Virus?

[Deeko]

A friend of mine has a virus....her computer is regularly(like every 10 minutes) telling her it needs to be restarted, counts down from 60, and restarts. It also has disabled her antivirus program. Any idea what she might have?

 

[KLin]

sounds like the blaster virus. download Fixblast.exe here

Edit #2: she may have to click start, run, and type in shutdown -a to prevent her computer from shutting down long enough for the fixblast program to run.

 

[Deeko]

Didnt work.... any other suggestions?

 

[minendo]

Originally posted by: Deeko
Didnt work.... any other suggestions?

Run windows update.

 

[Deeko]

she tried that. apparntly it won't let her install the updates?

 

[Deeko]

She just reformatted. its still doing it. That can't be good?

 

Get behind a firewall before you enable a connection to the net.

 

[Apathetic]

Originally posted by: Deeko
She just reformatted. its still doing it. That can't be good?

If she just reformatted the drive then one of two things is going on

1) The virus is active on another partition of the drive (or possibly on another physical drive).
2) The virus is a boot sector virus. You can usually get rid of this type by doing a "fdisk /mbr" from a command line. This will force fdisk to rebuild the master boot record of the drive. Depending upon where the virus actually lives (the boot sector may only contain a "pointer" to the virus code), this may or may not get rid of it but it will prevent it from starting up when the machine boots.

Since she just reformated, it looks like there isn't any data you're worried about loosing so you don't have anything to loose by using option #2. Normally, this is a harmless operation but some boot sector viruses are REALLY nasty and are written with the attitude "if you take me down, I'll take your box down with me".

Dave

 

[Deeko]

I thought it could possibly be a boot sector virus...ugh, there is no way I can talk her through fdisk and all that....she is at another school like 30 miles from here. Oh well....maybe I'll tell her to take it to best buy and pay for them to remove it, lol.

 

[Apathetic]

Originally posted by: Deeko
I thought it could possibly be a boot sector virus...ugh, there is no way I can talk her through fdisk and all that....she is at another school like 30 miles from here. Oh well....maybe I'll tell her to take it to best buy and pay for them to remove it, lol.

Actually, there's not much to it. If you can get her to a command prompt, the only command she has to enter is "FDISK /MBR" and press enter. That's it. It rebuilds it then and there without jumping though any of the other fdisk menus.

Dave

 

Chances are she's got the following virus or its variant: W32.HLLW.Gaobot.RS. Find information:
1. Symantec
2. Sophos
3. Trend Micro

It usually has "hallowelt.exe" on list of processes.

 

[Yax]

Originally posted by: DearQT
Chances are she's got the following virus or its variant: W32.HLLW.Gaobot.RS. Find information:
1. Symantec
2. Sophos
3. Trend Micro

It usually has "hallowelt.exe" on list of processes.

I agree with GAOBOT too.

Tell her to get the latest MS security patches. Then use the GAOBOT removal tool from Symantec.

 

[Deeko]

Originally posted by: DearQT
Chances are she's got the following virus or its variant: W32.HLLW.Gaobot.RS. Find information:
1. Symantec
2. Sophos
3. Trend Micro

It usually has "hallowelt.exe" on list of processes.

Tech support at school told her thats what it was, but the fix for it didn't work. We actually tried that before the blaster repair.

It still isn't working and she's using someone else's computer right now. Frankly I don't like her that much anyway, so it doesn't bother me, as long as she doesn't bug me

 

[CPA]

I just got an email from our Tech guys that a new outbreak of the WORM_NETSKY.X virus has occurred.