• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Got a bad virus, how screwed am I?

K

KillerCharlie

Diamond Member
Apparently I got a bad virus/trojan/whatever.

Basically lots of IE and Firefox windows are opening by themselves. Half the time they don't display anything and the other half they're random stupid webpages (like yellow pages type websites).

The problem is this - I cannot connect to any anti-virus or anti-spyware website on the internet! I can connect to other pages (like this one) just fine. I was able to download a free anti-virus (AVG) using a proxy site. The problem is I can't update them (or other anti-virus/anti-spyware programs) because it's blocking the connection.

Is there anything I can do? I can't do a system restore. I could try to install Windows on my second hard drive, boot from there and try to clean everything up with an anti-virus. I'm not sure that would work though. I'm almost ready to just reformat everything since I don't have a lot of stuff, but I think my XP disc is a student version and I don't feel like going out and buying XP while I have the flu.

Is there anything I can do?
 
Use a library/work/school/friends/parents computer, download avira (AVG sucks hard in the last few months...), place it on a thumb drive. Install on problematic PC. Update it (if it will let you.) Then configure it so all it's scanning bells and whistles is on (rootkits, joke progrs, etc, etc.) Then scan away and delete what it finds.

You may also want to give malwate bytes spyware removal a scan too.
 
I already tried avira. It won't let you install unless you have a connection. I do have one (that at least lets me get to the internet), but it thinks I don't.
 
Boot to safe mode and delete anything suspicious startup registry entries in

HKLM/Software/Microsoft/Windows/CurrentVersion/Run
HKLM/Software/Microsoft/Windows/CurrentVersion/RunOnce
HKCU/Software/Microsoft/Windows/CurrentVersion/Run
HKCU/Software/Microsoft/Windows/CurrentVersion/RunOnce

Should be able to at least boot to a useable desktop after to do a proper scan/fix.
 
Can you get to safe mode? Try getting to the web from there, if you can't you are going to have to use someone else's computer to get the files you need on a usb drive and then try and execute them from safe mode, that's prolly your best bet if you don't want to do a clean install.
 
I ran Malwarebytes (without updating) and it found about 30 critical items - mostly the work of 2-3 trojans. I did a cleanup. I don't think it really god rid of everything, but it must've gotten rid of what was preventing me from accessing anti-virus/anti-malware sites!

I'm running Avira now... it's already found a couple more versions of a trojan. Good grief, where did this stuff come from.
 
Originally posted by: Common Courtesy
Originally posted by: KillerCharlie
...
Good grief, where did this stuff come from.
Click to expand...
Who else's fingerprints are on the system?
Click to expand...


Uhhh.... my roommate and I have been fighting our wireless router for a while. A few times I had to hop on the neighbor's unsecured for a while... and I didn't have any firewall up. At least I got the router connection fixed.
 
Originally posted by: KillerCharlie
Originally posted by: Common Courtesy
Originally posted by: KillerCharlie
...
Good grief, where did this stuff come from.
Click to expand...
Who else's fingerprints are on the system?
Click to expand...


Uhhh.... my roommate and I have been fighting our wireless router for a while. A few times I had to hop on the neighbor's unsecured for a while... and I didn't have any firewall up. At least I got the router connection fixed.
Click to expand...

Most wireless routers (even if unsecured from you) still are protection from drivebys.

Unless there is more to the story, and as a courtesy, we will not ask you to elaborate.

 
In this case, I would agree. A clean install is your best bet, especially when you have multiple infections. And change ALL your passwords after the system is clean.
 
Try this link and see if you can download this file: http://193.110.109.55/linux-we...ue-cd-release-3.00.zip

If so, extract the .ISO file from that Zip file and burn it to CD. Next, boot the computer from the CD. It can update its virus definitions and run a scan. This will bring a couple more antivirus engines to bear, besides AntiVir.

What results do you get?

Good grief, where did this stuff come from.
Click to expand...

A site you trust might've been compromised. Here's a top suggestion: scan your system for exploitable vulnerabilities using Secunia's Personal Software Inspector, and fix what it says needs fixing.

moar security layers to look at including Data Execution Prevention, Software Restriction Policy, and of course non-Admin user accounts.
 
Just today I had a virus/Trojan for the first time in a very, very long time. It was the type that would pop-up on the task bar and tell me that I should go to their website and run a system scan to check for
virus/trojans, well, after battling it all morning and even running my "TrendMicro" antivirus software which didnt find anything I decided to run my Roxie-o/Norton GO-BACK (a utility that is like Windows Restore-Point) and had "GO-BACK" go back a few hours when it first happened and everything restored fine...
 
Sounds like you got hit with Antivirus XP 2008 or 2009 version .. You should download Malwarebyte (link is a post above)
and run it .. see what it finds
 
If you can't access antivirus sites, you have a rootkit. Download the sysinternals.com rootkit revealer, print the results, and google the suspicious ones. To be most accurate, don't use your computer while using rootkit revealer because if something gets deleted or modified, it shows up and will produce a false positive. I can tell you, if you see an entry with TDS in it, that is a rootkit. Once you have identified the bad files, boot into the recovery console and delete them.

Once the rootkit is gone, Malware Bytes will likely finish the rest off.

If you can get a copy of the Vista DVD or the Ultimate Boot CD, you can load the registry hives with the program and delete the rootkit entries that way. Once you know how to get rid of this stuff, it really isn't that hard.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top