Computer virus help

[Flatbutt1]

I keep getting a notice from my anti-virus software that a threat is detected. So far the software is working but something is constantly hitting on my computer. It's some sort of adware...VBS Guloader.B Webroot says it's in Windows powershell

What should I do?

[Zeke]

No expert but it sounds infected. Reminds me that I need to backup my files and system.

So while you guys are helping Flatty, give me some pointers too, please.

[Alan A]

Don’t use windows, but LMGTFY would give this

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:VBS/Guloader.PKGE!MTB&ThreatID=2147814606

Assuming your windows is from this century that is.

[JackDidley]

Ive fixed my friends computers a few times with this. Its been a while but it used to be the best virus remover out there.

https://www.hitmanpro.com/en-us

[Flatbutt1]

I don't do porn nor do I open unknown attachments to email so I have no idea how I got stung.

[John Rogers]

If it were me I would disconnect the LAN cable (hopefully NOT wireless) and then boot the PC in SAFE MODE.

Use the log file from your anti-virus software to see the name of the bad stuff. Once you see it, look to see where it is with regular old explorer app and look at the properties as it will be write protected then use the shell run as ADMINISTRATOR and change the ownership to you.

Hopefully this is NOT in the boot sector or other location where Windows keeps those thousands of OS files. If you can wipe it in the shell (command window), make a recover thumb drive if not done already.

Then boot up normally BUT NO LAN CONNECTION which of course your computer will not like at all then if the anti-virus is happy try to reboot this time with LAN connected to see what is up. If okay pull up your administration screen of your LAN to see what is connected (should be done weekly) and if anything you do not recognize delete the connection to see if anybody in the house is hollering!

Good luck John Rogers

[Flatbutt1]

Thanks John but I didn't understand much of what you outlined.

I know what LAN is but this is just my desktop not a network.
I don't know how to boot in safe mode whatever that is. etc.

FYI Webroot and Malwarebytes are both catching this thing (apparently adware) but what I don't understand is how it's getting in.

After scanning last night I shut down as usual. This morning I powered on, opened my email and turned on the paramount streaming news. Within 10 minutes Webroot alerted me to a threat.

WTF?

[911 Rod]

You can also pay people to fix it.

[Flatbutt1]

Quote:

Originally Posted by 911 Rod

You can also pay people to fix it.

Yes and I do have a service plan but I'd like to know this...is an anti-virus program supposed to prevent entry of the malware or just identify the threat? If ID is its sole purpose, then it worked, and I need to figure where my exposure is.

[john70t]

Quote:

Originally Posted by Flatbutt1

I don't do porn nor do I open unknown attachments to email so I have no idea how I got stung.

https://www.pcworld.com/article/464121/religious_sites_carry_more_malware_than_porn_sites _security_firm_reports.html

[Flatbutt1]

So it can come from anywhere. I guess being notified of the threat is the best one can hope for?

[john70t]

Quote:

Originally Posted by Flatbutt1

FYI Webroot and Malwarebytes are both catching this thing (apparently adware) but what I don't understand is how it's getting in.

Go to Task Manager and kill anything non-Windows.
(it probably won't be listed)

Go to Settings/Apps/StartupApps and remove Apps from AUTOMATICALLY starting with boot.
(it might not be listed)
You can 'probably' set almost everything non-Windows to MANUAL. They will start with programs as needed on demand.

Run services.msc as administrator level:
https://www.thewindowsclub.com/open-windows-services
https://windowsreport.com/how-to-open-services-msc/
Startup types and all programs running should all be listed there.

I am a layman here....research and get advanced help.

Use NoScript which blocks javascript from automatically running on websites. It's a small fence to keep the riff raff out.

I recently updated AMD drivers and they slipped in a "share user experience" feature without my consent or knowledge. It supposedly sends out a lot of data as in a GB/day per one comment. Microsoft does it. Everyone does it. Some are obtuse like FB and Gulag. FB didn't earn $110B last year for nothing.

[flipper35]

Quote:

Originally Posted by Flatbutt1

I don't do porn nor do I open unknown attachments to email so I have no idea how I got stung.

Drive by download or malicious ad. Happens.

[flipper35]

Malwarebytes used to be my go to, not sure how good it is any longer.

[Flatbutt1]

Quote:

Originally Posted by pmax

??

[Zeke]

I think He's showing you how some are tricked into taking action if you see that screen.

[John Rogers]

Oh my, sorry I rambled on so much and some went over your head. What I'll do is to make each step and write what to do. Before I retired I was a very senior Oracle Database Administrator and we had a staff of 24 to 26 programmers here in San Diego and about 250 over in India mainly since those poor guys and women worked 12 hour days, 6 days a week for a fraction of what us USA based folks were paid. When I retired I was making $140,000 or more a year and the fellow in India who I turned things over to was paid $16 and hour!!!!

1. Disconnect the LAN cable (hopefully NOT wireless) and then boot the PC in SAFE MODE. This means pull the RJ45 connector on your computer. Then shutdown and restart it, not the auto type but depending on your brand a hot key(s) will allow how to boot. You can check using you iPhone or whatever you use and it can be a small screen search engine for you.

2. Use the log file from your anti-virus software to see the name of the bad stuff which it sounds like you know what the name might be. The location of these files is available in the setup or properties of the anti virus software. Once you see the offending file, look to see where it is with regular old explorer app and look at the properties (right click) as it will be write protected then use the shell run as ADMINISTRATOR and change the ownership to you.

INFO: Hopefully this is NOT in the boot sector or other location where Windows keeps those thousands of OS files. If you can wipe it in the shell (command window), make a recover thumb drive if not done already.

3. Then boot up normally BUT NO LAN CONNECTION which of course your computer will not like at all then if the anti-virus is happy try to reboot this time with LAN connected to see what is up. At this time you can use the info provided above to look at what is running AND who the userid or owner is and if it is NOT you, get rid of it as noted above. If no errors plug the LAN RJ45 plus back in and the PC will see your router in a minute or so, mine takes about 1.5 minutes as the OS is thinking I guess.

4. If no errors or unusual programs, pull up your administration screen of your LAN/router/firewall to see what is connected (should be done weekly) and if anything you do not recognize delete the connection to see if anybody in the house is hollering!

5. Lastly a great idea is to write the name/MAC address of EVERY smart TV, printer/cell phone or any other device using your network. Save these in a note on your phone so you will have a reference. You can use most modern router administration screens to EXCLUDE ALL MAC addresses except yours that are needed.
If you do not know how to do this the router software or manufacturer website help area will give instructions on how to do it. Write everything down in case you have to back up a step.

6. Lastly +1 remember to change the name and password of your router at least yearly AND do NOT use anyother userid or password.

Good luck. I and others back in the 90's when I was teaching computer science classes we always had an "Intro To Computers" class which covered things like this but after 2000's or so the new students all felt thay did not need this geeky stuff but here we are!
John Rogers

[Flatbutt1]

Holy hell now I'm worried. Somebody took control of my computer or at least it looks that way. The cursor started moving all by itself and clicking desktop icons!

I shutdown immediately but WTF?

I'm on a laptop now. I'll be bringing the desktop to a pro tomorrow.

How the heck does someone get remote control of my computer?

[VINMAN]

Quote:

Originally Posted by Flatbutt1

I don't do porn .

In all seriousness. That Sucks.
Happened to me a few years ago. Immediately unplugged my router to all the computers in the house. Luckily was only mine that got hit. A friend of mine went through it and cleaned it up.

I use Malwarebytes and CCleaner. Been pretty lucky.

.

[Flatbutt1]

It's so freakin' wierd. I have two point validation on the important stuff like banking and my one credit card that I use online so that should be ok. My wireless router password is fairly complicated so I can't imagine that got hacked.

It's happened twice now when I'm online. So wierd,

I wonder if it could be hardware related and not a hacker? A driver gone bad? But then why would that click on an icon?I.m mildly freaked.