Chips' Fun House ~ View topic

I have got hit with a trojan and some malware that constantly reloads itself and creates all kinds of .exe files in both my system32 folder and system retore folder. In fact everytime i restart my computer I have another virus after running scans.

I have all the same programs as Demasu/ Grisoft virus detector (which doesn't even see it if I scan the file that my other program tells me is a virus) That other program is Kaspersky (it is just a trial version and will block the trojan and delete it on restart, but they still alwyas come back.) I have tried a number of other programs including some trial versions that don't pick it up. I also have a trial version of Kasperky anti hacker, whcih has an IP address blocked from whoever gave me this crap/ Unfortunatley I cannot find a log file to find the address and send it to my IP. I have adware and now a couple other programs going to get rid of it but I am unable. This trojan seems to do nothing but slow down my internet so far, but that seriously effects my halflife, which makes me very sad.

any thoughts.

I was thinking that if I restored to a earlier date that might work. I am next to computer illiterate so please keep it simple if you have any ideas.

Please make it better for me.

Thanks

one more weird thing. If I use explorer to open his site the forum is a black background. If i use Mozzilla it isthe normal light colour.

First off, you need to get an updated virus program. If you have one, great, I'll get to what to do in a minute. If you don't, google "AVG Antivirus", should be a "grisoft" website. Download the newest FREE version(unless you want to pay for it)...and install it.

Now comes the fun part.

Boot your computer in "SAFE" mode. This is usually done by pressing "F8" repeatedly, and rapidly, when you turn the machine on. You will be given a screen with a list of boot options. This is only temporary, so don't worry. Just go down the list to "Boot in safe mode with internet". Once the machine is back to Windows, run your anti-virus software. This will probably take a while.

Once it's done, you'll know if it found something. You can(and should) also run some anti-spyware. If you don't have one of those, you can get "Spybot: Search and Destroy" for free.

Once you are done with all of that, you can reboot your machine normally. If something goes wrong, you can always use the F8 option and just select "Boot Windows Normally"

Good luck!

i am just downloading a trial version of Norton to see if it can help the proplem. AVG I already have and it doesn't even know that i have the virus, that is why i am running the trial versions from the "big boys" AVG has always been on my computer, but i don't think it cuts the mustard anymore.

As for the boot advice I will definatley give that a try cause my computer was freezing farily often when i started it up. So far nothing bad has happened to my computer or very hopefully my important information.

I am clear of spy ware and run tests often with adaware program but i have heard from a few folkjs that spy bot is good so i may give it a try.

Thanks and i will post up if norton is able to do something about this. Any thoughts on how to get my computer running fast again.

Forum Soldier Joined: 23 Nov 2005 Posts: 371 Location: lol

Adaware Free Trial ... download it & do a complete system scan while youre in safe mode

Forum Medic Joined: 11 Nov 2005 Posts: 147

If your virus scan engine has been out of date for a while it’s possible (and sounds as if..) you may have a virus or malware that will prevent the proper installation of an updated virus scanner. It will also prevent updating of spyware definitions for programs like ad-aware or spybot. My suggestion is to back up all of your data files to a cd/dvd or usb drive and reformat/restore.

If you do not what to restore check out some of these programs they may help:

http://www.tomcoyote.org/hjt/

http://www.sysinternals.com/Utilities/ProcessExplorer.html

http://www.sysinternals.com/Utilities/TcpView.html

Easier than all that, try microsoft anti-spyware. It's the best one I've found, and it stoped a trojan and I did not have to go through safe-mode. Granted, Iggy, Fu Manchu, and RS are correct, this just might be a little easier. MS Anti-Spyware also blocked some pop-ups my other pop-up blockers were ignoring. Dr. Evil of foxbot and omni-bot turned me on to MS Anti-Spyware.

Once you have everything fixed, make sure that whatever virus scanner you use is set to automatically update its virus definitions AT LEAST once a week. With Norton, this means you want a subscription to LiveUpdate - I think it costs $20/year and you renew it yearly.

after you clean out your virus problem, instal Mozilla Firefox as your browser and Zone Alarm as a fire wall (www.zonelabs.com). i use both and i haven't had a virus since i've installed them

every thing was totaly up to date. i make sure i always have auto update on. I will definatly try the safe mode start up and i am going to break down and buy Norton cause AVG/grisoft not only let it in, but was also unable to detect it, as was microsoft.

really appreciate the help! i am going to go CfH and see if I am able to play for more then 3 minutes.

One thing I haven't seen said here...you may very well have entries in your windows registry that are initiating the re-installation of the files you did find. Navigate to here in your registry and see if you have any references to the files found in your system32 folder and elsewhere:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Entries in these registry keys are run at windows startup. You COULD have a command in here to execute one of those virus files which re-installs everything else.

WARNING: Modifying or deleting entries in your registry you're not familiar with could seriously foul your machine. If you find entries in here relative to the files identified as viruses...it is perfectly safe to delete them.

Well, understand something....it got in, but getting rid of it may not be as easy as you might think. Rose had what sounds like a very similar experience....and I had to do all kinds of stuff to clear it out. Check out this link, and see if it means anything to you.....

http://forums.spywareinfo.com/lofiversion/index.php/t55721.html

wow that link might as well be in pig latin for me. thanks again for the link. i am just about to run in safe mode but things seem a lot better after Norton.

Fortunatly I wrote down most of the file names that poped up when scan actualy found something so I am going to look in the place that Chips mentioned.

Thanks again and hopefully I will see you cats when the server is back up and running, man i hope i didn't have anything to do with it being down.

Wink

Sorry to sound like a total noob (even tho i am)

Forum Medic Joined: 11 Nov 2005 Posts: 147

Frog i have sent too many hours chasing spyware/virus around.

Lately the anti virus and spyware programs cannot keep up with the assholes. You are better served reformatting/restoring. Unless you want to spend many hours of manual deleting files and rebooting into safe mode, you may need to even use a solution like this http://www.nu2.nu/pebuilder/.

Good Luck Man