Computer help: Very difficult virus to get rid of... HELP!!!
Very difficult virus to get rid of... HELP!!!
by LesPaul2510 - 7/26/09 6:58 PMHi,
The other day I was looking up song lyrics when all of a sudden my system started to go haywire. Somehow, a virus managed to disable my firewall (I'm 100% sure I had it enabled before this), delete all my system restore points, and prevent me from making new ones. Immediately, I shut off my wireless card and ran a scan with spyware doctor and AVG. I got several trojan threats and a backdoor.agent. I kept getting error messages (the kind that pops up after an unresponsive program closes that asks you to send a report to Microsoft) out of the blue for "GoogleUpdate.exe" and "ViewMgr" I got another message upon start-up about "GoogleUpdate.exe" too. Every time I ran the scan and deleted the threats, Spyware Doctor would tell me to reboot and that the system restore point creation failed. I rebooted and the backdoor.agent returned. This was an endless cycle. So eventually, I assumed that the "GoogleUpdate.exe" file had something to do with it. I searched my system and lo and behold, there were about 30 of them scattered throughout my system. So I deleted them all and my system is running much smoother, but it's still nowhere near normal operating performance. I found the ViewPoint Media Player in my Add/Remove programs list and I got rid of that (it's not a media player at all, but a form of spyware) For the longest time, I couldn't boot my system in normal mode, only safe mode. It would freeze at the blue "welcome" screen. Now it boots up normally, but rather slowly and when I restart - using the Restart button - it still freezes at the "welcome" screen. only when I fully power it down and turn it back on does it start up fully. Spyware Doctor and AVG are not finding anymore threats other than the usual tracking cookie, so I'm at a standstill. I'd rather not reinstall the OS, but if I have to, of course I will. Does anybody have any suggestions for me? My specs are below.
Toshiba Satellite M115-S3094
Windows XP Professional
2GB RAM
Thanks in advance!
Re: Very difficult virus to get rid of... HELP!!!
by LesPaul2510 - 7/27/09 8:34 AM In reply to: Very difficult virus to get rid of... HELP!!! by LesPaul2510bump
Almost the same issues under discussion at link.
by R. Proffitt
- 7/27/09 9:12 AM
In reply to: Very difficult virus to get rid of... HELP!!! by LesPaul2510
http://forums.cnet.com/5208-6121_102-0.html?messageID=3089837&tag=forums06;posts#3089837
You may as well have a failed hard drive at this point so follow along and save your files.
Bob
In Addition, Please Try This
by Grif Thomas - 7/27/09 10:21 AM
In reply to: Very difficult virus to get rid of... HELP!!! by LesPaul2510
Please follow the steps below:
On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:
Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe
Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe
Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware
http://www.superantispyware.com/
SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder..
_____________________
Hope this helps...
Grif
re:
by LesPaul2510 - 7/27/09 1:19 PM In reply to: In Addition, Please Try This by Grif Thomas
Thanks for the awesome advice, I'm installing Malware bytes from a DVD as I type. I was wondering why I could not install it before when I downloaded it from the problem computer. Anyway, I figured I would update you guys on a few things. This morning when I started the computer, I got windows to boot normally, and i resolved the restart issue somewhat by fooling around with the MSCONFIG menu. Anyway, Once all the icons loaded, I began hearing what sounded like a news podcast randomly playing in the background. I did nothing more than turn the PC on. Then it happened again, this time a different podcast, when i was watching a youtube video -- I'm positive it wasen't the video because I watched it more than 20 times. Anyway, It looks like Malwarebytes finished installing, so I'm going to give it a shot!
you may want to change your surfing practices-
by sonymaster101 - 7/28/09 1:06 AM In reply to: Very difficult virus to get rid of... HELP!!! by LesPaul2510well, for one, music lyrics sites tend to have a very bad reputation for spreading malware. It is usually best to stay away from them altogether.
As far as the OS goes, you're done. time to reinstall. unless you get a really good commercial virus scanner on there, which is unlikely at this point, you will never be able to restore your system to proper function and rid it of all the virus. It seems that you may have gotten a virus that is simply malicious- or in other words, its only purpose is to mess up your system. And once a virus is loose in an unprotected system they can be extremely difficult to get rid of short of reinstalling.
I would recommend reinstalling the OS- and updating TO THE LATEST SET OF FIXES.
THIS STEP IS CRITICAL
most cases of windows machines being compromised have to do with an outdated system- in other words- nonpatched.
YOU NEED TO BUY A QUALITY ANTI-VIRUS/FIREWALL
without this, a home user is essentially leaving the door open-
free firewalls are ok, but they tend to nag and can be daunting to set up to the typical home user.
I would recommend that you buy a commercial firewall, because, on average, they are much more straightforward and well supported. I would recommend norton internet security 2009. I have personally used it, and it is light, fast, and effective.
MAKE SURE YOU KEEP UPDATED DEFINITIONS
After all that is done, you should be good to go. you just need to learn to control your surfing a little better. certain sites tend to be hubs for malware
-lyrics
-survey groups
-"free stuff"
avoid these sites and your risk for attack goes down significantly.
good luck, and safe computing
Sean
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
