Viruses and Adware

Discussion in 'IT and Computer-Related Degrees' started by Randell1234, Feb 27, 2010.

Loading...
  1. Randell1234

    Randell1234 Moderator

    On my wifes computer she got a message like "You are infected..." and it would show a virus scan looking activity taking place and the "click here" to install the program to remove the virus. In a haste I click on the program because I thought it was part of eSet (my anti-virus program) but quickly realized it was bogus. I stopped in the install and ran a "Restore" to roll back a few days. That was all a week ago.

    Today she got the same thing but I was able to close it all out with out an issue. The URL what popped up that showed the virus scan was 217.23.5.233. I knew something was wrong when the "scan" was a webpage.

    How do I find out who owns this page so I can try to find anything loaded on my computer to remove it? I ran an eSet virus scan but it did not find anything.
     
  2. rickyjo

    rickyjo Guest

    Get www.superantispyware.com free edition run a scan in addition to your current anti-virus (in safe mode if possible with the internet disconnected after updating your definitions files). Assuming this does not resolve the issue (and perhaps even if it does) download Hijackthis run the scan and paste your logfile into the website http://www.hijackthis.de/. BE CAREFUL IF YOU USE HIJACK THIS

    Assuming you can not fix it on your own please visit www.techguy.com for expert help.
     
  3. rickyjo

    rickyjo Guest

    Also, if you can do a system restore again go ahead and do it before running these programs. It will improve your chances of success if the virus is not actively running, this is particularly useful if safe mode is not working. You can PM me if you want.

    Hope this helps.
     
  4. imalcolm

    imalcolm New Member

    Sounds like typical "fake alert" scareware.

    What I would do in this situation is pull the hard drive from the compromised machine and scan it on a clean computer, first with a typical anti-virus program, and then again with an anti-spyware program such as Malware Bytes Anti-Malware.

    Surfing with Firefox and NoScript can help avoid this in the future.
     
  5. rickyjo

    rickyjo Guest

    If you do pull it out of the machine to scan it you will probably be rid of the virus but may damage the operating system. Make sure you have the ability to reload your OS and recover data if you do this. A repair install (as opposed to a full reload) should restore your operating system if it fails after the virus removal.

    You will require a method of hooking the drive to another computer if you do this (not terribly hard). Again, if you go this route please consider visiting www.techguy.com for help.

    Just remember if you take malcom's advice you may not be able to immediately use your computer, but the repair is not difficult if you have the discs or a recovery partition (be careful, by default they will usually wipe your data).

    My opinion is that if you know how to reload your OS, just do it. Back up your stuff and reload the computer from scratch. It is good to do this every year or two anyway to keep the operating system running efficiently.
     
  6. SteveFoerster

    SteveFoerster Resident Gadfly Staff Member

    I realize this is not the answer you're looking for, but I've never been happier since I switched my and my wife's computers to Ubuntu Linux. It's free, really easy to use, most things are plug and play just like Windows, and there's a ton of free software available for it. I even set up my 75 year old Mom on it when Windows got to be unusably slow on her Dell and she's much happier.

    There's a live CD and you can boot from it without changing a thing on your hard drive, so it's a safe way to see whether it might be right for you.

    http://www.ubuntu.com/

    -=Steve=-
     
  7. raristud

    raristud Member

    To check for viruses and malware that may be in your compare, norton has a virus scanner for free. http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=21&pkj=HENNYHGBYNCJEIMXQKC

    Spybot search and destroy is another free popular adware scanner.

    http://www.safer-networking.org/index2.html

    I used a combination of antivirus software to get rid of a bunch of malware on my relatives computer. AVIRA (http://www.free-av.com/), AVAST, AVG are free antivirus programs you can use. Comodo has a free effective antivirus scanner. http://www.comodo.com/

    CCleaner is great for getting rid of temp files and other potential junk. http://www.ccleaner.com/
     
    Last edited by a moderator: Feb 28, 2010
  8. raristud

    raristud Member

  9. me again

    me again Well-Known Member

  10. KariS

    KariS New Member

    A similar attack occured to my wifes computer, and it was insiduous. It kept comeing back. Most anti-virus programs can not remove it as it also attacks the registry files. The version my wife got blocked Norton, TrendMicro, and a couple of others from even finding it. It also diabled the Windows restore function.

    I found a program (for free) that would remove it, down loaded it to another computer and then spent about 8 hours babysitting the removal (took three passes for complete removal).

    On an unaffected machine, google the name that appears in the spurious warning, as there are several versions out there and each is slightly different.

    Apparently most of them are transmitted as part of e-card greetings. So I make it a habit (and am teaching my wife) NEVER OPEN AN E-CARD, esspecialy when it wants you to go to a site to look at the card.
     
  11. raristud

    raristud Member

    Ouch. What program did you used to remove the virus? I had reinstall my operating system a few times when I used XP.
     
  12. I strongly suggest downloading MalwareBytes Anti-Malware (free) as well as Spybot Search and Destroy from another uninfected computer. If possible, burn them onto a CD and then boot the infected computer in safe mode with CD support, running both programs (Anti-Malware in "full" mode). If you download it from the infected PC it might work, but certain malware have been known to disable/uninstall either of these.

    Both of these programs together have never failed me yet, even with tough viruses. I also have the paid version of Anti-Malware which has real-time protection but the free version will do what you need. This is in contrast to my work-provided antivirus which rarely gets a hit.

    To protect against this whenever I surf beyond a few sites now I use a VMWare virtual session which I clone each time so there's no risk of infection beyond the guest session.
     
  13. rickyjo

    rickyjo Guest

    Is spybot SD still working for you guys? I haven't had much luck with it the last couple years and it takes far too long; however, I do like the immunize feature. Superantispyware and Malwarebytes are working much better these days. I'm just surprised to see the safer networking product (SBSD) still alive and kicking.

    To KaryS: A good antivirus can repair attacks to the registry, but any one anti-virus program may not be abreast of the latest variations that is why it is so important to use more than one anti-malware that runs passively and to try and boot in safe mode and unplug the net in an attempt to cripple the virus' defense mechanisms.

    Also keep in mind if you load up your computer with active virus scanners that once the problem is gone you must make sure you have only ONE ACTIVE SCANNER or your computer will likely run very badly even if it is otherwise problem free. I often go to a person's home and find a billion legit anti-virus programs are what is making the computer inoperable, and in some cases Norton alone is the source of the problem and must be removed and replaced with a superior scanning software that doesn't have the overhead. Just remember anti-virus is as troublesome to your computer's performance as a lawyer is to your finances!
     

Share This Page