|
Computer virus help
I keep getting a notice from my anti-virus software that a threat is detected. So far the software is working but something is constantly hitting on my computer. It's some sort of adware...VBS Guloader.B Webroot says it's in Windows powershell
What should I do? |
No expert but it sounds infected. Reminds me that I need to backup my files and system.
So while you guys are helping Flatty, give me some pointers too, please. |
Don’t use windows, but LMGTFY would give this
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:VBS/Guloader.PKGE!MTB&ThreatID=2147814606 Assuming your windows is from this century that is. |
Ive fixed my friends computers a few times with this. Its been a while but it used to be the best virus remover out there.
https://www.hitmanpro.com/en-us |
I don't do porn nor do I open unknown attachments to email so I have no idea how I got stung.
|
If it were me I would disconnect the LAN cable (hopefully NOT wireless) and then boot the PC in SAFE MODE.
Use the log file from your anti-virus software to see the name of the bad stuff. Once you see it, look to see where it is with regular old explorer app and look at the properties as it will be write protected then use the shell run as ADMINISTRATOR and change the ownership to you. Hopefully this is NOT in the boot sector or other location where Windows keeps those thousands of OS files. If you can wipe it in the shell (command window), make a recover thumb drive if not done already. Then boot up normally BUT NO LAN CONNECTION which of course your computer will not like at all then if the anti-virus is happy try to reboot this time with LAN connected to see what is up. If okay pull up your administration screen of your LAN to see what is connected (should be done weekly) and if anything you do not recognize delete the connection to see if anybody in the house is hollering! Good luck John Rogers |
Thanks John but I didn't understand much of what you outlined.
I know what LAN is but this is just my desktop not a network. I don't know how to boot in safe mode whatever that is. etc. FYI Webroot and Malwarebytes are both catching this thing (apparently adware) but what I don't understand is how it's getting in. After scanning last night I shut down as usual. This morning I powered on, opened my email and turned on the paramount streaming news. Within 10 minutes Webroot alerted me to a threat. WTF? |
You can also pay people to fix it.
|
Quote:
|
Quote:
|
So it can come from anywhere. I guess being notified of the threat is the best one can hope for?
|
Quote:
(it probably won't be listed) Go to Settings/Apps/StartupApps and remove Apps from AUTOMATICALLY starting with boot. (it might not be listed) You can 'probably' set almost everything non-Windows to MANUAL. They will start with programs as needed on demand. Run services.msc as administrator level: https://www.thewindowsclub.com/open-windows-services https://windowsreport.com/how-to-open-services-msc/ Startup types and all programs running should all be listed there. I am a layman here....research and get advanced help. Use NoScript which blocks javascript from automatically running on websites. It's a small fence to keep the riff raff out. I recently updated AMD drivers and they slipped in a "share user experience" feature without my consent or knowledge. It supposedly sends out a lot of data as in a GB/day per one comment. Microsoft does it. Everyone does it. Some are obtuse like FB and Gulag. FB didn't earn $110B last year for nothing. |
Quote:
|
Malwarebytes used to be my go to, not sure how good it is any longer.
|
Quote:
|
I think He's showing you how some are tricked into taking action if you see that screen.
|
Oh my, sorry I rambled on so much and some went over your head. What I'll do is to make each step and write what to do. Before I retired I was a very senior Oracle Database Administrator and we had a staff of 24 to 26 programmers here in San Diego and about 250 over in India mainly since those poor guys and women worked 12 hour days, 6 days a week for a fraction of what us USA based folks were paid. When I retired I was making $140,000 or more a year and the fellow in India who I turned things over to was paid $16 and hour!!!!
1. Disconnect the LAN cable (hopefully NOT wireless) and then boot the PC in SAFE MODE. This means pull the RJ45 connector on your computer. Then shutdown and restart it, not the auto type but depending on your brand a hot key(s) will allow how to boot. You can check using you iPhone or whatever you use and it can be a small screen search engine for you. 2. Use the log file from your anti-virus software to see the name of the bad stuff which it sounds like you know what the name might be. The location of these files is available in the setup or properties of the anti virus software. Once you see the offending file, look to see where it is with regular old explorer app and look at the properties (right click) as it will be write protected then use the shell run as ADMINISTRATOR and change the ownership to you. INFO: Hopefully this is NOT in the boot sector or other location where Windows keeps those thousands of OS files. If you can wipe it in the shell (command window), make a recover thumb drive if not done already. 3. Then boot up normally BUT NO LAN CONNECTION which of course your computer will not like at all then if the anti-virus is happy try to reboot this time with LAN connected to see what is up. At this time you can use the info provided above to look at what is running AND who the userid or owner is and if it is NOT you, get rid of it as noted above. If no errors plug the LAN RJ45 plus back in and the PC will see your router in a minute or so, mine takes about 1.5 minutes as the OS is thinking I guess. 4. If no errors or unusual programs, pull up your administration screen of your LAN/router/firewall to see what is connected (should be done weekly) and if anything you do not recognize delete the connection to see if anybody in the house is hollering! 5. Lastly a great idea is to write the name/MAC address of EVERY smart TV, printer/cell phone or any other device using your network. Save these in a note on your phone so you will have a reference. You can use most modern router administration screens to EXCLUDE ALL MAC addresses except yours that are needed. If you do not know how to do this the router software or manufacturer website help area will give instructions on how to do it. Write everything down in case you have to back up a step. 6. Lastly +1 remember to change the name and password of your router at least yearly AND do NOT use anyother userid or password. Good luck. I and others back in the 90's when I was teaching computer science classes we always had an "Intro To Computers" class which covered things like this but after 2000's or so the new students all felt thay did not need this geeky stuff but here we are! John Rogers |
Holy hell now I'm worried. Somebody took control of my computer or at least it looks that way. The cursor started moving all by itself and clicking desktop icons!
I shutdown immediately but WTF? I'm on a laptop now. I'll be bringing the desktop to a pro tomorrow. How the heck does someone get remote control of my computer? |
Quote:
:D:D In all seriousness. That Sucks. Happened to me a few years ago. Immediately unplugged my router to all the computers in the house. Luckily was only mine that got hit. A friend of mine went through it and cleaned it up. I use Malwarebytes and CCleaner. Been pretty lucky. . |
It's so freakin' wierd. I have two point validation on the important stuff like banking and my one credit card that I use online so that should be ok. My wireless router password is fairly complicated so I can't imagine that got hacked.
It's happened twice now when I'm online. So wierd, I wonder if it could be hardware related and not a hacker? A driver gone bad? But then why would that click on an icon?I.m mildly freaked. |
Yeah, seeing the cursor move and click on something would freak me the hell out.
. |
Quote:
It's fun to grab the mouse and fight him on what he is trying to do. He doesn't find it funny. lol |
It may be in windows settings or deeper.
Turn OFF remote access: https://www.lifewire.com/disable-windows-remote-desktop-153337 There is also regedit line to change it false: https://learn.microsoft.com/en-us/answers/questions/903132/turn-off-remote-connection-in-settings-via-registr Those probably won't fix the virus/hack, but at least they won't be able to take control. |
Quote:
|
You may need to log into regedit as admin first, or it won't work.
Do this offline ie disconnect the wire. |
Quote:
|
Flatbutt1 - we had a hacker take over our home PC back around April of 2021. Wife walked in the room to check email and the mouse cursor was moving within the browser and she screamed bloody murder.
I disconnected the machine from our network. First thing I did was go to Fidelity and change both mine and the wife's 401k account passwords. I won't go into details - I could tell from browser history they weren't too sophisticated - but the hacker used my Chase credit card points to purchase 4 $200 HomeDepot gift cards. I got to my email first -and discovered them before they were able to access the email. Called and cancelled credit cards, bank accounts - you name it. We were up until 11:30PM Sunday night calling and cancelling everything. Next day I ran all sorts of scans and nothing was found. I took it to a repair shop - and they also found nothing. I went and bought a new machine 24 hours later. I kept the "infected" machine off the network and transferred files by thumbdrive running scan tools each time. I was able to rebuild our computer from scratch. I destroyed the infected HD when I finished. |
I brought it to the Geeks at BestBuy today and they found a remote control program that I somehow downloaded. I can't figure out where I picked it up.
Fortunately my banking and credit card online stuff uses two point verification but I changed all my passwords anyway. Fkers! |
Have you tried a system restore? If you have an idea when it was infected chose a restore date before the infection date. I have used it a few times, works like a charm and you lose no data. Should be able to get into it safemode on startup.
|
Change your email password ASAP! You don't want to take the chance that they have access to it.
|
| All times are GMT -8. The time now is 03:21 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website