Skip to comments.Virus Warning/Question/Help (Vanity)
Posted on 01/02/2009 7:44:38 AM PST by Non-Sequitur
Sorry for the vanity but it's part warning/part SOS. My computer has been infected with a rather nasty virus and I'm wondering if anyone else has faced it.
I was watching the bowl game last night about 9 when my wife called me. She was doing some research on vacations and she got a warning about a virus. I go up there and it's a pop-up for some spy-ware download. Warnings that my computer may be infected, down load the software and save my system, the usual stuff. My wife is pretty savy and knows better than to respond to things like that so she called me.
I sit down and it's the damndest thing I've ever seen. I don't hit the execute on anything, just try and close the windows which was probably what it wanted. I also keep getting two icons to some porn sites, which I keep deleting but they keep reappearing. I finally stop that by clearing the recycle bin. And eventually the popups stop.
I've got Norton 360, in fact I downloaded it on Wednesday. I try and do a system scan and I can't get Norton to start. The Icon on the lower bar that is usally there saying I'm protected by Norton 360 has disappeared. It's getting late so I do the only thing I can think of and run Spybot on the off chance it may find something. It runs it's course and finds 6 errors. I let it correct them. Then I shut down for the night. At this point I'm annoyed but not overly concerned.
This morning I go to restart it and find that the system had never completely shut down - the final "Windows is shutting down" screen was still displayed. I start it and no Norton 360 start up. I try and start it manually and nothing. I try to get to the Symantec website and I get "Page Cannot Be Displayed" screens. I get occasional pop-ups for the ADS Anti Virus software. I start up my work laptop and can get to Symantec with no problems. So now I'm waiting for Geeks On Call and wondering just what the hell I picked up.
To recap: 1) It kicked off around 9 PM Central on New Years Day. This makes me wonder if it could have been downloaded earlier and lay in wait for January 1.
2) With two exceptions the popups are all for anti-spyware downloads. Warnings about system being infected, download now to protect your computer, that sort of stuff. ADS Anti-Spyware seems to be one of them.
3) The two exceptions are that during the original battle with the popups, two icons appeared on the desktop. Both advertised porn sites. I highlighted and deleted those several times but they kept reappearing until I finally emptied my Recycle Bin.
4) It seems to be blocking my anti-virus software from running at all. I can't get any response from Norton 360 whenever I try to start it. Spybot and Ad-Aware seem to run fine.
5) Possibly weirdest of all, it's blocking access to www.norton.com and www.symantec.com. Try to access them directly and I get "Page Cannot Be Displayed". Try to google them and then access them from Google and get the same thing on some links or get directed to another site offering "Advanced anti-virus software" on others.
6) System is an HP pavillion about 4 1/2 years old. Runs Windows XP. Service packs are up to date.
Anyone out there come across anything like this?
Install AVG. It’s free and works great!!! I think it is AVG.com
Looks like the malware is running a process on your machine and booting into Safe Mode may keep that process from launching.
Get it? It's a form of spy/adware you have there. Download for free Spybot Search and Destroy and Adaware and run them. You need to get rid of spy/adware, not a virus IMHO.
I would first try Trend Housecall (it's a free online check and is very good) - just Google it and follow the instructions -NO you do NOT want to buy it!
Once that's done look for AVAST! (again it's free and VERY good) on Google and download it, run it and use it as your main AV.
I have heard good things about AVG - but you can only run AVG or AVAST! - not both at the same time.
Norton has it:
One course of action which may help...
1. Do a system restore to a point prior to the virus activating.
2. Restart and make sure it is not active anymore.
3. Do a complete virus scan.
4. Turn off system restore. This will/should get rid of any files that are held in the recovery DB.
6. Turn system restore back on.
I got it, too - about a month ago. A page kept coming up (supposedly from Windows), saying I had 13 critical threats - and to click ‘here’ to remove them. Of course I ‘clicked’ and then they wanted my email address or pay pal to pay for it. That is when I knew it was a ‘virus’. It kept popping up every couple minutes. I would shut it down, only for it to return again.
I called my computer tech guy, and he came over and removed it. He told me that he has been working around the clock to clear it from his customer’s computers.
I think I read that two young men were arrested for setting off this virus, and they had already made millions from it. I’ll try to find the link. Good luck!
Any mention of “Anti-virus 2009” in the message???
Seems to be going around. Infected two guys here at work and IT never saw it.....
You might try this. It worked for the guys here......
Give it Delsym, NyQuil and Zicam. Viruses generally last a week. Also, if it has a fever, give it ibuprofen as prescribed, drink plenty of water to avoid dehydration and rest in bed.
I got the same thing from a supposed legitimate parts site linked to from a Jeep forum. This was a month ago or so. I thought I had stopped everything. But I ran all three of my anti-virus/spyware programs. My firewall didn’t block anything (Zone Alarm) because I clicked the link. However, when I did my scans, I used Spy-bot Search and Destroy and Ad-Aware initially. Used them both after booting into safe mode. One of them took out the spyware, but can’t remember which it was. Ran the Zone-Alarm scan last, but the problem was already gone.
I saw this one or one like it pop-up at work. It takes a bit of effort, but it can be killed.
I’ve heard deepening distaste for Norton in general, to the point where it’s non-recommended. Leo Laporte said on air he HATES Norton, which is a pretty strong on-air statement. His general take on it is that in an effort to be more and more “effective” it has been upgraded to the point where either it doesn’t work properly OR it has become a target in and of itself. I agree that AVG is better.
By the way, the act of de-installation of Norton in and of itself is 100% known to block ALL internet access. This happened to my brother (35 year computer dude) and he couldn’t get around it until he went to Leo Laporte’s site and found the workaround...which was suggested by a friend who heard about this on Leo’s radio show. Should you choose to de-install Norton, make sure you get the workaround BEFORE you do so, since (unless you have another computer) you’ll not be able to get the info post-de-installation.
AVG is excellent and free for home users.
Avast is excellent and free for home users.
ThreatFire is excellent and free for home users. It comes with a nifty twist: it has an engine that blocks virus-like behaviors as well as known viruses. Recommended.
www.filehippo.com for AVG and Avast
www.threatfire.com for ThreatFire
Also, go to Start Menu, then Run. Type in:
Go to the StartUp tab. Then look and see what programs launch everytime you start your computer.
You can uncheck the programs you do not recognize.
This will not delete the programs. It will simply keep them from launching when you start your computer.
You most likely have Vundo/Virtumonde. It’s hell to get rid of. I tried a whole lot of stuff on a friend’s computer and finally gave up and reformatted. Then another friend got it. I tried a few more things and finally found one that works.
Malwarebytes’ Anti-Malware can be had for FREE from CNET.com.
It removed Vundo! Glory be! You have to run it in safe mode to get it to remove the files that reinstall the program every time you reboot.
Don’t spend any money and happy new year.
AVG free will quarantine, but will not eliminate the virus.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.