Skip to comments.Virus Warning/Question/Help (Vanity)
Posted on 01/02/2009 7:44:38 AM PST by Non-Sequitur
Sorry for the vanity but it's part warning/part SOS. My computer has been infected with a rather nasty virus and I'm wondering if anyone else has faced it.
I was watching the bowl game last night about 9 when my wife called me. She was doing some research on vacations and she got a warning about a virus. I go up there and it's a pop-up for some spy-ware download. Warnings that my computer may be infected, down load the software and save my system, the usual stuff. My wife is pretty savy and knows better than to respond to things like that so she called me.
I sit down and it's the damndest thing I've ever seen. I don't hit the execute on anything, just try and close the windows which was probably what it wanted. I also keep getting two icons to some porn sites, which I keep deleting but they keep reappearing. I finally stop that by clearing the recycle bin. And eventually the popups stop.
I've got Norton 360, in fact I downloaded it on Wednesday. I try and do a system scan and I can't get Norton to start. The Icon on the lower bar that is usally there saying I'm protected by Norton 360 has disappeared. It's getting late so I do the only thing I can think of and run Spybot on the off chance it may find something. It runs it's course and finds 6 errors. I let it correct them. Then I shut down for the night. At this point I'm annoyed but not overly concerned.
This morning I go to restart it and find that the system had never completely shut down - the final "Windows is shutting down" screen was still displayed. I start it and no Norton 360 start up. I try and start it manually and nothing. I try to get to the Symantec website and I get "Page Cannot Be Displayed" screens. I get occasional pop-ups for the ADS Anti Virus software. I start up my work laptop and can get to Symantec with no problems. So now I'm waiting for Geeks On Call and wondering just what the hell I picked up.
To recap: 1) It kicked off around 9 PM Central on New Years Day. This makes me wonder if it could have been downloaded earlier and lay in wait for January 1.
2) With two exceptions the popups are all for anti-spyware downloads. Warnings about system being infected, download now to protect your computer, that sort of stuff. ADS Anti-Spyware seems to be one of them.
3) The two exceptions are that during the original battle with the popups, two icons appeared on the desktop. Both advertised porn sites. I highlighted and deleted those several times but they kept reappearing until I finally emptied my Recycle Bin.
4) It seems to be blocking my anti-virus software from running at all. I can't get any response from Norton 360 whenever I try to start it. Spybot and Ad-Aware seem to run fine.
5) Possibly weirdest of all, it's blocking access to www.norton.com and www.symantec.com. Try to access them directly and I get "Page Cannot Be Displayed". Try to google them and then access them from Google and get the same thing on some links or get directed to another site offering "Advanced anti-virus software" on others.
6) System is an HP pavillion about 4 1/2 years old. Runs Windows XP. Service packs are up to date.
Anyone out there come across anything like this?
Install AVG. It’s free and works great!!! I think it is AVG.com
Looks like the malware is running a process on your machine and booting into Safe Mode may keep that process from launching.
Get it? It's a form of spy/adware you have there. Download for free Spybot Search and Destroy and Adaware and run them. You need to get rid of spy/adware, not a virus IMHO.
I would first try Trend Housecall (it's a free online check and is very good) - just Google it and follow the instructions -NO you do NOT want to buy it!
Once that's done look for AVAST! (again it's free and VERY good) on Google and download it, run it and use it as your main AV.
I have heard good things about AVG - but you can only run AVG or AVAST! - not both at the same time.
Norton has it:
One course of action which may help...
1. Do a system restore to a point prior to the virus activating.
2. Restart and make sure it is not active anymore.
3. Do a complete virus scan.
4. Turn off system restore. This will/should get rid of any files that are held in the recovery DB.
6. Turn system restore back on.
I got it, too - about a month ago. A page kept coming up (supposedly from Windows), saying I had 13 critical threats - and to click ‘here’ to remove them. Of course I ‘clicked’ and then they wanted my email address or pay pal to pay for it. That is when I knew it was a ‘virus’. It kept popping up every couple minutes. I would shut it down, only for it to return again.
I called my computer tech guy, and he came over and removed it. He told me that he has been working around the clock to clear it from his customer’s computers.
I think I read that two young men were arrested for setting off this virus, and they had already made millions from it. I’ll try to find the link. Good luck!
Any mention of “Anti-virus 2009” in the message???
Seems to be going around. Infected two guys here at work and IT never saw it.....
You might try this. It worked for the guys here......
Give it Delsym, NyQuil and Zicam. Viruses generally last a week. Also, if it has a fever, give it ibuprofen as prescribed, drink plenty of water to avoid dehydration and rest in bed.
I got the same thing from a supposed legitimate parts site linked to from a Jeep forum. This was a month ago or so. I thought I had stopped everything. But I ran all three of my anti-virus/spyware programs. My firewall didn’t block anything (Zone Alarm) because I clicked the link. However, when I did my scans, I used Spy-bot Search and Destroy and Ad-Aware initially. Used them both after booting into safe mode. One of them took out the spyware, but can’t remember which it was. Ran the Zone-Alarm scan last, but the problem was already gone.
I saw this one or one like it pop-up at work. It takes a bit of effort, but it can be killed.
I’ve heard deepening distaste for Norton in general, to the point where it’s non-recommended. Leo Laporte said on air he HATES Norton, which is a pretty strong on-air statement. His general take on it is that in an effort to be more and more “effective” it has been upgraded to the point where either it doesn’t work properly OR it has become a target in and of itself. I agree that AVG is better.
By the way, the act of de-installation of Norton in and of itself is 100% known to block ALL internet access. This happened to my brother (35 year computer dude) and he couldn’t get around it until he went to Leo Laporte’s site and found the workaround...which was suggested by a friend who heard about this on Leo’s radio show. Should you choose to de-install Norton, make sure you get the workaround BEFORE you do so, since (unless you have another computer) you’ll not be able to get the info post-de-installation.
AVG is excellent and free for home users.
Avast is excellent and free for home users.
ThreatFire is excellent and free for home users. It comes with a nifty twist: it has an engine that blocks virus-like behaviors as well as known viruses. Recommended.
www.filehippo.com for AVG and Avast
www.threatfire.com for ThreatFire
Also, go to Start Menu, then Run. Type in:
Go to the StartUp tab. Then look and see what programs launch everytime you start your computer.
You can uncheck the programs you do not recognize.
This will not delete the programs. It will simply keep them from launching when you start your computer.
You most likely have Vundo/Virtumonde. It’s hell to get rid of. I tried a whole lot of stuff on a friend’s computer and finally gave up and reformatted. Then another friend got it. I tried a few more things and finally found one that works.
Malwarebytes’ Anti-Malware can be had for FREE from CNET.com.
It removed Vundo! Glory be! You have to run it in safe mode to get it to remove the files that reinstall the program every time you reboot.
Don’t spend any money and happy new year.
AVG free will quarantine, but will not eliminate the virus.
I have seen those popups a few times and have been advised by our tech people to shut the computer down immediately by using “CTRL ALT DEL.” That is to say - do not touch the mouse at all.
I had countless virus problems with XP. Since then, I bought a new computer with the new version of Vista. I have had not one problem since. I have also kept Norton. It caught that same virus you describe (did the identical thing you said.) and it washed it clean. It works fine. I also had many problems with AVG. Hackers have ways around every virus program in existence.
XP has many vulnerabilities and problems. Vista is much better from a security standpoint.
To all you Microsoft bashers on this forum, please refrain from expressing your vile hatred for one of the greatest products known to mankind. It's the main reason we are typing on our keyboards this very moment.
Does what the others can’t or won’t.
I’ve installed the free AVG and found it less than “robust”.
AVG I paid for worked just fine.
I use Norton 360 so I would hope that it would include that. Besides, whatever it is is completely blocking access to Norton or Symantec websites.
I use the paid version of AVG7.5. When my subscription expires I will then have to update to AVG8. I've heard some less than complimentary things about AVG8 -- people describing it as "bloatware". Can you confirm any of this?
I had this about a month ago..
I unplugged the cat 5 cable to the modem
then I deleted my virus protection
(On another computer I owned)..I went to download.com
and put AVG free addition on a flash drive.
Then I went back to the infected computer with no virus protection and put in the flash drive and installed AVG.
I ran a scan...3hrs later it found and quarantined
all Trojans and virus’s that were on my computer.
I haven’t had a problem since!
Hope this helps.
I would start off with Smitfraud fix:
Run it from safe mode.
Next I would use Malwarebyte's Anti-Malware
I believe MS, with its hydra-like tentacles, has involvement with AVG now.
I switched to Clamwin.
I would suggest malwarebytes at malwarebytes.org.
WinPatrol is free - and much easier...
I ran the Hijackthis...got the log...then had it analyzed at hijackthis.de
Then reboot into SAFE MODE...and delete the offending buggers.
I run AVG free...LavaSoft's Ad-Aware..and SpyBot..pretty regular.
And run Hijackthis now and again....
Seems to keep my machine running okay.........
The problems I have from those “free” virus programs, is they do not have large R&D because the bulk of their users are too cheap to pay the annual fee. So, they have a minimum of funds available to develop an ironclad program, or keep up with all the millions of hackers out there.
Most of the new viruses disable System Restore. Also Windows Update. Also your virus scanner. Also access to antivirus websites.
For those of you not yet infected I recommend doing a backup of System State. This is equivalent to setting a System Restore point, but it can’t be disabled.
I abandoned Norton after doing battle with their tech support people and getting no help whatsoever. I’m sure they were out sourced help and I had a difficult time understanding what they were trying to tell me to do.
It's going around and I had it the day after Christmas and it took me over a day and a half to get rid of it all!
One of my grandkids downloaded a "cheat-sheet" for her X-Box and I got the Downloader 2009 malware! It infests the computer so badly that it will shutdown Windows Firewall, it blocked access to my AVG antivirus. AVG was showing 'no components'!!!
The most amazing thing the virus does is block access to any 'help sites'. The only way I could get to any forum or help site was by clicking on the cached page.
Go to Downloads.com and get Malwarebytes. It is fantastic, the first time it ran it found 32 trojans and downloaders! I have done two full scans [take 2 hours each] and seem to be clear of it now and my AVG antivirus is up and working again since the last scan.
A computer guy I talked to said that kids go to these sites to get cheat-sheets and 'stuff' and that parents don't know it but the kids will shut down the firewalls and antivirus to download the cheatsheets and your computer immediately gets infected.
Excellent free software.
I should say that I’m pretty happy with the paid version of AVG7.5 but I am hesitant about going to version 8.
It seems that the major network security software companies take turns being No.1. After a year or 2 they either screw up or somebody else invents a better mousetrap.
If you change the BIOS to boot from CD first you can by-pass whatever infected programs sit on the hard drive because its booting from a read only CD. ( Puppy Linux is a nice little version of Linux that's great for old PC's, its free and right here )
Once you have another OS temporarily on your machine you can save any data you desire on a data stick and if you know the date the computer was infected erase all the files that were made that day.
If that doesn't fix it you can always reload the OS after you saved any data you wanted.
I checked a few anti virus programs and finally settled on the product offered by Zone Alarm. I gave up on any of the so-called “free anti-virus” programs.
I saw a nasty one that also tried to hijack all DNS requests, but it wasn't quite successful --- it ended up failing on virtually all DNS requests that it intercepted.
The person using the system was using the machine largely to do email, with some occasional web-browsing. I put a Linux partition on the machine as a default boot partition; for what the computer is used for, it's a far better solution than trying to rout out this malware that managed to get by both AVG and ZoneAlarm.
I think it depends upon whether you use Norton’s internal de-installation versus Windows add/remove programs from “Control Panel”. I don’t know which one works or doesn’t work. Regardless...the effectiveness of Norton has been called into quesion enough times (as far as I’m concerned) to doubt its AV effectiveness. I just think (again, from what I’ve heard, not from personal experience) that Norton itself has become a target.
*tucking away that gem for later*
Sounds like Anitvirus 2009. My dh just got it off his computer using Malwarebytes. Av 2009 caused the computer to do some squirrly stuff too.
And scans with virus/spamware programs (for instance McAfee & AdAware) could not get rid of it.
We got our version of Malwarebyts as well as advice from BleepingComputer.com. But there are other places out there.
Malwarebytes downloaded but wouldn’t start up. Our problem was that this virus seems to recoginize the program and “prohibited” it from running.
As was suggested we had to rename it and then run it. It worked but it took 3 or more scans till it was all gone.
You will find that your computer starts faster if you keep your Start Menu clear.
Every piece of hardware and lots of software wants to have their program running in the background, even when it is not being used.
If you have an HP printer, you may have 2-3 HP programs running in the background at all times.
If these items are removed from you Start Menu, they are not lost from your computer. It only takes a few more seconds to load them when you want to open them up.
I ust cleared off my daughter’s laptop. She had over 20 programs running in the background. Some of these are programs that she never uses.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.