Help please! I think I've got a computer virus but it's not being picked up by AV

[private9]

Hi All,

Hoping for some help please!

A couple of days ago got a random message box pop up saying I had a worm/virus. Normally I don't click these (but have never had any on this computer, and it looked very authentic!)

So I clicked ok to whatever it said, and now internet explorer just keeps trying to connect to a heap of random anti-virus sites, and it does this continuously if I leave the computer going. I'm also getting constant windows style popups warning of infections, security risks and so on, and my computer is now running extremely slow.

3 icons for antivirus/malware/spyware cleaners have appeared on my desktop, and although I have tried deleting, they reinstall themselves within about 20 minutes of running.

I have also found that my windows task manager (ctrl, alt, del) has been disabled (says, disabled by your system administrator).

Obviously there's something not good going on, but I have run AVG and CA antivirus twice each, and neither has picked anything up.

I have disabled internet explorer (now using firefox) so at least when internet explorer opens, it can't actually connect to the websites it's trying to access.

Would really appreciate any advice anyone has to offer!

Thanks,

Justin.

[Fev]

if you cant find the actual files for the virus which would most probably be in your program files.. re format.. because if you do business on your computer with banking etc if may steal your numbers etc and send them somewhere ie saudi arabia etc and they will steal your account/money etc.. so disconnect it from the next at all times and look around for oddly named files in the program files. delete them if you can, if not you will need to format the computer(which is a )

[the_scotsman]

It sounds more like spyware/adware rather than a virus.

Try running Spybot...it should pik it up and get rid of it.

EDIT: although, it does sound like a virus that has disabled Task manager.

[R0BD0G]

spybot...such a champ program...picked up what avg didnt

[paule11]

This happened to someone I know same thing trojan got on the computer and then popups for anti virus sites asking for $60 to download antivirus to fix it not reputable
virus sites like norton or macafee etc . The money was paid but it didnt fix the virus try going to norton and find if there is any examples of what is happening to your comnputer on there usually they have information on how to fix your registry and remove the virus and in the past I have downloaded virus removal tools from them . A lot of porn sites bring up those warnings about viruses and then download trojan horses which point you in the direction of fake expensive antivirus sites

[Nashy86]

Quote:

Originally Posted by Fev

if you cant find the actual files for the virus which would most probably be in your program files.. re format.. because if you do business on your computer with banking etc if may steal your numbers etc and send them somewhere ie saudi arabia etc and they will steal your account/money etc.. so disconnect it from the next at all times and look around for oddly named files in the program files. delete them if you can, if not you will need to format the computer(which is a )

Be careful deleting program files tho, on my old laptop my anti virus (one that I'd actually paid $100 per year to license) started going crazy about this file it had found, but it couldn't delete it so it just kept going crazy. So I went and got the info about the file from it, the file was called something like mr.vgina so I immediately thought "yep its a smart *** virus for sure, no real program would have a file with a name that was so close to mr vagina" so I deleted it. My computer automatically re-booted and the startup process had changed so that it said it was deleting this file (it deleted it while in DOS basically) and the computer was then unable to start windows, I ended up having to re-format it. I did some research later on and found it was actually just an inappropriately named file that was needed by the computer, and it was also re-installed with the re-format.

Why my anti virus started going crazy over it I have no idea, it never did it again, and it was the only file identified by the anti virus too

[fmc351]

Download

- spybot &
- AdAware SE

Also get CClean to go through your registry. All are free programs.

CClean also has a fuction for deleting files with a nice algorithm overwrite to actually delete their traces. They cant be found by tech savvy people.

[DBourne]

mate, the fact that task manager is gone is a bad bad bad thing.
honestly blow away the OS. its not worth having traces of whatever is on there at the moment hanging around.

had the same on my missus pc thanks to her brother. just backed up what was needed in safe mode to a USB key and then formatted. 1hr re format beats hours of d1cking around and then being paranoid any day

[sarrge2001]

Been there, done that.....

The one I got was called Spy Sherrif - or something similar - VERY nasty piece of work.......apparently the way it works is to instal its own viruses and then detect it and offer to remove it after you have paid your money. These viruses go to work on your computer as well and disable the task manager and usually the virus protection.

After numerous attempts by the guru's at work after which it would just reinstall itself, we ended up doing the re-format.

No fun at all!!

If you can find out what the program is called, you can run a search in Google on how to remove it but it is fairly complex and not always successful.


Good luck......

[private9]

Thanks for all the advice guys very much appreciated.

Running spybot and cclean now. Have been searching through program files, and did find one component of it (just somehow changed my wallpaper to an active link to one of these websites.) so I've deleted that part in my windows files, but the other problems are still occurring.

I think it's best that I don't connect to the internet until I get this sorted, but I'll check this thread at work in the morning.

I would love to reformat, but I have absolutely no idea on how to do it! I think that it definitely should be done though, so was going to take the laptop to a computer place in the next few days to get it done.

Thanks,

Justin.

[fmc351]

Quote:

Originally Posted by private9

Thanks for all the advice guys very much appreciated.

Running spybot and cclean now. Have been searching through program files, and did find one component of it (just somehow changed my wallpaper to an active link to one of these websites.) so I've deleted that part in my windows files, but the other problems are still occurring.

I think it's best that I don't connect to the internet until I get this sorted, but I'll check this thread at work in the morning.

I would love to reformat, but I have absolutely no idea on how to do it! I think that it definitely should be done though, so was going to take the laptop to a computer place in the next few days to get it done.

Thanks,

Justin.

Run AdAware too. There are things spybot doesnt find occasionally that AdAware does, and vice versa. Regularly running these together you should have very few problems.

[private9]

Quote:

Originally Posted by fmc351

Run AdAware too. There are things spybot doesnt find occasionally that AdAware does, and vice versa. Regularly running these together you should have very few problems.

Cool, downloading now! Thanks!

[dave351cid]

i had the same thing happen last week with the pop ups warning of a virus or something.

i use AVG anti virus free edition and this is the first time i have had any of these bugs get through.

i also run SPYBOT and ADAWARE every month or so just to be sure.
i gave both of these a run and have`nt had any more issues.

[fmc351]

Quote:

Originally Posted by dave351cid

i had the same thing happen last week with the pop ups warning of a virus or something.

i use AVG anti virus free edition and this is the first time i have had any of these bugs get through.

i also run SPYBOT and ADAWARE every month or so just to be sure.
i gave both of these a run and have`nt had any more issues.

AVG picks up virus' and trojans etc. These things are 'spyware' or 'malware' which are different ballgames and AVG isnt designed to pick them up, although I believe the pro version does.

spybot and AdAawre are designed for that, they dont pick up virus' or trojans.

Its why you run all 3.

[DBourne]

Quote:

Originally Posted by private9

I would love to reformat, but I have absolutely no idea on how to do it! I think that it definitely should be done though, so was going to take the laptop to a computer place in the next few days to get it done.

Thanks,

Justin.

hey mate, reformatting is really, really simple.

Boot up in safe mode and just transfer any files u want to keep to either another computer or portable hard drive.

restart

put in windows xp (assuming you're running xp) and press a key to boot to cd (you'll see that instruction).

then follow the prompts to install a NEW (not repair) version of windows.

1hr later.. done! you have a brand new system

[crochunter]

Easiest way is do a system restore. Just go back to a date where computer was working fine.

[DBourne]

thats assuming he has a restore point...also he'd still have to back up what he wants

[the_scotsman]

I'd also just back up anything you want kept, then format and reinstall.

I always point people to this guide for doing a format/reinstall of XP:

http://web.mit.edu/ist/products/winx...ll-format.html

It has screenshots etc to help make it very easy to understand.

EDIT: Restore points can also store the virus...so I wouldn't do that.

[MYVYSS]

Run a program called Housecall by Trendmicro, its one of the best on the net thats free, it could take up to a couple of hours to run...

http://housecall.trendmicro.com/ if this doesnt pick it up and or remove it then you would be looking at a re format...

[Perana]

Don't use system restore.. in fact disable it. Viruses love hiding in there..

[private9]

Thanks for all the advice, very much appreciated!

Spybot did pickup and remove part of it, then I ran adaware, which successfully removed all of it, or so I thought! All was good for about 15 minutes, but it promptly reinstalled itself! Oh, and adaware now doesn't pick it up! - great work on the virus designers behalf.


I might give housecall a try, but obviously either way reformat must be done.

Quote:

Originally Posted by the_scotsman

I'd also just back up anything you want kept, then format and reinstall.

I always point people to this guide for doing a format/reinstall of XP:

http://web.mit.edu/ist/products/winx...ll-format.html

It has screenshots etc to help make it very easy to understand.

EDIT: Restore points can also store the virus...so I wouldn't do that.

Thanks for that link, it's very helpful!

Hopefully borrowing a friends harddrive, and will backup and reformat in the next day or so.

Does anyone know where I'll find the backup file for Microsoft Outlook (email) - my wife uses this for work, and cannot afford to lose all of the emails!

Thanks,

Justin.

[EA2BA]

download smitfraud as well, that will be the main thing you infected yourself with.

[DBourne]

Quote:

Does anyone know where I'll find the backup file for Microsoft Outlook (email) - my wife uses this for work, and cannot afford to lose all of the emails!

hi mate, make sure u can view hidden files (tools > options > view, tick the view hidden files folders)

then go my computer > C: > documents and settings > (username that she logs on with > local settings > application data > microsoft > outlook and then its the .pst file

[private9]

Quote:

Originally Posted by SgtBourne

hi mate, make sure u can view hidden files (tools > options > view, tick the view hidden files folders)

then go my computer > C: > documents and settings > (username that she logs on with > local settings > application data > microsoft > outlook and then its the .pst file

Awesome, thanks mate!

[DBourne]

no worries mate.

once u get your computer up and running again, to restore all the emails you set up the account thru outlook, then simply navagiate to that folder and drop in the back up .pst and ull see all the emails come back as normal.

[private9]

Quote:

Originally Posted by EA2BA

download smitfraud as well, that will be the main thing you infected yourself with.

Cool. I think smitfraud is one of the things that spybot was flagging as an issue. Not sure why though.

[DBourne]

sometimes applications like adawre etc find each other as a threat cos of the scripts they use etc plus anything they might have in quarentine etc.

[DJL351]

Quote:

Originally Posted by SgtBourne

hi mate, make sure u can view hidden files (tools > options > view, tick the view hidden files folders)

then go my computer > C: > documents and settings > (username that she logs on with > local settings > application data > microsoft > outlook and then its the .pst file

There may be more than one pst file if you use the auto archive system in Outlook.

[BlackLS]

Do the scans in windows Safe Mode.

Theres probably a system process somewhere which is making the actual spyware run.

Doing it in safe mode will most likely get rid of tihs.

[DBourne]

Quote:

Originally Posted by DJL351

There may be more than one pst file if you use the auto archive system in Outlook.

true, shoudl be the one named outlook.pst unless you renamed it at some point. archives will be named archive.pst

can copy them too if you like