had a notice I had picked up a virus. It wants me to purchase some sort of antivirus software. I have AVG (free version) plus Malware bytes. This thing would not let me go anywhere. Wouldnt even let me shut down the puter without saying that was infected. I unplugged it and then tried logging on in safe mode. Ran both programs and the malware one found one trojan. I restarted the computer and the thing was back again. Any ideas outside of taking it in to the computer guy?

Warbird · April 03, 2011, 11:40:08 AM

I hate this one. If you have the one that has morphing code, it is exceptionally difficult to get rid of without formatting/reinstalling. Boot back into Safe Mode, go into the following directories \Windows, \Windows\system, \Windows\system32, \Windows\Temp\ and organize all files by date created or by the last accessed time.

Make note of files that were created around the date/time when your troubles began. Google the file names to make certain they are not critical system files. If you find files that don't belong, delete them.

Also check your Startup menu and make certain nothing is in there that shouldn't be. Depending on what version of Windows you are running, you can also run msconfig and check the startup items in there. Be careful poking around in msconfig. You can hose your system.

Once you've cleaned all that, try rebooting and see what you get. None of this advice is guaranteed to fix your problem and you take this advice at your own risk. ;) Good luck, Kansas.

*edit* And historically, techy type of posts like this usually go in the "Behind the Forum" board.

Kansas · April 03, 2011, 11:44:28 AM

Thanks for the advice. I have windows vista. Will see if that works.

LAZERDAN · April 03, 2011, 11:51:08 AM

My daughters computer had the one you talk of last week . I tried every thing I knew of to no avail. Met my computer guy , he said It was the worst one he's ever seen. It had taken all important Doc's and setting and hid it in some remote sector of the hard drive. 12 hrs later all important files were removed and on a disc. Had to restore computer,and re install all the programs again. The "Micro soft repair for 99.00 was the only thing that would come up. There have been some posts of people getting stuff stolen , well to me this is just as bad , right under your nose. People that write virus are criminals. Last week we had a small conversation on American Idol We went to u tube to watch it. It could not be seen and you were redirected to a web site, it looked ligit. virus attached right away, they knew everyone would be redirected, perfect place for the trap. Lucky I T guy is my friend. lazerdan ps she also had vista

Warbird · April 03, 2011, 11:53:33 AM

Hey Kansas... I forgot something very EASY. Try System Restore! Restore back to a week or two before you got the virus. It doesn't always work, depending on the version of this thing that you have but give 'er a go.

Sorry I didn't put that in the first message. Was at work at 6am this morning, fixing the Internet, and wasn't focusing too well.

Rocky_Ranger · April 03, 2011, 12:44:43 PM

I agree Warbird, "System Restore" can be a life saver in these situations. Just realize whichever date is picked (past tense) it will wipe out any saved information past that date.....

DouginUtah · April 03, 2011, 01:56:58 PM

Sometimes, if you note the name of the virus, you can do a Google search on it and find the steps necessary to remove it. Some sites even will have a script to run to delete it.

beenthere · April 03, 2011, 04:02:35 PM

I agree with the "system restore" which has worked for me.

Jeff · April 03, 2011, 05:52:47 PM

Many of the nasty infections disables then removes the ability to use system restore.

Kansas · April 04, 2011, 10:44:02 AM

That is what is going on with mine. I can't get to the system restore. Computer doc time.

Jeff · April 04, 2011, 10:59:37 AM

If you have more then one computer hooked to the internet, so you can search google while working on the infected computer, You might be surprised what you can fix yourself, however there are a lot of people that are not wired in a manner that allows them to do that. :D

The thing I learned early on that has allowed me to learn and do the things I need to do with computers is to be fearless. :D What I mean is, when we first brought one into the house, I was never scared of screwing it up, because I knew exactly where the dumpster was and how to use it.

Warbird · April 04, 2011, 11:30:52 AM

Wise advice indeed, Jeff.

It's not like he's going to make the problem much worse than it already is.

Kcwoodbutcher · April 04, 2011, 01:33:41 PM

I had the same one and couldn't get rid of it. Next day things were fine, no interference but I still see an icon in the system tray. I've been going for several days now with no problems.

Warbird · April 04, 2011, 01:39:01 PM

That might not be good, KC. Have you verified that your system is actually clean?

Jeff · April 04, 2011, 01:41:13 PM

Not good at all. If it is still sitting in the system tray, you can liken it to a hidden land mine that in all likely hood has a timer or a remote activation switch or both.

Warbird · April 04, 2011, 01:44:29 PM

I don't want to scare you too much but it could also mean that it has moved from a simple "infection" to a full on "hack". Sometimes, when viruses mysteriously disappear it is because they opened a back door to your system and the 'bad guys' have installed other things. Key loggers, things like Jeff mentions, etc.

Again, I don't want to scare you needlessly but viruses don't typically just go away all by themselves. If you know for sure that your system was infected and you did nothing to clean it, then you need to be very suspicious until you know for sure.

beenthere · April 04, 2011, 03:13:07 PM

kc
Leaving it lay there also lets the "system restore" time run out, not able to restore before the date the virus was planted in your computer. System restore only allows going back about 10 days or so.

Warbird · April 04, 2011, 04:09:34 PM

You can set system restore to go back further than that. Regardless, it's still a bad idea to let it sit there.

Kcwoodbutcher · April 04, 2011, 07:28:31 PM

Virus scan doesn't pick it up. I may do system restore anyway, just went to Firefox4 and it screwed up the google search function, it sometimes locks up the computer.

Kansas · April 04, 2011, 07:39:17 PM

I'm baaaack. Visit to the computer doc. 32 bucks later, its working. Interesting, he said a lot of this was coming from Ukraine. I asked if I needed better virus protection. He said don't bother, they change how they do things so often, it really doesn't matter.

Magicman · April 04, 2011, 09:00:31 PM

Quote from: Kansas on April 04, 2011, 07:39:17 PM
this was coming from Ukraine

Heck, I can't speak computer, much less Russian or Ukrainian.

Congratulations on your fix.

LAZERDAN · April 04, 2011, 09:52:27 PM

Just like comming out of a good pit stop Feels good to be clean again and back on track. Lazerdan

Magicman · April 04, 2011, 10:25:09 PM

I would love to have mine looked at. Sometimes it does very strange things. :-\

beenthere · April 04, 2011, 10:30:48 PM

Quote from: Kcwoodbutcher on April 04, 2011, 07:28:31 PM
Virus scan doesn't pick it up. I may do system restore anyway, just went to Firefox4 and it screwed up the google search function, it sometimes locks up the computer.

That is the same one, or very close to the one I had. Good luck with the restore. I had a geek friend help me through it the first time. I did it the last time, but don't think I could just talk someone through it.

WH_Conley · April 19, 2011, 11:39:39 AM

Just had a bout with "MS Security Tools", woke up this morning and here it was. Could not use Malwawarebytes, HiJack this or taskmanager, said they were all infected. Went into safe mode and ran Malwarebytes, didn't find anything. Did a system restore, seems OK now.