Author |
Message |
|
Posted:
Mon Jan 02, 2006 9:42 am
|
|
|
Forum Soldier
Joined: 02 Aug 2005
Posts: 288
Location: t dot
|
|
I have got hit with a trojan and some malware that constantly reloads itself and creates all kinds of .exe files in both my system32 folder and system retore folder. In fact everytime i restart my computer I have another virus after running scans.
I have all the same programs as Demasu/ Grisoft virus detector (which doesn't even see it if I scan the file that my other program tells me is a virus) That other program is Kaspersky (it is just a trial version and will block the trojan and delete it on restart, but they still alwyas come back.) I have tried a number of other programs including some trial versions that don't pick it up. I also have a trial version of Kasperky anti hacker, whcih has an IP address blocked from whoever gave me this crap/ Unfortunatley I cannot find a log file to find the address and send it to my IP. I have adware and now a couple other programs going to get rid of it but I am unable. This trojan seems to do nothing but slow down my internet so far, but that seriously effects my halflife, which makes me very sad.
any thoughts.
I was thinking that if I restored to a earlier date that might work. I am next to computer illiterate so please keep it simple if you have any ideas.
Please make it better for me.
Thanks |
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 9:57 am
|
|
|
Forum Soldier
Joined: 02 Aug 2005
Posts: 288
Location: t dot
|
|
one more weird thing. If I use explorer to open his site the forum is a black background. If i use Mozzilla it isthe normal light colour. |
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 1:23 pm
|
|
|
Forum Medic
Joined: 02 Dec 2005
Posts: 202
Location: On the edge of sanity, just outside the border.
|
|
First off, you need to get an updated virus program. If you have one, great, I'll get to what to do in a minute. If you don't, google "AVG Antivirus", should be a "grisoft" website. Download the newest FREE version(unless you want to pay for it)...and install it.
Now comes the fun part.
Boot your computer in "SAFE" mode. This is usually done by pressing "F8" repeatedly, and rapidly, when you turn the machine on. You will be given a screen with a list of boot options. This is only temporary, so don't worry. Just go down the list to "Boot in safe mode with internet". Once the machine is back to Windows, run your anti-virus software. This will probably take a while.
Once it's done, you'll know if it found something. You can(and should) also run some anti-spyware. If you don't have one of those, you can get "Spybot: Search and Destroy" for free.
Once you are done with all of that, you can reboot your machine normally. If something goes wrong, you can always use the F8 option and just select "Boot Windows Normally"
Good luck! |
_________________ Author of: "Random Thoughts From A Diseased Mind(Not For Dummies)". Available pretty much everywhere.
Read some reviews here:
http://search.barnesandnoble.com/booksearch/isbnInquiry.asp?z=y&isbn=1425919782&itm=6 |
|
|
|
|
|
Posted:
Mon Jan 02, 2006 1:39 pm
|
|
|
Forum Soldier
Joined: 02 Aug 2005
Posts: 288
Location: t dot
|
|
i am just downloading a trial version of Norton to see if it can help the proplem. AVG I already have and it doesn't even know that i have the virus, that is why i am running the trial versions from the "big boys" AVG has always been on my computer, but i don't think it cuts the mustard anymore.
As for the boot advice I will definatley give that a try cause my computer was freezing farily often when i started it up. So far nothing bad has happened to my computer or very hopefully my important information.
I am clear of spy ware and run tests often with adaware program but i have heard from a few folkjs that spy bot is good so i may give it a try.
Thanks and i will post up if norton is able to do something about this. Any thoughts on how to get my computer running fast again. |
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 2:13 pm
|
|
|
Forum Soldier
Joined: 23 Nov 2005
Posts: 371
Location: lol
|
|
Adaware Free Trial ... download it & do a complete system scan while youre in safe mode |
_________________
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 2:28 pm
|
|
|
Forum Medic
Joined: 11 Nov 2005
Posts: 147
|
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 3:18 pm
|
|
|
Forum Sniper
Joined: 23 Jan 2005
Posts: 665
Location: Kentucky
|
|
Easier than all that, try microsoft anti-spyware. It's the best one I've found, and it stoped a trojan and I did not have to go through safe-mode. Granted, Iggy, Fu Manchu, and RS are correct, this just might be a little easier. MS Anti-Spyware also blocked some pop-ups my other pop-up blockers were ignoring. Dr. Evil of foxbot and omni-bot turned me on to MS Anti-Spyware. |
_________________ Somebody mixed Tobasco sauce in my chocolate chip cookie mix!
-[CfH]-Server Admin |
|
|
|
|
|
Posted:
Mon Jan 02, 2006 3:49 pm
|
|
|
Forum Medic
Joined: 13 Oct 2005
Posts: 227
Location: Vancouver, BC, Canada
|
|
Once you have everything fixed, make sure that whatever virus scanner you use is set to automatically update its virus definitions AT LEAST once a week. With Norton, this means you want a subscription to LiveUpdate - I think it costs $20/year and you renew it yearly. |
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 4:21 pm
|
|
|
Forum H4xor
Joined: 06 Jan 2005
Posts: 1573
Location: middle o' no where Nebraska
|
|
after you clean out your virus problem, instal Mozilla Firefox as your browser and Zone Alarm as a fire wall (www.zonelabs.com). i use both and i haven't had a virus since i've installed them |
_________________
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 4:21 pm
|
|
|
Forum Soldier
Joined: 02 Aug 2005
Posts: 288
Location: t dot
|
|
every thing was totaly up to date. i make sure i always have auto update on. I will definatly try the safe mode start up and i am going to break down and buy Norton cause AVG/grisoft not only let it in, but was also unable to detect it, as was microsoft.
really appreciate the help! i am going to go CfH and see if I am able to play for more then 3 minutes. |
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 4:39 pm
|
|
|
Grand High Exalted Mystic Ruler
Joined: 23 Nov 2004
Posts: 6505
Location: New Jersey
|
|
One thing I haven't seen said here...you may very well have entries in your windows registry that are initiating the re-installation of the files you did find. Navigate to here in your registry and see if you have any references to the files found in your system32 folder and elsewhere:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Entries in these registry keys are run at windows startup. You COULD have a command in here to execute one of those virus files which re-installs everything else.
WARNING: Modifying or deleting entries in your registry you're not familiar with could seriously foul your machine. If you find entries in here relative to the files identified as viruses...it is perfectly safe to delete them. |
_________________
The only good game, is a fair game...
Why do we park on driveways and drive on parkways! George Carlin - 1937-2008
-[CfH]-Server Admin |
|
|
|
|
|
Posted:
Mon Jan 02, 2006 4:43 pm
|
|
|
Forum Medic
Joined: 02 Dec 2005
Posts: 202
Location: On the edge of sanity, just outside the border.
|
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 5:30 pm
|
|
|
Forum Soldier
Joined: 02 Aug 2005
Posts: 288
Location: t dot
|
|
wow that link might as well be in pig latin for me. thanks again for the link. i am just about to run in safe mode but things seem a lot better after Norton.
Fortunatly I wrote down most of the file names that poped up when scan actualy found something so I am going to look in the place that Chips mentioned.
Thanks again and hopefully I will see you cats when the server is back up and running, man i hope i didn't have anything to do with it being down.
|
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 5:41 pm
|
|
|
Forum Soldier
Joined: 02 Aug 2005
Posts: 288
Location: t dot
|
|
Sorry to sound like a total noob (even tho i am) |
|
|
|
|
|
|
Posted:
Mon Jan 02, 2006 5:53 pm
|
|
|
Forum Medic
Joined: 11 Nov 2005
Posts: 147
|
|
Frog i have sent too many hours chasing spyware/virus around.
Lately the anti virus and spyware programs cannot keep up with the assholes. You are better served reformatting/restoring. Unless you want to spend many hours of manual deleting files and rebooting into safe mode, you may need to even use a solution like this http://www.nu2.nu/pebuilder/.
Good Luck Man |
|
|
|
|
|
|