The Orange Mane -  a Denver Broncos Fan Community  

Go Back   The Orange Mane - a Denver Broncos Fan Community > Orange Mane Discussion > Orange Mane Central Discussion
Register FAQ Members List Calendar Chat Room Mark Forums Read



Reply
 
Thread Tools Display Modes
Old 07-02-2008, 01:01 AM   #1
Connecticut Bronco Fan
CTBF
 

Join Date: Apr 2005
Location: Connecticut
Posts: 324

Adopt-a-Bronco:
Rick Dennison
Default OT: Need help getting rid of a Virus

First I want to apologize for having to resort to this. I am not a very avid poster here on this board. But I check the site daily, I am a reader for sure.

I've tried everything that I could possibly think of, I have this very annoying, what I believe to be a Virus on my system. Whenever I try to open a folder, I get a pop up that looks like this:



Now, no matter what I do. I can hit Yes, I can hit No, I can just leave it sitting there. It then pops me to this site:



I've ran a Full System scan with Norton's Anti virus, as well as Ad-Aware, Spybot Search and Destroy, CCleaner. and each time they come up with 0 viruses, and no problems on my PC. However this very annoying pop up still happens.

Any sort of help or suggestions would be greatly appreciated. Thank you very much

Last edited by Connecticut Bronco Fan; 07-02-2008 at 01:25 AM.. Reason: fixed pictures
Connecticut Bronco Fan is offline   Reply With Quote
Sponsored Links
Old 07-02-2008, 01:53 AM   #2
sisterhellfyre
Some days it's not worth
 
sisterhellfyre's Avatar
 
fighting the clowns under my bed.

Join Date: Sep 2004
Location: Portland, OR
Posts: 1,543
Default

Quote:
Originally Posted by Connecticut Bronco Fan View Post
First I want to apologize for having to resort to this. I am not a very avid poster here on this board. But I check the site daily, I am a reader for sure.

Any sort of help or suggestions would be greatly appreciated. Thank you very much
From the screen shots you've posted, CBF, it looks to me like you've picked up something for sure. My first guess would be that it's a variant of the VirtuMonde spyware that's been going around for a while now. I've had it show up on my machines a couple times now.

The good news is that VirtuMonde is well-known, and there are a number of solutions out there to get rid of it. The bad news is that fixing and removing it is fairly complicated. You can do it yourself if you're fairly comfortable in following command-line instructions, but it may take a while and several tries. The complicated part is that VirtuMonde hides a code generator for itself out there somewhere in your system files. If you find and delete the .exe file for the spyware without deleting the code generator, the generator will just recreate the spyware the next time you reboot. It's a nasty cycle, but it can be broken.

Some questions...

* Which version of Windows are you running? XP or Vista? When you go looking online for solution instructions, be very sure you're getting the instructions for the version you're running.

* Do you have System Restore turned on for your machine? If you do, it may be possible for you to restore your system to a point before the virus/spyware infected your system files. Do you know roughly when the pop-ups first started appearing? Do you have a restore point from before that date? That would probably be the easiest solution to your problems.

* When a pop-up like that appears on your screen, DO NOT CLICK ANYWHERE IN THE POP-UP WINDOW. Many of these pop-ups are coded so that clicking anywhere in the pop-up window is treated as if you clicked 'Yes' or 'OK'. Even if you click 'No' or 'Cancel,' the spyware will be downloaded and installed again. Use Ctrl-Alt-Del to bring up the Windows Task Manager, and end the Explorer program there.

* Look online for identification and removal instructions for this spyware by Googling for the exact wording contained in the pop-up window. It's a dead certain sure bet that someone else has run into this same thing by now, and they've included that in their search for help too. Follow the instructions carefully and exactly when you find them. It's quite likely that you'll find detailed instructions in one or more forums devoted to tech support and malware removal. Don't be afraid to sign up and ask for help there too. There are some really great people out there who will spend hours of their own time, if necessary, to help you out.

* Finally, when you get it all done, for God's sake stop using Internet Exploder! Download Mozilla Firefox 2.0, install it, and then add the No-Script security add-on for Firefox. You find the No-Script add-on at http://noscript.net. It blocks the scripts embedded in malicious websites that download and install spyware without your ever knowing it, just because you visited their website, even if you didn't click on or download anything. NS is a little annoying to use at first, because it blocks all kinds of scripts from running in your Web browser unless you give your explicit permission. As you build up history of your web-surfing habits with No-Script, you'll gradually build up a library of websites where it knows to permit scripts to run.

* And, btw, one more: dump Norton. It doesn't work all that well, it's overpriced, and it's bloated with all kinds of crap that pokes and pries into every corner of your system unnecessarily. My recommendations would be to use the free antivirus program by Avast (http://avast.com) and the free firewall from Zone Alarm (http://zonelabs.com, and look for the free downloads page). I have relied on those two for years, along with Ad-Aware, Spyware Blaster, and Spybot Search & Destroy. Except for occasional stupid things I've done which have created my own problems, these programs have kept my machines clean and working.

I hope these steps will help you some. Good luck. :-)

Regards,
m.

Last edited by sisterhellfyre; 07-02-2008 at 01:59 AM.. Reason: (Additional suggestion.)
sisterhellfyre is offline   Reply With Quote
Old 07-02-2008, 02:13 AM   #3
TDmvp
Ring of Famer
 
TDmvp's Avatar
 
This ones for Pat...

Join Date: Mar 2004
Posts: 8,414
Default

http://housecall65.trendmicro.com/


Try running that as well ... online free scan ..... great for most things ...
TDmvp is offline   Reply With Quote
Old 07-02-2008, 02:55 AM   #4
BroncosinDC
Now Live From Baltimore!
 
True Men have Facial Hair

Join Date: May 2008
Location: Baltimore, MD
Posts: 527

Adopt-a-Bronco:
Kyle Orton
Default

www.apple.com

That was easy.
BroncosinDC is offline   Reply With Quote
Old 07-02-2008, 07:24 AM   #5
Needa Pass Rush
Never say Always
 
Needa Pass Rush's Avatar
 

Join Date: Jan 2003
Posts: 5,167
Default

Is your name really Luigi?
Needa Pass Rush is offline   Reply With Quote
Old 07-02-2008, 08:14 AM   #6
scttgrd
Just treading water
 
scttgrd's Avatar
 

Join Date: Apr 2005
Location: Aurora
Posts: 1,285

Adopt-a-Bronco:
Brandon Mashall
Default

Quote:
Originally Posted by BroncosinDC View Post
www.apple.com

That was easy.
http://www.ubuntu.com/

Try that before you go to the dark side, and save yourself $2000.

And for the virus on you system, if the sugestions here don't help try the security forum here:
http://www.dslreports.com/forum/security

Last edited by scttgrd; 07-02-2008 at 08:18 AM..
scttgrd is offline   Reply With Quote
Old 07-02-2008, 09:01 AM   #7
L.A. BRONCOS FAN
Mo' holla fo' yo' dolla!
 
L.A. BRONCOS FAN's Avatar
 

Join Date: Dec 2002
Location: In a bunker in an undisclosed location
Posts: 54,237
Default

This VirtuMonde thing sounds a lot like that avsystemcare (rogue removal tool) trojan that was going around a while back.

That thing was also a b*tch to get rid of.

I've had a lot of success in blocking these types of malicious sites with a hosts file:

http://mvps.org/winhelp2002/hosts.htm

Since downloading the hosts file at the above link, I don't even find tracking cookies anymore when I do a spyware scan with AVG.

Last edited by L.A. BRONCOS FAN; 07-02-2008 at 09:04 AM..
L.A. BRONCOS FAN is offline   Reply With Quote
Old 07-02-2008, 09:11 AM   #8
Los Broncos
Broncos Country
 
Los Broncos's Avatar
 

Join Date: Jun 2006
Location: Eastern Utah
Posts: 18,741

Adopt-a-Bronco:
Ryan Clady
Default

Just reformat the drive.
Los Broncos is offline   Reply With Quote
Old 07-02-2008, 09:40 AM   #9
sisterhellfyre
Some days it's not worth
 
sisterhellfyre's Avatar
 
fighting the clowns under my bed.

Join Date: Sep 2004
Location: Portland, OR
Posts: 1,543
Default

Quote:
Originally Posted by Lynch Mob72 View Post
Just reformat the drive.
That works, LM, but I generally regard that as an absolute last resort. Reinstalling all my software is a PITA, and there's always some personal data files getting lost. I hate it when that happens.

Regards,
m.
sisterhellfyre is offline   Reply With Quote
Old 07-02-2008, 10:39 AM   #10
slatimer
Seasoned Veteran
 

Join Date: Sep 2003
Posts: 275

Adopt-a-Bronco:
Cody Latimer
Default

try this program.

http://www.superantispyware.com/

Actually what you have is a fake anti spyware program on your machine. It makes false claims in hope of you downloading its program that will actually put more crap on your computer. Whatever you do don't download it.

Check you add/remove programs to see if something is there that shouldn't be.

Also go to start..run. type msconfig....

look at startup and see if anything there is checked that shouldn't be.

Btw, Norton is the worst antivirus program you can buy. Get rid of it and get AVG free from www.download.com

Good Luck..

Shawn Latimer
slatimer is offline   Reply With Quote
Old 07-02-2008, 10:40 AM   #11
slatimer
Seasoned Veteran
 

Join Date: Sep 2003
Posts: 275

Adopt-a-Bronco:
Cody Latimer
Default

and stop using Internet Explorer... Firefox 3.0 is the only way to go!!!
slatimer is offline   Reply With Quote
Old 07-02-2008, 10:54 AM   #12
Connecticut Bronco Fan
CTBF
 

Join Date: Apr 2005
Location: Connecticut
Posts: 324

Adopt-a-Bronco:
Rick Dennison
Default

Thank you all for the suggestions, going to work on this today and try to get rid of it.

I do use Mozilla, with ADBlock plus which is why I was very worried when it said IE AntiVirus in the top of the window.

Yes my name is really Luigi.

A New computer really isn't an option giving my current finances.

Avast, and Trend Micro found no virus

Thanks all for the suggestions so far, hopefully can find something on google.
Connecticut Bronco Fan is offline   Reply With Quote
Old 07-02-2008, 10:55 AM   #13
Kaylore
Because I am better
 
Kaylore's Avatar
 
Everything

Join Date: Aug 2004
Location: Ceti Alpha V
Posts: 46,749

Adopt-a-Bronco:
Pat Bowlen
Default

Quote:
Originally Posted by slatimer View Post
and stop using Internet Explorer... Firefox 3.0 is the only way to go!!!
Kaylore is offline   Reply With Quote
Old 07-02-2008, 10:57 AM   #14
ozomulsion
Ring of Famer
 

Join Date: Apr 2004
Posts: 3,546

Adopt-a-Bronco:
The ladies man.
Default

Quote:
Originally Posted by sisterhellfyre View Post
From the screen shots you've posted, CBF, it looks to me like you've picked up something for sure. My first guess would be that it's a variant of the VirtuMonde spyware that's been going around for a while now. I've had it show up on my machines a couple times now.

The good news is that VirtuMonde is well-known, and there are a number of solutions out there to get rid of it. The bad news is that fixing and removing it is fairly complicated. You can do it yourself if you're fairly comfortable in following command-line instructions, but it may take a while and several tries. The complicated part is that VirtuMonde hides a code generator for itself out there somewhere in your system files. If you find and delete the .exe file for the spyware without deleting the code generator, the generator will just recreate the spyware the next time you reboot. It's a nasty cycle, but it can be broken.

Some questions...

* Which version of Windows are you running? XP or Vista? When you go looking online for solution instructions, be very sure you're getting the instructions for the version you're running.

* Do you have System Restore turned on for your machine? If you do, it may be possible for you to restore your system to a point before the virus/spyware infected your system files. Do you know roughly when the pop-ups first started appearing? Do you have a restore point from before that date? That would probably be the easiest solution to your problems.

* When a pop-up like that appears on your screen, DO NOT CLICK ANYWHERE IN THE POP-UP WINDOW. Many of these pop-ups are coded so that clicking anywhere in the pop-up window is treated as if you clicked 'Yes' or 'OK'. Even if you click 'No' or 'Cancel,' the spyware will be downloaded and installed again. Use Ctrl-Alt-Del to bring up the Windows Task Manager, and end the Explorer program there.

* Look online for identification and removal instructions for this spyware by Googling for the exact wording contained in the pop-up window. It's a dead certain sure bet that someone else has run into this same thing by now, and they've included that in their search for help too. Follow the instructions carefully and exactly when you find them. It's quite likely that you'll find detailed instructions in one or more forums devoted to tech support and malware removal. Don't be afraid to sign up and ask for help there too. There are some really great people out there who will spend hours of their own time, if necessary, to help you out.

* Finally, when you get it all done, for God's sake stop using Internet Exploder! Download Mozilla Firefox 2.0, install it, and then add the No-Script security add-on for Firefox. You find the No-Script add-on at http://noscript.net. It blocks the scripts embedded in malicious websites that download and install spyware without your ever knowing it, just because you visited their website, even if you didn't click on or download anything. NS is a little annoying to use at first, because it blocks all kinds of scripts from running in your Web browser unless you give your explicit permission. As you build up history of your web-surfing habits with No-Script, you'll gradually build up a library of websites where it knows to permit scripts to run.

* And, btw, one more: dump Norton. It doesn't work all that well, it's overpriced, and it's bloated with all kinds of crap that pokes and pries into every corner of your system unnecessarily. My recommendations would be to use the free antivirus program by Avast (http://avast.com) and the free firewall from Zone Alarm (http://zonelabs.com, and look for the free downloads page). I have relied on those two for years, along with Ad-Aware, Spyware Blaster, and Spybot Search & Destroy. Except for occasional stupid things I've done which have created my own problems, these programs have kept my machines clean and working.

I hope these steps will help you some. Good luck. :-)

Regards,
m.
Now that's what I'm talkin about! Avast home edition ~ spybot search & destroy ~ Wise Registry Cleaner, can all be had for free on http://www.download.com. Firefox 3 with no script is a very wise suggestion as well.
I'd probably rather go with a port scanner, blocker, rather than Zone Alarm.
Angry IP Scanner is free on download.com as well.

Last edited by ozomulsion; 07-02-2008 at 11:03 AM..
ozomulsion is offline   Reply With Quote
Old 07-02-2008, 11:05 AM   #15
Connecticut Bronco Fan
CTBF
 

Join Date: Apr 2005
Location: Connecticut
Posts: 324

Adopt-a-Bronco:
Rick Dennison
Default

Well I finally got it fixed, I used a link http://www.malwareteks.com/FixIEDef.php#Download that I found on Yahoo Answers. It took about 10 seconds to scan and deleted the virus. Wish I found that before my hours and hours of virus scanning.

Thank you all for the help =) =)
Connecticut Bronco Fan is offline   Reply With Quote
Old 07-02-2008, 11:44 AM   #16
sisterhellfyre
Some days it's not worth
 
sisterhellfyre's Avatar
 
fighting the clowns under my bed.

Join Date: Sep 2004
Location: Portland, OR
Posts: 1,543
Default

Quote:
Originally Posted by Connecticut Bronco Fan View Post
Well I finally got it fixed, I used a link http://www.malwareteks.com/FixIEDef.php#Download that I found on Yahoo Answers. It took about 10 seconds to scan and deleted the virus. Wish I found that before my hours and hours of virus scanning.

Thank you all for the help =) =)
Congrats, CBF. You are now officially a geek, for defeating malware in solo combat. :-)

Regards,
m.
sisterhellfyre is offline   Reply With Quote
Old 07-02-2008, 11:48 AM   #17
sisterhellfyre
Some days it's not worth
 
sisterhellfyre's Avatar
 
fighting the clowns under my bed.

Join Date: Sep 2004
Location: Portland, OR
Posts: 1,543
Default

Quote:
Originally Posted by ozomulsion View Post
Firefox 3 with no script is a very wise suggestion as well.
I personally like Firefox 3.0, but it may not be ready for everyone yet. The current release is a release-candidate beta version, meaning that it's still in development. There may yet be bugs or errors in the program that have to be fixed. It's been working pretty well on my machines, but I have found that some websites are not displayed correctly when they use too many layers of Java script. (Netflix for one.) It's a hit-or-miss thing, and I like Firefox enough to put up with the occasional glitches.

Regards,
m.
sisterhellfyre is offline   Reply With Quote
Old 07-02-2008, 12:36 PM   #18
alkemical
Guerrilla Ontologist
 
alkemical's Avatar
 
rorrim|mirror

Join Date: Apr 2001
Location: Future
Posts: 43,083

Adopt-a-Bronco:
Prima Materia
Default

I use Firefox and i have some pain in the ass tools you can use but it will lock the browser down -

Look at the NoScript plugin
alkemical is offline   Reply With Quote
Old 07-02-2008, 12:44 PM   #19
Candy Cigarettes
Highlander
 
Candy Cigarettes's Avatar
 
Silence Flows Faster Backwards...

Join Date: Oct 2004
Location: Shady side of Hades
Posts: 394
Default

Anybody having trouble with "Antivirus 2008"? This is a virus that pops up and tells you to click on it to fix problems. The pop-up window looks a hell of a lot like Windows Defender and I've had three clients fooled by this virus in the last two weeks. I came across a program that eliminates this virus very well -

http://www.malwarebytes.org/

It will scan and fix problems for free, but there's a fee if you want to activate around the clock protection. Give it a try if nothing else is working for you.
Candy Cigarettes is offline   Reply With Quote
Old 07-02-2008, 02:25 PM   #20
TexanBob
Don't Argue With Me
 
You Know I'm Right

Join Date: Jan 2004
Location: Austin, TX
Posts: 5,012

Adopt-a-Bronco:
Darris Nash
Default

Quote:
Originally Posted by sisterhellfyre View Post
That works, LM, but I generally regard that as an absolute last resort. Reinstalling all my software is a PITA, and there's always some personal data files getting lost. I hate it when that happens.

Regards,
m.
True, but if you have multiple storage drives, you can get around this issue. I use one hard drive to load the OS and necessary programs then keep most of the rest (including the e-mail which is NOT Microsoft) on a separate hard drive. So if the first drive needs scrubbing, I can format it without having to re-install a great deal or lose important files. Secondly, I have an external drive I don't even have connected to my PC unless I'm using it to serve as the backup for the real VIP stuff I don't want to risk losing.

Since almost all viruses and malware are stored in your caches and attack the OS, reformatting nukes both and lets me start clean without jeopardizing my whole computer.
TexanBob is offline   Reply With Quote
Old 07-03-2008, 09:24 AM   #21
Los Broncos
Broncos Country
 
Los Broncos's Avatar
 

Join Date: Jun 2006
Location: Eastern Utah
Posts: 18,741

Adopt-a-Bronco:
Ryan Clady
Default

Quote:
Originally Posted by sisterhellfyre View Post
That works, LM, but I generally regard that as an absolute last resort. Reinstalling all my software is a PITA, and there's always some personal data files getting lost. I hate it when that happens.

Regards,
m.
Now you have to avoid losing personal info by using a slave drive or partitioning the drive.
Los Broncos is offline   Reply With Quote
Old 06-16-2011, 08:23 AM   #22
Cito Pelon
Been there, didn't get it
 
Cito Pelon's Avatar
 
Not2Shabby County Seat

Join Date: Jun 2004
Location: AFC Championshipville, NotTooShabby County
Posts: 16,542

Adopt-a-Bronco:
Slim Shabby
Default

Quote:
Originally Posted by Candy Cigarettes View Post
Anybody having trouble with "Antivirus 2008"? This is a virus that pops up and tells you to click on it to fix problems. The pop-up window looks a hell of a lot like Windows Defender and I've had three clients fooled by this virus in the last two weeks. I came across a program that eliminates this virus very well -

http://www.malwarebytes.org/

It will scan and fix problems for free, but there's a fee if you want to activate around the clock protection. Give it a try if nothing else is working for you.
Yeah, this Malwarebytes is the way to go.

I got nailed with this Trojan "Windows Recovery Tool/Windows Diagnostic" a couple days ago.

It hides all of your files, so all you're left with is the phony Diagnostic tool.

You have to start your computer in Safe Mode with Network Connections (hold down the F8 key during power up, and arrow to the correct option).

Then, start your browser, go to Malwarebytes and follow their instructions.

McAfee couldn't get rid of it, Malwarebytes took care of it for free. So I dumped McAfee and now I have Malwarebytes (for cheaper).

McAfee found only 4 infected files, Malwarebytes found 23 and cleaned it out.
Cito Pelon is online now   Reply With Quote
Old 06-16-2011, 08:36 AM   #23
strafen
Karma
 
strafen's Avatar
 

Join Date: Jan 2009
Posts: 7,955

Adopt-a-Bronco:
Elway
Default

Good info on this thread.
CBF, i'm glad you've got it taken care of.
I'm going to try some of the sugestions here, as my PC seems to hang up quite a bit (I.E)
I do have Geary's Utilities, norton, and Superantispyware.
I constantly get an error about not enough memory?
I've defrag'd my disk and I have plenty free space. I don't know what the problem is...
strafen is offline   Reply With Quote
Old 06-16-2011, 08:38 AM   #24
bowtown
Ring of Famer
 
bowtown's Avatar
 

Join Date: Jul 2006
Posts: 10,447

Adopt-a-Bronco:
Aaron Brewer
Default

I think Appa might have a link for you.
bowtown is offline   Reply With Quote
Old 06-16-2011, 08:38 AM   #25
TheElusiveKyleOrton
BOOM.
 
TheElusiveKyleOrton's Avatar
 
Touched By God

Join Date: Feb 2009
Location: Denver
Posts: 10,854
Default

__________________
Nobody puts Jay-bee in the corner.
TheElusiveKyleOrton is offline   Reply With Quote
Reply

Thread Tools
Display Modes



Forum Jump


All times are GMT -7. The time now is 05:41 PM.


Denver Broncos