Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
9/22/2017 12:11:25 AM
Posted: 12/23/2005 3:15:03 PM EDT
[Last Edit: 12/24/2005 12:32:50 PM EDT by TealGunner]
So, here's the deal. My computer has a virus. I cleaned the spyware out of my machine, but I cannot get to a site that sells/offers antivirus software. The operation always times out. I can surf anywhere else, but not to get antivirus. The Security Center also continually comes up with my firewall and automatic updates turned off. I can turn them back on, but upon a restart they are turned off again.

If anyone has a similar problem or a patch/fix, please contact me and see if you can email it directly to me. The dang thing keeps me from surfing for it myself. I couldn't get to McAfee, Norton, or Computer Associates among others.

Thanks for the help guys.
Link Posted: 12/23/2005 3:16:51 PM EDT
[Last Edit: 12/23/2005 3:18:24 PM EDT by otar]
If you can surf over to panda have it do an free online scan.

eta:linky
you need to have a browser that will run active x to online scan. (like IE)
Link Posted: 12/23/2005 3:17:05 PM EDT
Link Posted: 12/23/2005 3:18:04 PM EDT
Boot into safe mode with networking then try.
Link Posted: 12/23/2005 3:20:27 PM EDT
Panda software connection timed out. Working on Housecall from Trend Micro now.

How do I boot into safe mode with networking???
Link Posted: 12/23/2005 3:21:48 PM EDT
trendmicro also timed out. This sucks. If anyone has a fix, please email through my contact info. This is killing me.
Link Posted: 12/23/2005 3:23:32 PM EDT
try a systems restore to yesterday...its worked for me before
Link Posted: 12/23/2005 3:25:22 PM EDT
Go read a book. This internet thing is just a passing fad.
Link Posted: 12/23/2005 3:27:52 PM EDT
[Last Edit: 12/23/2005 3:31:00 PM EDT by WildBoar]
Souns like a variant of MyDoom. An oldie. Are you using XP with SP1?

Can you get to the windows page? The Malicious Software Removal Tool will get rid of it. If you have to, download it from another computer and give it a try.

Oh and turn on your firewall.

try www.microsoft.com/security/malwareremove/default.mspx
Link Posted: 12/23/2005 3:30:41 PM EDT
I always just use quick restore takes like 10 minutes.
Link Posted: 12/23/2005 3:32:09 PM EDT

Originally Posted By TealGunner:
Panda software connection timed out. Working on Housecall from Trend Micro now.

How do I boot into safe mode with networking???



Re-boot. Press and hold [F8] key when computer starts to boot.
Link Posted: 12/23/2005 3:34:16 PM EDT
A virus, huh?



Link Posted: 12/23/2005 3:35:24 PM EDT
[Last Edit: 12/23/2005 3:36:32 PM EDT by WildBoar]
If you dont have the tool try it this way. Well that is if its the virus I am thinking of..

WARNING, one typo in the registry can total your system.

www.pchell.com/virus/mydoom.shtml

How Can I Remove the MyDoom.A or Novarg.A worm?

Follow these steps in removing the MiMail.R worm.

1) Restart your Computer in Safe mode by pressing F8 as the computer is booting. The backdoor component attaches itself to the Explorer.exe file, so restarting in Safe mode should allow you to remove it the easiest.

2) Remove the Registry entries
(deleting the wrong item in the registry can render your computer unbootable, do not follow these steps unless you have made a backup of the registry or can recover from a corrupted registry)

* Click on Start, Run, Regedit
* In the left panel go to the following keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

* In the right panel, right-click and delete the following entry

"Taskmon"="%System%\taskmon.exe"
* In the left panel go to the following keys and delete them

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\Version
* In the left panel go to the following key

HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
* In the right pane, modify the value as follows, depending on your operating system:

(Default) = “%System%\shimgapi.dll”

3) Delete the infected files (for Windows ME and XP you may have to disable system restore to remove infected backed up files as well)

* Click Start, point to Find or Search, and then click Files or Folders.
* Make sure that "Look in" is set to (C:\WINDOWS\SYSTEM).
* In the "Named" or "Search for..." box, type, or copy and paste, the file names:

shimgapi.dll (in the Windows\System folder)
taskmon.exe (in the Windows\System folder)
** Note: DO NOT DELETE ANY INSTANCE OF TASKMON.EXE IN THE NORMAL WINDOWS FOLDER
* Click Find Now or Search Now.
* Delete the displayed files.
Link Posted: 12/23/2005 3:35:31 PM EDT
Link Posted: 12/23/2005 3:40:51 PM EDT
Link Posted: 12/23/2005 3:42:09 PM EDT
You could just box it up and send it to me. I've got one on my desk right now that an ex co-worker dropped off for virus removal. I counted and gave up after 10 different virus's. Many repeated themselves several times. I've got somewhere in the neighborhood of 5-7 hours in this one.
Link Posted: 12/23/2005 3:46:10 PM EDT
Is this the SpyHunter exploit?

I was unable to clean it up. What I did was find out what executables were being created in the system32 folder. I'd log in safe mode, delete the .exe file, create an empty .exe file with the same name, then reboot in normal mode.

It goes through 3 or 4 name changes, so it took me an hour to kill it.

None of the spyware or virus programs can clean this thing up.
Link Posted: 12/23/2005 3:55:14 PM EDT
Link Posted: 12/23/2005 7:03:37 PM EDT
xblock

ewido

xp only winsock fix

spybot should help

make sure you update ewido, and spybot before you run them
Link Posted: 12/23/2005 7:09:25 PM EDT
Had a similar problem where a hijacker took control of my browser, took me to a page that wanted me to purchase some software to remove the shit the jacked my comp with. Called IT guy and he downloaded something called smitRem. I don't know how it works but the folder for it is still on my desktop just in case.
Link Posted: 12/23/2005 9:23:43 PM EDT
He has not replied in a while. Maybe he killed his system? Hope he comes back and lets us know.
Link Posted: 12/24/2005 7:07:01 AM EDT
[Last Edit: 12/24/2005 7:07:50 AM EDT by cmjohnson]
Link Posted: 12/24/2005 7:30:05 AM EDT
I know a simple fix . Catch the mother fu@kers who make this shit up just because they hate Bill Gates and hang um up.
Link Posted: 12/24/2005 8:11:32 AM EDT
Well, here's the update.

The Microsoft Live Service Center Beta Version detected 4 viruses and 20 infected files. It cleaned one virus, but could not clean the other three.

I deleted the hosts files--there were three of them.

I am currently running Housecall again--somehow my browser closed on it yesterday and in the meantime I ran the MS help.

I need to finish running these and then hopefully I can get some free antivirus software. I'll keep posting as things progress.

I just have the feeling that these viruses are new and can't be cleaned yet.

Thanks for the advice, the machine is still up and running--has a Christmas party to go to last night.

I'll keep all apprised of the situation.
Link Posted: 12/24/2005 9:01:09 AM EDT

Originally Posted By TealGunner:

I just have the feeling that these viruses are new and can't be cleaned yet.



If that is the case look into the fully functional trial of " NOD 32

It picked up several "unknown" viruses & several known viruses that TM's internet security missed. If you do a little research you will find that NOD 32 is the absolute best.
Link Posted: 12/24/2005 9:07:13 AM EDT
[Last Edit: 12/24/2005 9:08:10 AM EDT by cruze5]

Originally Posted By enigma1:

Originally Posted By TealGunner:

I just have the feeling that these viruses are new and can't be cleaned yet.



If that is the case look into the fully functional trial of " NOD 32

It picked up several "unknown" viruses & several known viruses that TM's internet security missed. If you do a little research you will find that NOD 32 is the absolute best.



wow another nod32 fan. i love their dos scanner. its will scan ntfs harddrives in safe mode with command promt only.

edit thats what im using on this machine. my main machine

commandondemand is good also
Link Posted: 12/24/2005 9:32:56 AM EDT
Well, trendmicro.com's Housecall found and fixed most of my problems. Here's what's left.

TROJ_BAGLE.GS Found, does not have more information on how to remove.


MS00-034 Vulnerability through Office 2000 and the Show Me command


MS01-028 Vulnerability via a RTF document attached to a template with embedded macros


The last two, I have no idea how to eliminate. If anyone has anything to kill the trojan, I would forever be in your debt. I will try to run NOD32 now and see what happens.
Link Posted: 12/24/2005 12:35:54 PM EDT
Ran ewido and found a bunch of stuff, tracking cookies, worms, etc. It managed to clean everything out. I rebooted a couple of times and so far haven't had issues with my firewall or autoupdate being shut down. Computer seems to run better. I plan to spend a few bucks on a couple of antivirus products. I downloaded several free versions and ran each one. Each one found something different and could only clean some of it. Through a cumulative effort, it seems I am once again free of those evil worms/trojans/viruses/spywares/malwares.

Thank you to the Arfcom family who pitched in and gave me advice and stayed optimistic. There's no way I could afford a new machine or to have it professionally cleaned during this Christmas season. You guys have let me enjoy without having a looming computer problem over my head.

Merry Christmas and Happy New Year.
Link Posted: 12/24/2005 1:18:53 PM EDT
If you didn't surf the web on an Administrator account, you wouldn't get infected with this crap in the first place. It's your own fault.
Link Posted: 12/24/2005 2:16:10 PM EDT
Get some registry monitoring software, I'm using Teatimer, a free program product from the makers of Spybot that will tell you when the registery is about to be updated, and you can allow or deny the entry to the registery. Viruses can't infect your machine if you deny it access to the register Excellent software.
Link Posted: 12/24/2005 3:29:38 PM EDT

Originally Posted By JavaMan:
If you didn't surf the web on an Administrator account, you wouldn't get infected with this crap in the first place. It's your own fault.



Wow, only one jerk in the bunch. Everyone else who has posted in this thread has given welcome and constructive advice. I am NOT a computer savvy person--I guess I'm just knowledgable enough to get into trouble occasionally. While your statement may be true and I suppose I am surfing with an administrator account, this was something I did not realize was a contributor.

In the future, when someone requests assistance from the arfcom pool of knowledge, my advice to you is to either share your vast stores of information in a constructive, nice, and educational way rather than being the jerk you showed yourself to be this time.

Granted, I don't even know you, but your post lets me know that I can do without knowing you.

Merry Christmas
Link Posted: 12/24/2005 3:30:18 PM EDT

Originally Posted By warlord:
Get some registry monitoring software, I'm using Teatimer, a free program product from the makers of Spybot that will tell you when the registery is about to be updated, and you can allow or deny the entry to the registery. Viruses can't infect your machine if you deny it access to the register Excellent software.





Thanks warlord, heading over to get it right now.

Merry Christmas
Link Posted: 12/24/2005 3:34:14 PM EDT
[Last Edit: 12/24/2005 3:37:09 PM EDT by WildBoar]

Originally Posted By JavaMan:
If you didn't surf the web on an Administrator account, you wouldn't get infected with this crap in the first place. It's your own fault.





Nick Burns, your companies computer guy.


BTW Java, nothing personal against you. I just wanted an excuse to post a link to the Nick Burns skits.
Link Posted: 12/25/2005 12:42:46 PM EDT

Originally Posted By TealGunner:

Originally Posted By JavaMan:
If you didn't surf the web on an Administrator account, you wouldn't get infected with this crap in the first place. It's your own fault.



Wow, only one jerk in the bunch.




I'm sorry if you think I'm being a jerk. Granted, I do tend to be blunt and direct when I see someone doing something that is not very smart, in the same way you might tell someone that they really need to stop driving their car since the red "Oil" light is on.



Everyone else who has posted in this thread has given welcome and constructive advice.



The reason I posted this is because all of the advice given - while it might be more polite than mine - is totally worthless when it comes to preventing this problem. Yeah, you may eventually get most of the bugs cleaned out of your system, but given the way you're operating your PC they will all be back and you'll keep going through this over and over and over again.



I am NOT a computer savvy person--I guess I'm just knowledgable enough to get into trouble occasionally. While your statement may be true and I suppose I am surfing with an administrator account, this was something I did not realize was a contributor.



The problem here is you don't realize that the Administrator account is not a "contributor" - it's the entire cause of the whole problem!!! Change that one thing and you'll be totally immune from all future infections of viruses, trojans, spyware, and malware. Period.



In the future, when someone requests assistance from the arfcom pool of knowledge, my advice to you is to either share your vast stores of information in a constructive, nice, and educational way rather than being the jerk you showed yourself to be this time.

Granted, I don't even know you, but your post lets me know that I can do without knowing you.




Sorry if I hurt your feelings. Feel free to totally ignore my advice and keep trying to clean out all those bad things after they've already trashed your system instead of making one small system change and preventing them from loading in the first place.

[Nick Burns] Oh, by the way..... YOU'RE WELCOME! [/Nick Burns]



Originally Posted By WildBoar:
BTW Java, nothing personal against you. I just wanted an excuse to post a link to the Nick Burns skits.




Nick Burns is my personal role model.
Link Posted: 12/25/2005 12:51:35 PM EDT
Link Posted: 12/25/2005 2:36:55 PM EDT

Originally Posted By tc6969:
JRZY, myself and a few others had quite a spirited discussion with javaman concerning this ridiculous bullshit.

His mind is made up and you might as well just agree with him and thank him for his sage advice.




Sorry, but those "spirited discussions" were about ridiculous religious bullshit, not computer stuff. So, tc6969, are saying that surfing the web on a "limited" account (XP Home) will not stop spyware from being installed and is a bad idea? And you think using an Administrator account and letting every piece of malware install itself and then trying to get rid of it after it's trashed your OS is a better idea?
Link Posted: 12/25/2005 3:22:45 PM EDT
Top Top