Posted on 01/02/2009 7:44:38 AM PST by Non-Sequitur
Sorry for the vanity but it's part warning/part SOS. My computer has been infected with a rather nasty virus and I'm wondering if anyone else has faced it.
I was watching the bowl game last night about 9 when my wife called me. She was doing some research on vacations and she got a warning about a virus. I go up there and it's a pop-up for some spy-ware download. Warnings that my computer may be infected, down load the software and save my system, the usual stuff. My wife is pretty savy and knows better than to respond to things like that so she called me.
I sit down and it's the damndest thing I've ever seen. I don't hit the execute on anything, just try and close the windows which was probably what it wanted. I also keep getting two icons to some porn sites, which I keep deleting but they keep reappearing. I finally stop that by clearing the recycle bin. And eventually the popups stop.
I've got Norton 360, in fact I downloaded it on Wednesday. I try and do a system scan and I can't get Norton to start. The Icon on the lower bar that is usally there saying I'm protected by Norton 360 has disappeared. It's getting late so I do the only thing I can think of and run Spybot on the off chance it may find something. It runs it's course and finds 6 errors. I let it correct them. Then I shut down for the night. At this point I'm annoyed but not overly concerned.
This morning I go to restart it and find that the system had never completely shut down - the final "Windows is shutting down" screen was still displayed. I start it and no Norton 360 start up. I try and start it manually and nothing. I try to get to the Symantec website and I get "Page Cannot Be Displayed" screens. I get occasional pop-ups for the ADS Anti Virus software. I start up my work laptop and can get to Symantec with no problems. So now I'm waiting for Geeks On Call and wondering just what the hell I picked up.
To recap: 1) It kicked off around 9 PM Central on New Years Day. This makes me wonder if it could have been downloaded earlier and lay in wait for January 1.
2) With two exceptions the popups are all for anti-spyware downloads. Warnings about system being infected, download now to protect your computer, that sort of stuff. ADS Anti-Spyware seems to be one of them.
3) The two exceptions are that during the original battle with the popups, two icons appeared on the desktop. Both advertised porn sites. I highlighted and deleted those several times but they kept reappearing until I finally emptied my Recycle Bin.
4) It seems to be blocking my anti-virus software from running at all. I can't get any response from Norton 360 whenever I try to start it. Spybot and Ad-Aware seem to run fine.
5) Possibly weirdest of all, it's blocking access to www.norton.com and www.symantec.com. Try to access them directly and I get "Page Cannot Be Displayed". Try to google them and then access them from Google and get the same thing on some links or get directed to another site offering "Advanced anti-virus software" on others.
6) System is an HP pavillion about 4 1/2 years old. Runs Windows XP. Service packs are up to date.
Anyone out there come across anything like this?
Excellent free software.
I should say that I’m pretty happy with the paid version of AVG7.5 but I am hesitant about going to version 8.
It seems that the major network security software companies take turns being No.1. After a year or 2 they either screw up or somebody else invents a better mousetrap.
If you change the BIOS to boot from CD first you can by-pass whatever infected programs sit on the hard drive because its booting from a read only CD. ( Puppy Linux is a nice little version of Linux that's great for old PC's, its free and right here )
www.puppylinux.com
Once you have another OS temporarily on your machine you can save any data you desire on a data stick and if you know the date the computer was infected erase all the files that were made that day.
If that doesn't fix it you can always reload the OS after you saved any data you wanted.
I checked a few anti virus programs and finally settled on the product offered by Zone Alarm. I gave up on any of the so-called “free anti-virus” programs.
I saw a nasty one that also tried to hijack all DNS requests, but it wasn't quite successful --- it ended up failing on virtually all DNS requests that it intercepted.
The person using the system was using the machine largely to do email, with some occasional web-browsing. I put a Linux partition on the machine as a default boot partition; for what the computer is used for, it's a far better solution than trying to rout out this malware that managed to get by both AVG and ZoneAlarm.
I think it depends upon whether you use Norton’s internal de-installation versus Windows add/remove programs from “Control Panel”. I don’t know which one works or doesn’t work. Regardless...the effectiveness of Norton has been called into quesion enough times (as far as I’m concerned) to doubt its AV effectiveness. I just think (again, from what I’ve heard, not from personal experience) that Norton itself has become a target.
*tucking away that gem for later*
Sounds like Anitvirus 2009. My dh just got it off his computer using Malwarebytes. Av 2009 caused the computer to do some squirrly stuff too.
And scans with virus/spamware programs (for instance McAfee & AdAware) could not get rid of it.
We got our version of Malwarebyts as well as advice from BleepingComputer.com. But there are other places out there.
Malwarebytes downloaded but wouldn’t start up. Our problem was that this virus seems to recoginize the program and “prohibited” it from running.
As was suggested we had to rename it and then run it. It worked but it took 3 or more scans till it was all gone.
You will find that your computer starts faster if you keep your Start Menu clear.
Every piece of hardware and lots of software wants to have their program running in the background, even when it is not being used.
If you have an HP printer, you may have 2-3 HP programs running in the background at all times.
If these items are removed from you Start Menu, they are not lost from your computer. It only takes a few more seconds to load them when you want to open them up.
I ust cleared off my daughter’s laptop. She had over 20 programs running in the background. Some of these are programs that she never uses.
We had something similar. Malwarebytes worked for us. Look at c:documentsandsettings, might be: all users/application data/microsoft/internet explorer/dlls. In that directory the two main files to kill are iemodule.dll and a dll file that has a bunch of random letters in the name. Check the created date time stamp, and the recent ones are suspect (you could delete the whole folder if they’re all recent). That should keep the virus from repeatedly coming back at you.
Next, disable the DNS redirection. Go to device manager, under view click on “show hidden devices.” Go into non-plug and play drivers. Disable a device driver that begins with TDSS. Then reboot.
If you have Vista, click the start menu. At the very bottom is the “start search” block. Type in “msconfig” there. You will get an instant response and in the “start up” tab, can check or uncheck all the annoying or wanted programs of your choice.
Like, you can get rid of all the HP adviser crap, photo printers, etc, and speed your boot up greatly.
Yeah, not only do I avoid “free anti virus” but the three major players have issues, too. McAfee, Symantec and now Trend Micro have turned what used to be decent products into junk that is overly invasive, with way too many “features” that can’t be turned off.
The worst offender, though, has to be McAfee. I’ve run into corporate installs that are impossible to uninstall unless one does a ton of research. It’s so bad, I’ve gone in and manually turned off the process and then disabled it.
I tried the Malwarebytes but it turns out that this particular virus blocks access to sites like malwarebytes as well as my Norton and Symantec. You can ping the site but cannot access it via IE or Mozilla. I finally had to get a tech in and he's taken it to his shop where they can slave my system to one of their hard drives and remove the virus without needing Internet access. All in all it's a royal pain in the posterior. The only good news is that the tech says while the virus is aggravating all my financial information isn't in danger of being grabbed by the wrong person. So that's something anyway.
Thanks again to everyone.
I use a MAC. No viruses, no adware, and no special blocking software required.
ping.. ive got it now and its ugly
McAfee is one I refuse to use as well. I'm not sure about Panda though, I haven't used it in several years.
I was using an older version of Symantec\Norton. It started having issues that I couldn’t resolve unless I updated. Also, I have to maintain Backup Exec in a corporate environment. I felt that was enough Symantec for me to deal with and decided to look at other products. ;)
I was running AVG and it didn't help. I ran other AV programs and no help.
Finally, I did a system restore to the previous day, before the infection. It worked perfectly. All has been well since then. I did immediately run a AV scan using the latest definitions.
I have been using Trend Micro for years. Nevermore. I will not renew it again. Too much crap I can't control.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.