Ruh roh, caught a puter virus

[m21sniper]

I have always used ad-aware and that typically usually squashes any of your run of the mill spyware/adware type crap.

But this time ad-aware is not getting it done. I disable my internet, run a scan, delete all the objects it sees (usually in the 90s), and within a minute or two of going back online i have iexplorer windows opening left and right again. It's bothersome because i don't even use Iexplorer(im a firefox guy).

Annoying, but the most annoying part is that the virus has subverted my browser's search feature, so i cannot use google or yahoo, etc as i would normally do to try and research the virus and find a fix.

It's also opening numbered EXE's that show up inthe tsk mnagers.Currently the number.exe it's running is 2326948992.exe(in case this means anything to anyone.) I can close it, but another .exe with some other number will just open in it's place in a matter of 60 seconds or less. I just close that one and now 2498544196.exe just opened. (again, in case those numbers actually mean anything to anyone).

So basically, what i'm saying is.....help!

Any suggestion as to good freeware anti-virus/anti-spyware programs would be most appreciated.

If anyone has a program in mind please remember to send a direct link to the download, since i have no ability to search.

[tiwebber]

My wife uses IE and visit lots of blogs and sites and once in a while get a virus. Most are trapped and contained by virus software but the last one was a doozy. These viruses can get into your registry, startup directory and your system32 as dll's. There can be multiple copies all running at the same time under different names and they spawn as fast as you kill them. I have cleaned them up but the method I used is "dangerous" and involves renaming files, deleting the processes (as you have done) and editing the registry to get rid of entries there too. Good luck.

[Radioactive]

Try this

http://www.malwarebytes.org/

[m21sniper]

Thanks man, trying it now.

I'll post back if it works....

[futuresoptions]

Yeah, think I picked one up too... I run CCleaner and CA Security Suite on my cpu, ran ccleaner and a antivirus scan and showed nothing... running the above now, and I am showing 41 infected objects and my scan is no where near complete yet...

[m21sniper]

Radioactive, i'm having a hell of a time getting that program you linked to actually work. When i install it freezes at the "finish installation" step. :-/

PS: Friend of mine told me to try AVG 8.5 free. He says it works great. I'm DL'ing it now, i hope he's right.

[m21sniper]

Yep, this program detected a trojan horse and a virus that Ad-aware doesn't see.

Virus: Win32/Cryptor
Trojan Horse: Vundo.FW

I think all will be well after this, though the virus managed to whack my sound card driver and java or something, as all the applets on websites are all screwed up, and my sound went bye bye. (including here).

[masraum]

To reduce the likelihood of this happening again, learn to use Firefox for most of your browsing.

Use the free Microsoft adware/spyware stuff. I think it's better than adaware or spybot. Those used to be the best, but I got rid of them a long time ago and changed to the MS stuff windows defender and Malicious Software Removal Tool.

http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displayLang=en

http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displayLang=en

Trend Micro AV is good too.

[exitwound]

Format C:

Don't use IE. Period.

[masraum]

Quote:

Originally Posted by exitwound

Don't use IE. Period.

Can't really get around that 100%. IE is ubiquitous. Also, some pages will only work with IE. But keep it's usage to a minimum which means probably 1%.

[exitwound]

There are ZERO pages that I browse to that don't work in Opera. The only reason IE would be used is for ActiveX controls. And those are exactly the methods by which viruses and trojans enter the system. Using IE on lockdown in the corporate environment is not what we're talking about here.

Upgrade to IE8 if you're going to use it. Turn off ActiveX controls.

In the meantime, cleaning viruses is not as safe as total wipe.

Format C: from orbit. It's the only way to be sure.

[masraum]

Quote:

Originally Posted by exitwound

There are ZERO pages that I browse to that don't work in Opera. The only reason IE would be used is for ActiveX controls. And those are exactly the methods by which viruses and trojans enter the system. Using IE on lockdown in the corporate environment is not what we're talking about here.

Upgrade to IE8 if you're going to use it. Turn off ActiveX controls.

In the meantime, cleaning viruses is not as safe as total wipe.

Format C: from orbit. It's the only way to be sure.

I'm in favor of the occasional clean sweep, but it's not 100% necessary to get rid of a virus/trojan/ad-malware.

[exitwound]

He's got a browser hijacking, numerous hidding exes, sound that doesn't work, possibly a java corruption... getting the system back up to speed will take FAR more time than just starting over and knowing it's gone completely.

It's the only way to be sure.

[jyl]

Reformatting and reinstalling OS and apps is a royal pain.

So, after you do it, get an external hard drive and a backup/restore application that periodically and automatically backs up your entire c: drive and allows you to restore from any past point that you choose. Will also come in handy if your c: drive crashes.

Edit - to be safe/sure, I wouldn't merely run the restore app from the infected OS, but would boot from OS CD, format c:, load the restore app CD and then restore. I am not sure if you'd have to do something further to clean out a boot sector virus?

(I have this with Time Machine in Mac OS X. Haven't had to use it to recover from a virus - serious viruses for Macs are still pretty uncommon - but have used it when replacing the Mac's internal drive. Makes a PITA into something quite easy.)

[kodioneill]

i had a similar virus i had to press f11 on start to do a recovery backup it worked great.

[jeffgrant]

Quote:

Originally Posted by masraum

I'm in favor of the occasional clean sweep, but it's not 100% necessary to get rid of a virus/trojan/ad-malware.

In some cases, it is.

And for that matter, a clean sweep doesn't always work.

You might find this an interesting read: http://threatpost.com/blogs/researchers-unveil-persistent-bios-attack-methods

[futuresoptions]

Finally ended up with 45 items.... one trojan, one rogue.exe and the rest was spyware that my CA spyware would identify and quarantine but could not successfully remove... I was able to get it off my pc finally, but I am having trouble now when I boot up from my svchost.exe (this is where the trojan was) and I still cannot link to CA to update my security suite or to Microsoft for their updates... I have downloaded the Microsoft malicious software removal tool a couple weeks ago when I downloaded my Microsoft upgrades.... guess I am going to have to use my recovery discs and keep my automatic updates turned on...

[futuresoptions]

How do you access the Microsft Malicious software removal tool? I know that it downloaded, but I do not have an icon on my desktop and I do not see it in my program list....

[masraum]

http://www.microsoft.com/security/malwareremove/default.mspx

Quote:

Note The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if an infection is found. If you would like to run this tool more than once a month, use the version on this Web page or install the version that is available in the Download Center.

[flatbutt]

I've been using AVG ever since Adaware let a bug in. No problems with AVG so far. Mine does an automatic scan evry night.