Virus... help me!!

[Furuno]

Yesterday my friend plug in some flash disk from his friend and guess what happened.. Found weird virus on it. Try to scan it, he scan it with Avira, says virus deleted. I help him with clamav for windows... says no virus found. We're glad.

At night he suddenly come to my house and says "there's something crazy with my box". Here's the problem :

When starting up, the system poped up a window of Windows Explorer without anything else... no taskbar... even no desktop background. If that windows closed then that's it. Have to reset. But everything else work fine. You can still run any program and work with it.

Okay now i'm trying with safe mode... not good... same symptoms. Trying regedit... disabled. I'm started to give up since i didn't have very good knowledge on Windows (i'm using linux). Note that if i try to open any text file it'll show and empy notepad window with file name "Untitled".

So currently he's running on KNOPPIX with live CD and if i can't do anything about it i'll install Ubuntu on it. Glad all of anime data already backed up...

Whats wrong with that PC? What should I do to avoid installing Linux on that?

Oh yeah here's my friend specs:
P4 2.8 GHz with HT
256MB DDR
40GB SATA
GeForce MX4000
OS : Windows XP Home Professional Edition SP1 (looks like SP1)

Please help and thanks before...

[toru310]

Ermm can I ask when was the virus detected? And when was the problem occurring?

Since it was yesterday that's just simple..tell your friend to do a system restore...try 2 days before...it might work...because I posted something like this before and I just did a system restore and It's healthy again..System restore is located in Start>All programs>Accessories>system tools

If your friend does not know what system restore is..(It I think It rollsback your system before the virus occurred and don't worry about your data It won't get affected.)

Also about the flash disk format it immediately so that no one can get infected..

[Ledgem]

What's the window that popped up? And what did it say? Beyond that, anything is pure speculation; I'd guess that maybe if he did virus removal on his computer, the virus had infected a core system file that was damaged in the cleaning process. If that's the case, should be an easy fix: just boot off Windows CD, access regular installer menu, and then select to repair the Windows install.

[Specto]

As Ledgem says, doing a repair install of windows should get it working, but you should still run a virus scan with several tools - they all miss some viruses. and some viruses can be tricky to remove.

You will also want to run some anti-spyware and adware removal tools.

On-line Antivirus scans:
These are full anti-virus scans that run from within your web browser (usually internet explorer).
- Pandasoft Active Scan
- Trend Micro "Housecall"

Other Virus removal tools:
- Sophos Anti-virus Command line scanner SAV32CLI - very useful
This tool is the "emergency command line version of Sophos antivirus". You can download it (for free) along with the Virus Identify Files (make sure they match up with the version numbers of SAV32CLI you downloaded) and burn it to CD. You can then boot off a boot disk (or to safe-mode command prompt) and run a full virus scan of your system. Full instructions given on the page.
Note: In event of broken link, the support title is "Removing malicious files with SAV32CLI".

- McAfee Stinger - Not a proper anti-virus scanner, rather a tool to remove the really common ones. Can be run from within windows or from a boot disk

Spy/Ad-ware removal (free):
It is usually a good idea to scan with all of these programs as none of them catch every different nasty.
Note: Make sure you run an Update within the program before scanning your system
- Ad-aware - Click here for direct download link
- Spybot Search and Destroy
- Windows Defender - Requires validation of your copy of windows, so don't even try this if your copy of windows is illegal.

[Furuno]

Quote:

Originally Posted by Migufuchi Fusutsu

Ermm can I ask when was the virus detected? And when was the problem occurring?

Since it was yesterday that's just simple..tell your friend to do a system restore...try 2 days before...it might work...because I posted something like this before and I just did a system restore and It's healthy again..System restore is located in Start>All programs>Accessories>system tools

If your friend does not know what system restore is..(It I think It rollsback your system before the virus occurred and don't worry about your data It won't get affected.)

Date is 2007-04-24
Cannot access system restore

Quote:

Originally Posted by Ledgem

What's the window that popped up? And what did it say? Beyond that, anything is pure speculation; I'd guess that maybe if he did virus removal on his computer, the virus had infected a core system file that was damaged in the cleaning process. If that's the case, should be an easy fix: just boot off Windows CD, access regular installer menu, and then select to repair the Windows install.

The window popped up is Windows Explorer

Currently he's using my knoppix live cd for booting. Well i guess i'll just have to reinstall the system right?

[toru310]

Well if you reinstall your friend's system at least his pc is clean. but if there's files there that is important to him that's a problem..did he back up his files?

Why can't he access system restore??

[Urahura Kisuke]

Get spybot search and destroy, and AVG free.
If your scans don't work, then you'll probably have to reinstall windows.
To do that, just boot off the CD.

[Venser]

Cannot access system restore and reg edit? If you're running a validated copy of windows would u like to give Windows Defender a try, sometimes it detects even the most minor issues such as backdoors etc, because as far as possible doing a reformat is kinda like a nuke and i'd avoid that as much as possible.
(I was thinking it could be something called the Ciadoor or something like that, because it sounds like it has similar characteristics.)

Alternatively try installing a firewall such as the PC Tools Firewall Plus and see if it detects any network connection attempts on startup.

Some backdoors modify registry files and hide themselves to avoid detection. Please do give everyone's suggestion a try and look up virus solution forums as well.

Alternatively if all else fails download Hijackthis at http://www.spywareinfo.com/~merijn/programs.php and post the result log at the Hijackthis forums. They'd be able to assist you with it ^_^

[toru310]

Ermm since this thread is called virus..ermm anyways when I was surfing the net I accidentally pressed the adds in some net like free wallpapers and something and I know that sometimes some sites have viruses...so anyways this what happened I was surfing yeah and I accidentally pressed the add "free wallpaper" and I of course exit it immediately looking at my cookies I can't seem to see any weird sites in my cookies but I'm not sure..So question is will I ever get infected with trojan spyware malware or something? oh yeah My anti virus avast! didn't click the virus has been detected..darn...maybe I should scan With ad aware to be sure?? This is so frustrating because I just freshly formatted my pc and it's so clean....


Note:I think the link is a ermm flash player.. also i pressed another site by accident this time it's Best vacation site's darn and when I was analyzing the site it's in 'adserver" and it's in the spywareblester..darn I pressed those site's before I installed spywareblaster..need help breaking down here.. it's just frustrating I mean I just reformatted my pc and then this happens...I'm so not sure...help!


Also what's the best programs for this kinds of problem?

[Venser]

hmm... rather its a combination of programs. For more information on what your virus does you might wish to try Hijackthis at http://www.spywareinfo.com/~merijn/programs.php and post the logs at hijackthis forums for analysis. I personally use Windows Defender since I have a validated copy of winXP, and PC Tools Firewall Plus.

Have fun and all the best ^_^

[Ledgem]

The best program I can offer: not freaking out over it.

OK, seriously, let's break it down: most of those sites and ads do NOT distribute malware. Many do. If you're using Internet Explorer, you're at big-time vulnerability to have some trash downloaded to your system (I'm speaking from experience). If you use FireFox or Opera, and as a bonus are blocking pop-ups, then you should be safe.

If you have a virus scanner and it's trustworthy (AVG is trustworthy, from what I hear), then you shouldn't have anything to fear - assuming you have auto-protect enabled. Again, from my experience, the second something poppped onto my system, my AV software caught it and I was saved from a spyware infection. I guess I can't complain about antivirus companies branching out to detect more than just viruses anymore.

If you're really worried, then just do the usual: run your scans. Run a virus scan, and then run scans with Ad-Aware and Spybot Search&Destroy. If you don't have them, get them - they're free, they're reliable, and they give you peace of mind. Generally, if you're going to pick up something nast from a banner ad, it'll be spyware rather than a virus. Spyware can be just as bad sometimes (again, speaking from experience - I had a program total a Windows file necessary for networking back on WinME), but the distinction is important - don't rely on your virus scanner to catch all of the spyware, even though many AV companies claim that they can detect those things, too.

Lastly, Migufuchi, computers seem to be stressing you out a lot... for your health, have you considered switching to Linux or Mac OS? I just recently received a MacBook, and to be frank, the Mac OS doesn't feel cryptic at all. I have access to Windows from here, too (installed the usual gamut of security software on it). I feel a bit more secure, but at the end of the day I'm still a paranoid Windows user - just with a lower heart rate than those actually on Windows. (Linux is a bit more difficult, but it's free and it feels cool to use!) Unless you have something keeping you on Windows, you might want to consider it.

[Venser]

Switching to Mac OS is a good idea. ^_^ It makes computing far easier and less maigraine-inducing than what a windows computer may put you through, if you don't mind the slight premium. ^_^

[toru310]

Yeah! I used mozilla when that event occurred and with an additional plug in of ad block plus. Yeah computers especially windows stress me out a lot..maybe buying a mac is not bad maybe a G5? darn that's so expensive! Thanks for the info @Ledgem and Venser.

Side question how can you use spybot search and destroy I used it once but had a hard time using it so I gave up but I'm willing to try again that was when I had a bad os installed in my pc.

Spoiler:

screen shot before and first used spybot

[Jinto]

I don't know how spybot retrieves the change information... if it does a very simple check, this messagebox might appear for a pretty silly reason... like: the file was moved/copied since it was created. I just don't know exactly how spybot works, so please regard this as a maybe possible explanation.

[toru310]

Well that screen shot was long ago when I have a crapy os installed.

Anyways is it ok to have this programs installed?

-Spybot search & destroy
-cCleaner

Trying to make my pc virus free..^^

Side question: What do you call a virus that eats up your hard drives space? and what is the solution for that?

Hehe I'm starting to be a victim here..nyahahaha oh no!

[Jinto]

Quote:

Originally Posted by Migufuchi Fusutsu

Well that screen shot was long ago when I have a crapy os installed.

Anyways is it ok to have this programs installed?

-Spybot search & destroy
-cCleaner

I prefer AVG Anti Virus and Comodo Firewall and Hijackthis to get rid of the remaining stuff

Quote:

Originally Posted by Migufuchi Fusutsu

Trying to make my pc virus free..^^

ganbatte.

Quote:

Originally Posted by Migufuchi Fusutsu

Side question: What do you call a virus that eats up your hard drives space? and what is the solution for that?

virus (often the replicating type... that manifests itself in almost all your executable files). There are several ways to get rid of it... first try a decent virus scanner (minimum AVG)

Quote:

Originally Posted by Migufuchi Fusutsu

Hehe I'm starting to be a victim here..nyahahaha oh no!

You think so? Well maybe you are right. I suggest, download the free version of AVG Anti Virus and scan your PC.

[toru310]

Thanks I'll go with that.. Never heard of the firewall though..and Hijackthis is like scary..well I'll use it if I ever got infected...

[Ledgem]

Quote:

Originally Posted by Migufuchi Fusutsu

Well that screen shot was long ago when I have a crapy os installed.

That message looks more like a fake message generated by malware that detects Spybot S&D, and then blocks it from opening. I say that because the message itself just looks so advertisey, except that it doesn't advertise for a product. It could be legit, but either way, it leads to another thing you should be aware of:

Quote:

Anyways is it ok to have this programs installed?

-Spybot search & destroy
-cCleaner

Trying to make my pc virus free..^^

Many people have become aware that Windows is a security risk, but they don't know how they'll be attacked nor how to defend themselves. It seems like in the recent years, many companies have been creating fake security products. The product will offer a free trial or version, let you scan with it, and then it finds problems. But to remove the problems, you need to buy the pro/full version. These types of software often are not considered to be decent products, and some were even malware. Many still exist today. So be very careful when you're deciding what to go with. I think that the absolute safest way is to go by word of mouth - and I don't mean one person's recommendation, I mean a recommendation with at least three experienced people behind it.

But that can be a bit tedious, or even impossible. I can pick out the fakes pretty well, I think, but determining when a product is good is a bit harder. I can't give you the experience, but I can give you advice: be skeptical whenever you're looking over those security products. If you want to be really good about it, you can try Googling to see public opinion (another option is Wikipedia, which also seems to be pretty good about remarking on fake software scams).

The recommendations I've used for years and years: Ad-Aware and SpyBot S&D. I've never heard of cCleaner - I just went to their homepage and it doesn't seem like malware, but be aware that it isn't a virus/malware detector, but rather a system optimizer + privacy program.

Quote:

Side question: What do you call a virus that eats up your hard drives space? and what is the solution for that?

It's called anime, and the only solution is to find something that can shake the addiction.

In all seriousness, I've never heard of a virus behaving that way. It's possible, but remember this, also: viruses in the past were written to mess up your files and your computer. Viruses today are designed to take control of your computer without you knowing it. There's a large black market behind this, and if you'd like, I can explain it to you. I find it relatively terrifying, though. At least when a virus struck in the past, it'd be pretty obvious. You have to know your computer like the back of your own hand to know that you've been infected with some of the viruses that are around these days. A virus that eats up disk space seems too obvious, and it gives itself away. Could exist, but...

[SeijiSensei]

Some basic info on "botnets": http://www.shadowserver.org/wiki/pmw...mation.Botnets

Their March, 2007, report shows a scary increase in the number of machines now controlled by botnet "herders." While ShadowServer estimated that about 500,000 computers were remotely controlled in January/February of this year, that figure appears to have shot up to something like 2.5 million computers in the past month. They don't have a good explanation for this jump, but regardless of whether it's real or not, it's still the case that something on the order of a million computers worldwide are now harnessed into botnets.

No longer is it the case that computer viruses affect only the computer's owner. As Ledgem observes most viruses these days are designed to put your computer to work for someone else, usually someone with nefarious purposes. I've seen home computers used to host bank "phishing" sites for identity-theft purposes, home computers that send out spam all day long, and home computers that are used to target websites via so-called "distributed denial-of-service" attacks.

Internet gambling sites have been a favorite target for denial-of-service attacks. Usually these involve extortion where the site owner is told to pay a substantial amount of money (like $50,000) or the site will be knocked off the Internet by overwhelming it with phony traffic from the infected computers. Many times the owners have paid up.

[WanderingKnight]

Quote:

There's a large black market behind this, and if you'd like, I can explain it to you. I find it relatively terrifying, though.

You know, it's like when you get those little spam messages in your inbox advertising for small little... vitality... pills... or so to speak .