PDA

View Full Version : OT: Need help getting rid of a Virus


Connecticut Bronco Fan
07-02-2008, 01:01 AM
First I want to apologize for having to resort to this. I am not a very avid poster here on this board. But I check the site daily, I am a reader for sure.

I've tried everything that I could possibly think of, I have this very annoying, what I believe to be a Virus on my system. Whenever I try to open a folder, I get a pop up that looks like this:

http://img55.imageshack.us/img55/6629/bullcrapaf1.png

Now, no matter what I do. I can hit Yes, I can hit No, I can just leave it sitting there. It then pops me to this site:

http://img133.imageshack.us/img133/5098/bullcrap1wr4.png

I've ran a Full System scan with Norton's Anti virus, as well as Ad-Aware, Spybot Search and Destroy, CCleaner. and each time they come up with 0 viruses, and no problems on my PC. However this very annoying pop up still happens.

Any sort of help or suggestions would be greatly appreciated. Thank you very much

sisterhellfyre
07-02-2008, 01:53 AM
First I want to apologize for having to resort to this. I am not a very avid poster here on this board. But I check the site daily, I am a reader for sure.

Any sort of help or suggestions would be greatly appreciated. Thank you very much

From the screen shots you've posted, CBF, it looks to me like you've picked up something for sure. My first guess would be that it's a variant of the VirtuMonde spyware that's been going around for a while now. I've had it show up on my machines a couple times now.

The good news is that VirtuMonde is well-known, and there are a number of solutions out there to get rid of it. The bad news is that fixing and removing it is fairly complicated. You can do it yourself if you're fairly comfortable in following command-line instructions, but it may take a while and several tries. The complicated part is that VirtuMonde hides a code generator for itself out there somewhere in your system files. If you find and delete the .exe file for the spyware without deleting the code generator, the generator will just recreate the spyware the next time you reboot. It's a nasty cycle, but it can be broken.

Some questions...

* Which version of Windows are you running? XP or Vista? When you go looking online for solution instructions, be very sure you're getting the instructions for the version you're running.

* Do you have System Restore turned on for your machine? If you do, it may be possible for you to restore your system to a point before the virus/spyware infected your system files. Do you know roughly when the pop-ups first started appearing? Do you have a restore point from before that date? That would probably be the easiest solution to your problems.

* When a pop-up like that appears on your screen, DO NOT CLICK ANYWHERE IN THE POP-UP WINDOW. Many of these pop-ups are coded so that clicking anywhere in the pop-up window is treated as if you clicked 'Yes' or 'OK'. Even if you click 'No' or 'Cancel,' the spyware will be downloaded and installed again. Use Ctrl-Alt-Del to bring up the Windows Task Manager, and end the Explorer program there.

* Look online for identification and removal instructions for this spyware by Googling for the exact wording contained in the pop-up window. It's a dead certain sure bet that someone else has run into this same thing by now, and they've included that in their search for help too. Follow the instructions carefully and exactly when you find them. It's quite likely that you'll find detailed instructions in one or more forums devoted to tech support and malware removal. Don't be afraid to sign up and ask for help there too. There are some really great people out there who will spend hours of their own time, if necessary, to help you out.

* Finally, when you get it all done, for God's sake stop using Internet Exploder! Download Mozilla Firefox 2.0, install it, and then add the No-Script security add-on for Firefox. You find the No-Script add-on at http://noscript.net. It blocks the scripts embedded in malicious websites that download and install spyware without your ever knowing it, just because you visited their website, even if you didn't click on or download anything. NS is a little annoying to use at first, because it blocks all kinds of scripts from running in your Web browser unless you give your explicit permission. As you build up history of your web-surfing habits with No-Script, you'll gradually build up a library of websites where it knows to permit scripts to run.

* And, btw, one more: dump Norton. It doesn't work all that well, it's overpriced, and it's bloated with all kinds of crap that pokes and pries into every corner of your system unnecessarily. My recommendations would be to use the free antivirus program by Avast (http://avast.com) and the free firewall from Zone Alarm (http://zonelabs.com, and look for the free downloads page). I have relied on those two for years, along with Ad-Aware, Spyware Blaster, and Spybot Search & Destroy. Except for occasional stupid things I've done which have created my own problems, these programs have kept my machines clean and working.

I hope these steps will help you some. Good luck. :-)

Regards,
m.

TDmvp
07-02-2008, 02:13 AM
http://housecall65.trendmicro.com/


Try running that as well ... online free scan ..... great for most things ...

BroncosinDC
07-02-2008, 02:55 AM
www.apple.com

That was easy.

Needa Pass Rush
07-02-2008, 07:24 AM
Is your name really Luigi?

scttgrd
07-02-2008, 08:14 AM
www.apple.com

That was easy.

http://www.ubuntu.com/

Try that before you go to the dark side, and save yourself $2000.

And for the virus on you system, if the sugestions here don't help try the security forum here:
http://www.dslreports.com/forum/security

L.A. BRONCOS FAN
07-02-2008, 09:01 AM
This VirtuMonde thing sounds a lot like that avsystemcare (rogue removal tool) trojan that was going around a while back.

That thing was also a b*tch to get rid of.

I've had a lot of success in blocking these types of malicious sites with a hosts file:

http://mvps.org/winhelp2002/hosts.htm

Since downloading the hosts file at the above link, I don't even find tracking cookies anymore when I do a spyware scan with AVG.

Los Broncos
07-02-2008, 09:11 AM
Just reformat the drive.

sisterhellfyre
07-02-2008, 09:40 AM
Just reformat the drive.

That works, LM, but I generally regard that as an absolute last resort. Reinstalling all my software is a PITA, and there's always some personal data files getting lost. I hate it when that happens.

Regards,
m.

slatimer
07-02-2008, 10:39 AM
try this program.

http://www.superantispyware.com/

Actually what you have is a fake anti spyware program on your machine. It makes false claims in hope of you downloading its program that will actually put more crap on your computer. Whatever you do don't download it.

Check you add/remove programs to see if something is there that shouldn't be.

Also go to start..run. type msconfig....

look at startup and see if anything there is checked that shouldn't be.

Btw, Norton is the worst antivirus program you can buy. Get rid of it and get AVG free from www.download.com

Good Luck..

Shawn Latimer

slatimer
07-02-2008, 10:40 AM
and stop using Internet Explorer... Firefox 3.0 is the only way to go!!!

Connecticut Bronco Fan
07-02-2008, 10:54 AM
Thank you all for the suggestions, going to work on this today and try to get rid of it.

I do use Mozilla, with ADBlock plus which is why I was very worried when it said IE AntiVirus in the top of the window.

Yes my name is really Luigi.

A New computer really isn't an option giving my current finances.

Avast, and Trend Micro found no virus

Thanks all for the suggestions so far, hopefully can find something on google.

Kaylore
07-02-2008, 10:55 AM
and stop using Internet Explorer... Firefox 3.0 is the only way to go!!!

http://www.vgboxart.com/boxes/Wii/13179_luigi_karate_master.jpg

ozomulsion
07-02-2008, 10:57 AM
From the screen shots you've posted, CBF, it looks to me like you've picked up something for sure. My first guess would be that it's a variant of the VirtuMonde spyware that's been going around for a while now. I've had it show up on my machines a couple times now.

The good news is that VirtuMonde is well-known, and there are a number of solutions out there to get rid of it. The bad news is that fixing and removing it is fairly complicated. You can do it yourself if you're fairly comfortable in following command-line instructions, but it may take a while and several tries. The complicated part is that VirtuMonde hides a code generator for itself out there somewhere in your system files. If you find and delete the .exe file for the spyware without deleting the code generator, the generator will just recreate the spyware the next time you reboot. It's a nasty cycle, but it can be broken.

Some questions...

* Which version of Windows are you running? XP or Vista? When you go looking online for solution instructions, be very sure you're getting the instructions for the version you're running.

* Do you have System Restore turned on for your machine? If you do, it may be possible for you to restore your system to a point before the virus/spyware infected your system files. Do you know roughly when the pop-ups first started appearing? Do you have a restore point from before that date? That would probably be the easiest solution to your problems.

* When a pop-up like that appears on your screen, DO NOT CLICK ANYWHERE IN THE POP-UP WINDOW. Many of these pop-ups are coded so that clicking anywhere in the pop-up window is treated as if you clicked 'Yes' or 'OK'. Even if you click 'No' or 'Cancel,' the spyware will be downloaded and installed again. Use Ctrl-Alt-Del to bring up the Windows Task Manager, and end the Explorer program there.

* Look online for identification and removal instructions for this spyware by Googling for the exact wording contained in the pop-up window. It's a dead certain sure bet that someone else has run into this same thing by now, and they've included that in their search for help too. Follow the instructions carefully and exactly when you find them. It's quite likely that you'll find detailed instructions in one or more forums devoted to tech support and malware removal. Don't be afraid to sign up and ask for help there too. There are some really great people out there who will spend hours of their own time, if necessary, to help you out.

* Finally, when you get it all done, for God's sake stop using Internet Exploder! Download Mozilla Firefox 2.0, install it, and then add the No-Script security add-on for Firefox. You find the No-Script add-on at http://noscript.net. It blocks the scripts embedded in malicious websites that download and install spyware without your ever knowing it, just because you visited their website, even if you didn't click on or download anything. NS is a little annoying to use at first, because it blocks all kinds of scripts from running in your Web browser unless you give your explicit permission. As you build up history of your web-surfing habits with No-Script, you'll gradually build up a library of websites where it knows to permit scripts to run.

* And, btw, one more: dump Norton. It doesn't work all that well, it's overpriced, and it's bloated with all kinds of crap that pokes and pries into every corner of your system unnecessarily. My recommendations would be to use the free antivirus program by Avast (http://avast.com) and the free firewall from Zone Alarm (http://zonelabs.com, and look for the free downloads page). I have relied on those two for years, along with Ad-Aware, Spyware Blaster, and Spybot Search & Destroy. Except for occasional stupid things I've done which have created my own problems, these programs have kept my machines clean and working.

I hope these steps will help you some. Good luck. :-)

Regards,
m.

Now that's what I'm talkin about! Avast home edition ~ spybot search & destroy ~ Wise Registry Cleaner, can all be had for free on http://www.download.com. Firefox 3 with no script is a very wise suggestion as well.
I'd probably rather go with a port scanner, blocker, rather than Zone Alarm.
Angry IP Scanner is free on download.com as well.

Connecticut Bronco Fan
07-02-2008, 11:05 AM
Well I finally got it fixed, I used a link http://www.malwareteks.com/FixIEDef.php#Download that I found on Yahoo Answers. It took about 10 seconds to scan and deleted the virus. Wish I found that before my hours and hours of virus scanning.

Thank you all for the help =) =)

sisterhellfyre
07-02-2008, 11:44 AM
Well I finally got it fixed, I used a link http://www.malwareteks.com/FixIEDef.php#Download that I found on Yahoo Answers. It took about 10 seconds to scan and deleted the virus. Wish I found that before my hours and hours of virus scanning.

Thank you all for the help =) =)

Congrats, CBF. You are now officially a geek, for defeating malware in solo combat. :-)

Regards,
m.

sisterhellfyre
07-02-2008, 11:48 AM
Firefox 3 with no script is a very wise suggestion as well.

I personally like Firefox 3.0, but it may not be ready for everyone yet. The current release is a release-candidate beta version, meaning that it's still in development. There may yet be bugs or errors in the program that have to be fixed. It's been working pretty well on my machines, but I have found that some websites are not displayed correctly when they use too many layers of Java script. (Netflix for one.) It's a hit-or-miss thing, and I like Firefox enough to put up with the occasional glitches.

Regards,
m.

alkemical
07-02-2008, 12:36 PM
I use Firefox and i have some pain in the ass tools you can use but it will lock the browser down -

Look at the NoScript plugin

Candy Cigarettes
07-02-2008, 12:44 PM
Anybody having trouble with "Antivirus 2008"? This is a virus that pops up and tells you to click on it to fix problems. The pop-up window looks a hell of a lot like Windows Defender and I've had three clients fooled by this virus in the last two weeks. I came across a program that eliminates this virus very well -

http://www.malwarebytes.org/

It will scan and fix problems for free, but there's a fee if you want to activate around the clock protection. Give it a try if nothing else is working for you.

TexanBob
07-02-2008, 02:25 PM
That works, LM, but I generally regard that as an absolute last resort. Reinstalling all my software is a PITA, and there's always some personal data files getting lost. I hate it when that happens.

Regards,
m.

True, but if you have multiple storage drives, you can get around this issue. I use one hard drive to load the OS and necessary programs then keep most of the rest (including the e-mail which is NOT Microsoft) on a separate hard drive. So if the first drive needs scrubbing, I can format it without having to re-install a great deal or lose important files. Secondly, I have an external drive I don't even have connected to my PC unless I'm using it to serve as the backup for the real VIP stuff I don't want to risk losing.

Since almost all viruses and malware are stored in your caches and attack the OS, reformatting nukes both and lets me start clean without jeopardizing my whole computer.

Los Broncos
07-03-2008, 09:24 AM
That works, LM, but I generally regard that as an absolute last resort. Reinstalling all my software is a PITA, and there's always some personal data files getting lost. I hate it when that happens.

Regards,
m.

Now you have to avoid losing personal info by using a slave drive or partitioning the drive.

Cito Pelon
06-16-2011, 08:23 AM
Anybody having trouble with "Antivirus 2008"? This is a virus that pops up and tells you to click on it to fix problems. The pop-up window looks a hell of a lot like Windows Defender and I've had three clients fooled by this virus in the last two weeks. I came across a program that eliminates this virus very well -

http://www.malwarebytes.org/

It will scan and fix problems for free, but there's a fee if you want to activate around the clock protection. Give it a try if nothing else is working for you.

Yeah, this Malwarebytes is the way to go.

I got nailed with this Trojan "Windows Recovery Tool/Windows Diagnostic" a couple days ago.

It hides all of your files, so all you're left with is the phony Diagnostic tool.

You have to start your computer in Safe Mode with Network Connections (hold down the F8 key during power up, and arrow to the correct option).

Then, start your browser, go to Malwarebytes and follow their instructions.

McAfee couldn't get rid of it, Malwarebytes took care of it for free. So I dumped McAfee and now I have Malwarebytes (for cheaper).

McAfee found only 4 infected files, Malwarebytes found 23 and cleaned it out.

strafen
06-16-2011, 08:36 AM
Good info on this thread.
CBF, i'm glad you've got it taken care of.
I'm going to try some of the sugestions here, as my PC seems to hang up quite a bit (I.E)
I do have Geary's Utilities, norton, and Superantispyware.
I constantly get an error about not enough memory?
I've defrag'd my disk and I have plenty free space. I don't know what the problem is...

bowtown
06-16-2011, 08:38 AM
I think Appa might have a link for you.

TheElusiveKyleOrton
06-16-2011, 08:38 AM
http://img.diytrade.com/cdimg/661640/6402494/0/1216303314/Tussin_CF_cough_cold_relief.jpg

That One Guy
06-16-2011, 08:52 AM
Yeah, this Malwarebytes is the way to go.

I got nailed with this Trojan "Windows Recovery Tool/Windows Diagnostic" a couple days ago.

It hides all of your files, so all you're left with is the phony Diagnostic tool.

You have to start your computer in Safe Mode with Network Connections (hold down the F8 key during power up, and arrow to the correct option).

Then, start your browser, go to Malwarebytes and follow their instructions.

McAfee couldn't get rid of it, Malwarebytes took care of it for free. So I dumped McAfee and now I have Malwarebytes (for cheaper).

McAfee found only 4 infected files, Malwarebytes found 23 and cleaned it out.

My laptop is still f'd from this.

My start menu never returned, my system restores were all corrupted, my google/yahoo searches all still getting hijacked... it's annoying as piss. I've only been in my house about a month and we're still working through boxes so I haven't located my computer software yet but as soon as I do, I'm waxing this f'ing drive and starting over.

The worst part is this crap always happens after I put the computer down for the night. Use it, go to bed, wake up the next morning and poof!, everything is going haywire. At least if I were getting good free porn in return and this was the price to pay, I'd deal with it.

Cito Pelon
06-16-2011, 09:11 AM
My laptop is still f'd from this.

My start menu never returned, my system restores were all corrupted, my google/yahoo searches all still getting hijacked... it's annoying as piss. I've only been in my house about a month and we're still working through boxes so I haven't located my computer software yet but as soon as I do, I'm waxing this f'ing drive and starting over.

The worst part is this crap always happens after I put the computer down for the night. Use it, go to bed, wake up the next morning and poof!, everything is going haywire. At least if I were getting good free porn in return and this was the price to pay, I'd deal with it.

That's one way to do it (see above suggestions for that). Doing the method I semi-detailed also works.

I actually found the method on bleepingcomputer.com/virus-removal which ref'd me to the Malwarebytes site.

McAfee didn't have a clue how to remove it.

alkemical
06-16-2011, 09:36 AM
Once you get a massive infection, you can't ever really "heal" it. It's compromised.

Diskwipe, reformat/reload.

make image of machine right when it's setup....do backups - if it happens again - you can have your box reimaged and setup in 2-4hrs.

That One Guy
06-16-2011, 09:41 AM
That's one way to do it (see above suggestions for that). Doing the method I semi-detailed also works.

I actually found the method on bleepingcomputer.com/virus-removal which ref'd me to the Malwarebytes site.

McAfee didn't have a clue how to remove it.

Yeah, Malwarebytes got me back and running - I think I used the same site for removal. It just has too many glitches now. It's moving again but it's walking with a cane and a pretty severe limp.

That One Guy
06-16-2011, 09:44 AM
Once you get a massive infection, you can't ever really "heal" it. It's compromised.

Diskwipe, reformat/reload.

make image of machine right when it's setup....do backups - if it happens again - you can have your box reimaged and setup in 2-4hrs.

Are you saying do it through something like what used to be done with Norton Ghost? How do you do that with a 200 GB system?

Last time I messed with any of that stuff was early '00s and school setups used a network computer to ghost everyone in their labs. I don't know how I'd do that with a personal computer. This is the first time my system restores have ever been corrupted so that's usually my fallback.

Cito Pelon
06-16-2011, 09:48 AM
Once you get a massive infection, you can't ever really "heal" it. It's compromised.

Diskwipe, reformat/reload.

make image of machine right when it's setup....do backups - if it happens again - you can have your box reimaged and setup in 2-4hrs.

Yeah, my old backup system crapped out and I've neglected getting a new one. Much to my chagrin.

alkemical
06-16-2011, 09:50 AM
Are you saying do it through something like what used to be done with Norton Ghost? How do you do that with a 200 GB system?

Last time I messed with any of that stuff was early '00s and school setups used a network computer to ghost everyone in their labs. I don't know how I'd do that with a personal computer. This is the first time my system restores have ever been corrupted so that's usually my fallback.

have more than 200GB's to back it up to? It can be done! Yes, something like with Ghost.

You just back the image up to a large EXT hard disk. Poof - all setup.

That One Guy
06-16-2011, 09:51 AM
have more than 200GB's to back it up to? It can be done! Yes, something like with Ghost.

You just back the image up to a large EXT hard disk. Poof - all setup.

I have a raided 2 GB (2 x 1GB) HD setup around here somewhere but never thought about it, I guess. Seems like it'd take an eternity. Might look into that when I find my software.

alkemical
06-16-2011, 09:53 AM
I have a raided 2 GB (2 x 1GB) HD setup around here somewhere but never thought about it, I guess. Seems like it'd take an eternity. Might look into that when I find my software.

Remember - a basic image would only really be the machine when it's setup. You can backup your data at other times else where.

But to get the core of the system up and working - the image shouldn't be that big. It takes 20min to drop an image on the laptops here at work...via USB.

That One Guy
06-16-2011, 09:56 AM
Remember - a basic image would only really be the machine when it's setup. You can backup your data at other times else where.

But to get the core of the system up and working - the image shouldn't be that big. It takes 20min to drop an image on the laptops here at work...via USB.

Gotcha...

Yeah, I was envisioning the 80 GBs of TV shows I inevitably end up downloading. A base install would definitely be reasonable.

alkemical
06-16-2011, 09:58 AM
Gotcha...

Yeah, I was envisioning the 80 GBs of TV shows I inevitably end up downloading. A base install would definitely be reasonable.

It's just smarter to worry about media as something else, than part of the image. Most of time, if you have it sort of stored on a fileserver or NAS (your media) - you'd just need to link to the file share.

Cito Pelon
06-16-2011, 10:25 AM
Yeah, Malwarebytes got me back and running - I think I used the same site for removal. It just has too many glitches now. It's moving again but it's walking with a cane and a pretty severe limp.

Malwarebytes had one more tool that I used that went a little deeper scanning for hidden files, and that got me more up to speed, but didn't quite get 'er all done.

So, yeah, keeping your drives backed up daily is a smart thing, but I'm only smart some of the time, unfortunately.

Cito Pelon
06-16-2011, 10:31 AM
Gotcha...

Yeah, I was envisioning the 80 GBs of TV shows I inevitably end up downloading. A base install would definitely be reasonable.

Maybe the smart thing is to invest in a super sophisticated backup system. If you need several thumb drives maybe that's the smart way to go.

sisterhellfyre
06-16-2011, 10:41 AM
Maybe the smart thing is to invest in a super sophisticated backup system. If you need several thumb drives maybe that's the smart way to go.

For media storage I use a 400gig portable USB hard drive. I got one as an Xmas gift last year, and it's about half-full now between MP3 albums and comics.

The price is also coming waaaay down on 1TB internal HDs. On occasion I've seen them as low as $60. I want...

alkemical
06-16-2011, 10:51 AM
Maybe the smart thing is to invest in a super sophisticated backup system. If you need several thumb drives maybe that's the smart way to go.

I've been looking at this:

http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx

Cito Pelon
06-16-2011, 10:53 AM
For media storage I use a 400gig portable USB hard drive. I got one as an Xmas gift last year, and it's about half-full now between MP3 albums and comics.

The price is also coming waaaay down on 1TB internal HDs. On occasion I've seen them as low as $60. I want...

I'm getting smarter . . . .