2007-04-25, 03:48 | Link #1 |
Fuwaaa~~~
IT Support
|
Virus... help me!!
Yesterday my friend plug in some flash disk from his friend and guess what happened.. Found weird virus on it. Try to scan it, he scan it with Avira, says virus deleted. I help him with clamav for windows... says no virus found. We're glad.
At night he suddenly come to my house and says "there's something crazy with my box". Here's the problem : When starting up, the system poped up a window of Windows Explorer without anything else... no taskbar... even no desktop background. If that windows closed then that's it. Have to reset. But everything else work fine. You can still run any program and work with it. Okay now i'm trying with safe mode... not good... same symptoms. Trying regedit... disabled. I'm started to give up since i didn't have very good knowledge on Windows (i'm using linux). Note that if i try to open any text file it'll show and empy notepad window with file name "Untitled". So currently he's running on KNOPPIX with live CD and if i can't do anything about it i'll install Ubuntu on it. Glad all of anime data already backed up... Whats wrong with that PC? What should I do to avoid installing Linux on that? Oh yeah here's my friend specs: P4 2.8 GHz with HT 256MB DDR 40GB SATA GeForce MX4000 OS : Windows XP Home Professional Edition SP1 (looks like SP1) Please help and thanks before...
__________________
|
2007-04-25, 04:08 | Link #2 |
Senior Member
Join Date: Apr 2006
Location: Philippines
|
Ermm can I ask when was the virus detected? And when was the problem occurring?
Since it was yesterday that's just simple..tell your friend to do a system restore...try 2 days before...it might work...because I posted something like this before and I just did a system restore and It's healthy again..System restore is located in Start>All programs>Accessories>system tools If your friend does not know what system restore is..(It I think It rollsback your system before the virus occurred and don't worry about your data It won't get affected.) Also about the flash disk format it immediately so that no one can get infected.. Last edited by toru310; 2007-04-25 at 04:19. |
2007-04-25, 22:11 | Link #3 |
Love Yourself
Join Date: Mar 2003
Location: Northeast USA
Age: 38
|
What's the window that popped up? And what did it say? Beyond that, anything is pure speculation; I'd guess that maybe if he did virus removal on his computer, the virus had infected a core system file that was damaged in the cleaning process. If that's the case, should be an easy fix: just boot off Windows CD, access regular installer menu, and then select to repair the Windows install.
__________________
|
2007-04-26, 13:13 | Link #4 |
Junior Member
IT Support
Join Date: Feb 2004
Location: UK
|
As Ledgem says, doing a repair install of windows should get it working, but you should still run a virus scan with several tools - they all miss some viruses. and some viruses can be tricky to remove.
You will also want to run some anti-spyware and adware removal tools. On-line Antivirus scans: These are full anti-virus scans that run from within your web browser (usually internet explorer). - Pandasoft Active Scan - Trend Micro "Housecall" Other Virus removal tools: - Sophos Anti-virus Command line scanner SAV32CLI - very useful This tool is the "emergency command line version of Sophos antivirus". You can download it (for free) along with the Virus Identify Files (make sure they match up with the version numbers of SAV32CLI you downloaded) and burn it to CD. You can then boot off a boot disk (or to safe-mode command prompt) and run a full virus scan of your system. Full instructions given on the page. Note: In event of broken link, the support title is "Removing malicious files with SAV32CLI". - McAfee Stinger - Not a proper anti-virus scanner, rather a tool to remove the really common ones. Can be run from within windows or from a boot disk Spy/Ad-ware removal (free): It is usually a good idea to scan with all of these programs as none of them catch every different nasty. Note: Make sure you run an Update within the program before scanning your system - Ad-aware - Click here for direct download link - Spybot Search and Destroy - Windows Defender - Requires validation of your copy of windows, so don't even try this if your copy of windows is illegal. |
2007-04-28, 00:42 | Link #5 | ||
Fuwaaa~~~
IT Support
|
Quote:
Cannot access system restore Quote:
Currently he's using my knoppix live cd for booting. Well i guess i'll just have to reinstall the system right?
__________________
|
||
2007-04-28, 05:55 | Link #8 |
Shaper Savant
|
Cannot access system restore and reg edit? If you're running a validated copy of windows would u like to give Windows Defender a try, sometimes it detects even the most minor issues such as backdoors etc, because as far as possible doing a reformat is kinda like a nuke and i'd avoid that as much as possible.
(I was thinking it could be something called the Ciadoor or something like that, because it sounds like it has similar characteristics.) Alternatively try installing a firewall such as the PC Tools Firewall Plus and see if it detects any network connection attempts on startup. Some backdoors modify registry files and hide themselves to avoid detection. Please do give everyone's suggestion a try and look up virus solution forums as well. Alternatively if all else fails download Hijackthis at http://www.spywareinfo.com/~merijn/programs.php and post the result log at the Hijackthis forums. They'd be able to assist you with it ^_^ |
2007-04-29, 05:35 | Link #9 |
Senior Member
Join Date: Apr 2006
Location: Philippines
|
Ermm since this thread is called virus..ermm anyways when I was surfing the net I accidentally pressed the adds in some net like free wallpapers and something and I know that sometimes some sites have viruses...so anyways this what happened I was surfing yeah and I accidentally pressed the add "free wallpaper" and I of course exit it immediately looking at my cookies I can't seem to see any weird sites in my cookies but I'm not sure..So question is will I ever get infected with trojan spyware malware or something? oh yeah My anti virus avast! didn't click the virus has been detected..darn...maybe I should scan With ad aware to be sure?? This is so frustrating because I just freshly formatted my pc and it's so clean....
Note:I think the link is a ermm flash player.. also i pressed another site by accident this time it's Best vacation site's darn and when I was analyzing the site it's in 'adserver" and it's in the spywareblester..darn I pressed those site's before I installed spywareblaster..need help breaking down here.. it's just frustrating I mean I just reformatted my pc and then this happens...I'm so not sure...help! Also what's the best programs for this kinds of problem? Last edited by toru310; 2007-04-29 at 08:47. |
2007-04-30, 01:30 | Link #10 |
Shaper Savant
|
hmm... rather its a combination of programs. For more information on what your virus does you might wish to try Hijackthis at http://www.spywareinfo.com/~merijn/programs.php and post the logs at hijackthis forums for analysis. I personally use Windows Defender since I have a validated copy of winXP, and PC Tools Firewall Plus.
Have fun and all the best ^_^ |
2007-04-30, 01:32 | Link #11 |
Love Yourself
Join Date: Mar 2003
Location: Northeast USA
Age: 38
|
The best program I can offer: not freaking out over it.
OK, seriously, let's break it down: most of those sites and ads do NOT distribute malware. Many do. If you're using Internet Explorer, you're at big-time vulnerability to have some trash downloaded to your system (I'm speaking from experience). If you use FireFox or Opera, and as a bonus are blocking pop-ups, then you should be safe. If you have a virus scanner and it's trustworthy (AVG is trustworthy, from what I hear), then you shouldn't have anything to fear - assuming you have auto-protect enabled. Again, from my experience, the second something poppped onto my system, my AV software caught it and I was saved from a spyware infection. I guess I can't complain about antivirus companies branching out to detect more than just viruses anymore. If you're really worried, then just do the usual: run your scans. Run a virus scan, and then run scans with Ad-Aware and Spybot Search&Destroy. If you don't have them, get them - they're free, they're reliable, and they give you peace of mind. Generally, if you're going to pick up something nast from a banner ad, it'll be spyware rather than a virus. Spyware can be just as bad sometimes (again, speaking from experience - I had a program total a Windows file necessary for networking back on WinME), but the distinction is important - don't rely on your virus scanner to catch all of the spyware, even though many AV companies claim that they can detect those things, too. Lastly, Migufuchi, computers seem to be stressing you out a lot... for your health, have you considered switching to Linux or Mac OS? I just recently received a MacBook, and to be frank, the Mac OS doesn't feel cryptic at all. I have access to Windows from here, too (installed the usual gamut of security software on it). I feel a bit more secure, but at the end of the day I'm still a paranoid Windows user - just with a lower heart rate than those actually on Windows. (Linux is a bit more difficult, but it's free and it feels cool to use!) Unless you have something keeping you on Windows, you might want to consider it.
__________________
|
2007-04-30, 06:08 | Link #13 |
Senior Member
Join Date: Apr 2006
Location: Philippines
|
Yeah! I used mozilla when that event occurred and with an additional plug in of ad block plus. Yeah computers especially windows stress me out a lot..maybe buying a mac is not bad maybe a G5? darn that's so expensive! Thanks for the info @Ledgem and Venser.
Side question how can you use spybot search and destroy I used it once but had a hard time using it so I gave up but I'm willing to try again that was when I had a bad os installed in my pc. Spoiler:
screen shot before and first used spybot |
2007-04-30, 07:25 | Link #14 |
Asuki-tan Kairin ↓
Join Date: Feb 2004
Location: Fürth (GER)
Age: 43
|
I don't know how spybot retrieves the change information... if it does a very simple check, this messagebox might appear for a pretty silly reason... like: the file was moved/copied since it was created. I just don't know exactly how spybot works, so please regard this as a maybe possible explanation.
__________________
|
2007-04-30, 08:36 | Link #15 |
Senior Member
Join Date: Apr 2006
Location: Philippines
|
Well that screen shot was long ago when I have a crapy os installed.
Anyways is it ok to have this programs installed? -Spybot search & destroy -cCleaner Trying to make my pc virus free..^^ Side question: What do you call a virus that eats up your hard drives space? and what is the solution for that? Hehe I'm starting to be a victim here..nyahahaha oh no! |
2007-04-30, 08:46 | Link #16 | ||
Asuki-tan Kairin ↓
Join Date: Feb 2004
Location: Fürth (GER)
Age: 43
|
Quote:
ganbatte. Quote:
You think so? Well maybe you are right. I suggest, download the free version of AVG Anti Virus and scan your PC.
__________________
|
||
2007-04-30, 21:26 | Link #18 | |||
Love Yourself
Join Date: Mar 2003
Location: Northeast USA
Age: 38
|
Quote:
Quote:
But that can be a bit tedious, or even impossible. I can pick out the fakes pretty well, I think, but determining when a product is good is a bit harder. I can't give you the experience, but I can give you advice: be skeptical whenever you're looking over those security products. If you want to be really good about it, you can try Googling to see public opinion (another option is Wikipedia, which also seems to be pretty good about remarking on fake software scams). The recommendations I've used for years and years: Ad-Aware and SpyBot S&D. I've never heard of cCleaner - I just went to their homepage and it doesn't seem like malware, but be aware that it isn't a virus/malware detector, but rather a system optimizer + privacy program. Quote:
In all seriousness, I've never heard of a virus behaving that way. It's possible, but remember this, also: viruses in the past were written to mess up your files and your computer. Viruses today are designed to take control of your computer without you knowing it. There's a large black market behind this, and if you'd like, I can explain it to you. I find it relatively terrifying, though. At least when a virus struck in the past, it'd be pretty obvious. You have to know your computer like the back of your own hand to know that you've been infected with some of the viruses that are around these days. A virus that eats up disk space seems too obvious, and it gives itself away. Could exist, but...
__________________
|
|||
2007-04-30, 23:07 | Link #19 |
AS Oji-kun
Join Date: Nov 2006
Age: 74
|
Viruses and "botnets"
Some basic info on "botnets": http://www.shadowserver.org/wiki/pmw...mation.Botnets
Their March, 2007, report shows a scary increase in the number of machines now controlled by botnet "herders." While ShadowServer estimated that about 500,000 computers were remotely controlled in January/February of this year, that figure appears to have shot up to something like 2.5 million computers in the past month. They don't have a good explanation for this jump, but regardless of whether it's real or not, it's still the case that something on the order of a million computers worldwide are now harnessed into botnets. No longer is it the case that computer viruses affect only the computer's owner. As Ledgem observes most viruses these days are designed to put your computer to work for someone else, usually someone with nefarious purposes. I've seen home computers used to host bank "phishing" sites for identity-theft purposes, home computers that send out spam all day long, and home computers that are used to target websites via so-called "distributed denial-of-service" attacks. Internet gambling sites have been a favorite target for denial-of-service attacks. Usually these involve extortion where the site owner is told to pay a substantial amount of money (like $50,000) or the site will be knocked off the Internet by overwhelming it with phony traffic from the infected computers. Many times the owners have paid up.
__________________
Last edited by SeijiSensei; 2007-05-01 at 00:09. |
2007-04-30, 23:13 | Link #20 | |
Gregory House
IT Support
|
Quote:
__________________
|
|
|
|