of my life! I was surfin the web looking of olympic news then stopped and went to eat chow. When I came back Norton Antivirus was up and there was a box to install ANTIVIRUS XP 2008 Thinking this was a update from NORTON ANTIVIRUS I clicked install. BIG BIG BIG MISTAKE!!!! This program not only deleted my restore files and LOCKED my Ether Net card and internet connection open to the world BUT it did do to the point where I COULD NOT DISABLE IT and I now have three connection showing to the internet. It also infected both my browsers and a host or other applications. It removed my wallpapare and replaced it with a warning message that I WAS INFECTED AND SHOULD BUY ANTIVIRUS XP 2008 to remove the infection. It disabled my video card and sent me back to 1984 VGA mode as well. GOD I WAS SO POed!! Three Malware, Spyware and Nortorn programs could not remove this, some did not even see it. It was at 200AM when I had to buy yet another program that boasted that they are the ONLY one that could remove THIS infection (umm very interesting) However, it did, almost. Every scan shows some bit of infection is still left in there. My internet connection STILL accesses the net and I can't see what program it is. The TASK MANAGER shows no applications running, so I don't know how to see what is sending info out over my connection. Is there a program that can do this? I want to delete the Local Area Connection (3) but WIN XP wil lnot allow me to delete these!! STAY AWAY from this bug, it's BAD!! GOOGLE IT!! I have a weird feeling about the ONLY company that can fix. Did they create the damn thing?
Did you try this? http://www.symantec.com/security_response/writeup.jsp?docid=2008-071613-4343-99&tabid=3
Hopefully, Sentinel will respond. If not, you may want to pm him, he is a computer genius, and a cool dude to boot! Abner
Hey recruiting - I'm feeling your pain. Here's the thread that I started as a result of the exact same virus. http://forums.degreeinfo.com/showthread.php?t=28371
I'm afraid to look!! But I will, STILL working through this issue as I type. Downloaded Zone Alarm to restrict internet traffic. I HAVE THREE CONNECTIONS under my Network Connection tab. SAY: LOCAL AREA CONNECTIONS (3) and there is the icon below it. Anyway to start from scratch with the connections? DELL DIMENSION 4600 STOCK INTEL PRO 100 VE (NET CARD) I only want one connection like I had yesterday !! However windows XP will not let me delete OR SEE the other connections. This is BS!! Sorry.. I will check the links you all sent to see if they will help. I'll have so much security on my system it will probably run like a snail..
The program has worked past this.. I did it last night. The program that is suggested by most people on the net did remove 99.9 % of it however since my computer still has 3 connections to the internet I tend to think some remains.. Thanks for the link
If the only tasks for which you use the computer is web browsing, email, and instant messaging might I be so bold as to suggest you try a bootable from USB thumb drive distribution of GNU/Linux called SLAX. You set the computer to boot from the USB thumb drive and depending upon the amount of RAM in the computer, choose either run from USB thumb drive or run from RAM. Nothing is installed to your hard disk drive. When you need to do MSWindows things, simply reboot the computer and remove the USB thumb drive.
Thanks to everyone for the help! Sentinel I will do that, I just need to know what is trying to access the net when I dont have anything running. I even shut down all the security programs that could look for an update including MS update. I just bought a new wireless router (D-LINK) and installed PURE NETWORKS SUITE. From what ZONE ALARM is saying is PURE NETWORKS is listening on port blah blah blah..
The best way to check what ports/traffic is exiting your computer via the ethernet port is ethereal. The provided URL is for a portable version that is self-contained. Run it from within MSWinXP. Another way to check which outside ports are visible to the Internet is ShieldsUp. If you cannot identify the unauthorized outbound traffic and the other fixes have not resolved the issue you will most likely have to reinstall MSWinXP from the CDs; hopefully you have those CDs.
This is why i have a ghost image of my Laptop...... Granted it wasn't the most recent image, but i can live with a few lost e-mails.
Ghost image? This Malware/Virus is pure evil my friend! I got my system back yesterday. What cured this infection: MALWAREBYTES.COM ZONEALARM.COM NOSCRIPT The people from this forum. I did not have to re-format my hard drive either!!
This is a good approach to facilitate rapid restoration of a computer after infection or if you decide it is time for a clean-up to address the entropy Microsoft Windows seems to introduce as the time between operating system installation and today increases. I take a similar approach using Sun VirtualBox running atop Novell OpenSuse. I install Microsoft Windows XP (HE) inside Sun VirtualBox and make a backup copy of the image. If MSWinXPHE ever gets infected or otherwise starts misbehaving I delete the current image and replace it with the backup copy from the initial installation fully patched of course.
Glad to hear you were spared the reinstall process. Though you might want to keep an eye on any outbound traffic for awhile.
hello all, I see "recruiting" has had some great answers here. Will this link that Sentinel gave you work to clean up possible registry issues? The "lancelhoff" one, I mean, I do not know for sure what is making my XP hang at times on startup. Or is there another program I should download to check for what the cause is? I have not tried a re-install yet------so much to backup first.
A fantasic free utility I use is CCleaner (short for "Crap Cleaner") which cleans out your cache, cookies, etc., and also includes a registry optimizer. If you run all the tools (cleaner & registry scan) you should see an improvement in performance; http://www.ccleaner.com
Thanks Bruce, I actually downloaded that a week ago and it is GREAT! I also downloadad NOSCRIPT this product is outstanding. All scripts on a website have to be approved before they can work. Thanks for the heads up on that one!
