Ok, something weird has happened to my wife's computer and I want to see if any of you guys have any ideas.

Yesterday, she was setting up a business site on myspace, hadn't downloaded anything in a while, just working away and suddenly got a bunch of pop ups. They started coming one, after another, after another, non stop. It shut down the computer. I rebooted it, and it did it again! It's a fairly new computer, and I had forgotten to load any antivirus programs on it. So I downloaded threatfire and Aadaware, and they found 300 some corrupted files, and it was like a laundry list of evils....

trojan horses
backdoor. trojans
malware
spyware
rootkits


Of all sorts of names. It was insane. I delete them all, reboot........... and THEY'RE BACK! I run a scan with both of the programs again, find new ones, delete them, scan and get a clean scan. Scan in 10 minutes, and find 100 some corrupted files again.

WTH? Any idea on how to take care of this? Never seen something like this before..... any suggestions?

we have a laptop here with the same problem. they are, even as we speak, re-newing Norton to see if it will solve the problem.

Ok, something weird has happened to my wife's computer and I want to see if any of you guys have any ideas.

Yesterday, she was setting up a business site on myspace, hadn't downloaded anything in a while, just working away and suddenly got a bunch of pop ups. They started coming one, after another, after another, non stop. It shut down the computer. I rebooted it, and it did it again! It's a fairly new computer, and I had forgotten to load any antivirus programs on it. So I downloaded threatfire and Aadaware, and they found 300 some corrupted files, and it was like a laundry list of evils....

trojan horses
backdoor. trojans
malware
spyware
rootkits


Of all sorts of names. It was insane. I delete them all, reboot........... and THEY'RE BACK! I run a scan with both of the programs again, find new ones, delete them, scan and get a clean scan. Scan in 10 minutes, and find 100 some corrupted files again.

WTH? Any idea on how to take care of this? Never seen something like this before..... any suggestions?

Unplug the comp from the internet and disable the wireless. Reboot it in safemode and try doing all the scans that way. There is a good chance you are missing something and it is just reconnecting to a server and re-downloading all the crap back onto the computer again, with no internet connection this won't happen.

1. Disconnect from internet.

2. Research specific trojan names from another computer and print removal instructions.

3. Full antivirus scan after removal of major threats.

Should be good after that . . . !

You might want to disable system restore before you get rid of all of the malfeasant code.

Double click My Computer and then right click in the window. Select Properties->System Restore and turn it off. When you're all done, turn it back on again.

Lots of nasty software is persistent if System Restore is on while getting rid of the stuff.

you need a clean boot disc.

boot from CD drive, delete virus's.

If you have any trouble removing specific viruses www.majorgeeks.com is an excellent resource.

Another thing to keep in mind too is to disconnect any USB travel drives/thumbdrives. Several newer malware/trojans infect connected external drives now since they are usually left out of the system scans unless you check them off as well. So they elude the system scan and then reinfect the system once you plug them back in.

http://usa.kaspersky.com/

Sounds like you have a Nasty backdoor dropping in other viruses. I just recently had a pretty nasty infection that my Panda Anti Virus apparently couldn't handle. (I hate McAfee and Symantec)

After doing much research i found that KasperSpy AV to be the top rated and best. It's a bit more expensive but worth it. Something you don't want to slack on is your AV.

You can download a fully functional trial version and try it out.

http://www.kaspersky.com/

I'd try Avast (http://www.avast.com/eng/avast_4_home.html) out if I were you. You can do a "boot time scan" and delete files before Windows even loads. Some viruses will replicate themselves upon delete, this prevents them from doing so. I've been using it for years and really like it...

Gene

win.32rootkit will NOT go away, I got some to leave, but this one always pops up. Erg..........

What did you install? Make sure that you only have 1 AV installed on the machine at a time. Make sure you run a full scan.

Install KasperSky and change it to High Security Level and do a full scan. If KasperSky can't kill it, then your hosed and will have to reinstall windows or use a repair disk.

Flame, I can't offer anything in addition to the good advice you're getting here, but wanted to tell you I empathise. This sort of thing has happened to me and it absolutely drives you mad. Feel bad for ya.

I use AVG the pro edition, and keep it up to date. Also run SpyHunter once a week. I'm not a techy though, just muddling through.

Good luck.

All of the above is almost correct.
But non of it will work. You can scan until the machine turns to dust and it will never get it out. All excepts bob's suggestion which is spot on.


reinstall windows or use a repair disk.
Absolutly mistaken.. No need for any re-install or repair..

This is a smitfraud infection
You will need a special cleaner for that. google it. its around. And do not pay for it. The free one is the best one because it works. Big DAwg has a good idea where to find it.

Find the smit fraud cleaner and run it. Nothing else will work. The infection is too deep and always comes back. BEcause you will not find the roots.
Also with smitfraud is likely something with 800 in the name on yoru machine as well. usually its around the program files folder. That has to go as well. This type of infection comes from visiting sites with a compromised JAVA. They failed to update their java and smitfraud invades. Other cases are accepting certain web cards.


As for the root kit.. that's something else. Very likely added in or just a red hearing. You will need a root kit cleaner for that if it is infact there..

In the end. I charge about $80 bux to do a deep cleaning for smit fraud with guarantee.

9 times out of 10 no matter how many scans, virus blockers, registry cleaners etc you run, your computer will never be the same again. Attempt to back everything up and then its time to format your computer. It will save you a lot of aggravation.

I'm inclined to agree with Hudson. If if it were just 1 or 2 infections, quarantining or deleting wouldn't be a big issue. In this case you may have infections that may not show up until months later. Backup your important files like Projects, Accounting Files, etc, then run a format and reinstall everything from scratch. (Make sure to make AV Software first on your list, Avast, AVG, etc.)

Something that I've done in the past is to remove the drive and put it in an external 3.5" usb case, then scan the drive from another machine.

This way the virus can't protect itself from AV scanners and does not have a chance to execute.

You guys kill me.. AHAHAAHAHAH

An infected on a computer is just some code. Its just some 1's and 0's. All you have to do to make it stop causing probs is to change just a few of those 0's or 1's and the code is dead. It's not dirt, its not germs, its just some magnetic spots on a hard disk.

Remove the threat and nothing else matters. Its gone. The code has no life. Reformat for about 800 bits of data is like emptying the pacific ocean because someone poured some oil into it. Once the bad code is disabled,, the computer will over write what ever is left. Thus its all gone. Dead .. as in no longer exists. It will not show up again months later.

Smitfraud is a nasty one.
I'd like to find the bastards responsible and remove their sex organs with a lead pipe.
Internal and external.

this same thing happened to me yesterday , i used HijackThis to remove it ,

Got the same thing going on my production computer..:frustrated:
My daughter used it Saturday to download some music on myspace. :doh:

CounterSpy and The Shield Deluxe were no help. :banghead:

Yesterday, she was setting up a business site on myspace,

some music on myspace. :doh:
:banghead:

Well It looks like we all learned one thing today.........

Dont go to MYSPACE with a important computer............:doh:

popups are coming up so fast I can't even seem to download anything.......... :(

popups are coming up so fast I can't even seem to download anything.......... :(



Download it to a flash drive and then transfer it........

Well, I tried to download and run one of the socalled free smit fraud
cleaners, but at the end of the scan it said you must upgrade and pay]
for the cleaning....not that I would mind but Techman said the free ones
are the best. Anyway, My "Shield Deluxe" came up automatically and said
that all threats had been neutralized. All pop ups have stoped so I guess
I'm ok. I did turn off Systems Restore as suggested.

Hope you get yours fixed up soon Flamey. Good Luck!

self replicating virus crap. Mark in Tx has the right attitude, wish we could find them. a couple years ago, I caught a something that attacked the bios chip, physically!! fried it! but that replicating crap is a real pain. good luck. all the good ideas have been spoken here. hope one works.

Wipe the hard disk clean, install the OS and then a virus protection software. Then all else. Good luck.

Reformat the hard disk, reinstall your system from the original system disk, clean the computer with Windex, sell said computer on eBay and spend the proceeds on a new Mac!

:rolleyes:

Reformat the hard disk, reinstall your system from the original system disk, clean the computer with Windex, sell said computer on eBay and spend the proceeds on a new Mac!

:rolleyes:



haha. No macs for me. They drive me nuts. Logged in 100 design hours on one in college, and was always glad to get back to my beloved PC's. :P

haha. c'mon justin. Macs are where its at. They are like hybrids, someday they will just have to cover some of the mistakes we made...

:p

I'm not hipster enough to own one.

but I do own a black turtleneck....

What are these viruses and adware you speak of? I've never had one.

Actually I lie. I set-up a win2000 server box at home a few years ago. Within 24hrs I had multiple viruses, adware and had been hacked into. So I sold the machine and bought another mac for at home. Life is good now.

Weird.......... no more. I run scans, clean. No more popups, no more issues that I can find. It's gone.... it can't even find the rootkit anymore (the one that popped up every 10 minutes)

Bizarre.... I didn't do anything different.

Weird.......... no more. I run scans, clean. No more popups, no more issues that I can find. It's gone.... it can't even find the rootkit anymore (the one that popped up every 10 minutes)

Bizarre.... I didn't do anything different.

Yeah, mine went away too. Now its back. But only about one popup
every 2 hrs.

What are these viruses and adware you speak of? I've never had one.

Actually I lie. I set-up a win2000 server box at home a few years ago. Within 24hrs I had multiple viruses, adware and had been hacked into. So I sold the machine and bought another mac for at home. Life is good now.

It seems a lot of people have always thought that Macs are somehow "immune" to viruses, it's not true. They are a computer and can get a virus just like a Windows or Linux machine can get a virus or malware. The difference is that not many people write viruses which affect Mac systems (which is drastically changing actually.) But Macs are far from invincible to virus attacks. Heck, one of our programming projects back in high school was to design a bug that could attack both Windows and Mac systems. All in all, it was a very simple bug that didn't damage data or return your passwords or anything, but it would replace links of certain icons to other programs (instead of opening the CD-Rom drive when you clicked on the icon, it instead shut off the computer, etc.) and associating certain menu commands or events with certain sound effects.

The good ol' days of people buying a Mac because of the limited number of viruses that are targeted towards them is quickly changing. There have been several articles and reports released resently of some very powerful and dangerous viruses beginning to circulate throughout the Mac community and several experts are predicting it will be getting a lot worse very fast due to the number of people who have been picking up OSX.

Weird.......... no more. I run scans, clean. No more popups, no more issues that I can find. It's gone.... it can't even find the rootkit anymore (the one that popped up every 10 minutes)

Bizarre.... I didn't do anything different.

Flame, now just stay off the porn sites and you should be OK.:thumb:

It seems a lot of people have always thought that Macs are somehow "immune" to viruses, it's not true.

I never implied they were immune. However my experience with over 20 years working on the mac platform has been completely virus free.

When they come up with some kind of a virus that can infect macs simply by visiting a website, without having to download and run a file, I'll bump up the worry meter a notch. Until then I'll just carry on enjoying my virus free existence.

This floggin PC's,,, and MACS are better over the virus thing is so old.

MAC's have problems too. They are not a god and owning a MAC is not supposed to be a religious experience kin to that of enlightenment..

Here's what I did and I haven't had to fight a virus in years, I hope it helps.

1. Clean os install.
2. Setup EVERYTHING the way I need it, installed programs and set my preferences, set shared printers, turn off automatic updates, etc.
3. Ran backup software(I use Acronis True Image) and saved it to a separate drive. This makes a copy of everything on your drive os, programs, settings that you can load in case things go bad beyond what my virus protection(spyware terminator, windows firewall, windows defender) can quickly fix.
4. Only use the internet with a limited user account, if something gets weird like popups or an extra search just happens appear I just delete the user account and start another one. You can save your bookmarks in a shared folder.
5. No more headaches.

Macs can compromised by just visiting a website too.

I am not bashing Macs. They are good computers. There is just a lot of misinformation out there.

Check this out: http://www.macworld.com/article/132733/2008/03/hack.html

5 easy ways to minimize (or even stop) infections!

A little prevention goes a long ways. I personally have not been infected or compromised in over 5 years. I surf the Internet just like everyone else and read TONS of email every day. I live by the following 5 rules:

#1. Get a good anti-virus/firewall/anti-malware program. There are a lot of good ones out there. Choose one and keep it up to date. Just installing it once and not updating the subscription is not going to cut it. $50-60 per year is a very reasonable price for a more secure computer. Most good software will license up to 3 computers for $50-$60.

#2. Stay updated. Turning off your "Automatic Updates" is CRAZY. Updates are released often and they are released to keep up with new threats and vulnerabilities. Not getting the security updates leaves you at risk. "Windows Update" will keep Windows and IE updated. You can also enable "Microsoft Update". This will keep Windows, IE, and all of your other MS applications up to date (including "Office" apps like Word, Excel, Outlook). "Office" applications all have security vulnerability fixes available quite often and keeping them up to date is key! If you have Java installed, keep it updated too!

#3. Don't open unsolicited attachments. If you don't recognize the person sending it to you, don't open it. Even if you know the person, don't open it unless you are expecting an attachment. Your friend may be infected and his computer may be sending little viruses to everyone in his address book.

#4. Use an updated browser. IE7 on Vista or XP is great IF YOU KEEP YOUR SYSTEM UPDATED. IE7 on Vista is more secure than IE7 on XP, due to "Protected Mode", which is only available on Vista. Firefox is great too if you are into customizing your browser. I personally use both. I like Firefox and use it most often, but there are number of things that I need to do with IE7 once in a while. There are other good browsers out there. Just keep them up-to-date!

#5. If you have a broadband connection, buy (and properly configure) a "router/firewall". There are a number of good brands available. Just be sure to change the default password and encrypt your wireless (if you decide on a wireless router). This is just one more safety layer between your computer and all the evil out there on the Internet.

You can go to more extreme measures, but this is a good start. These 5 steps will keep you out of harms way most of the time. Even careful people get viruses and other malware. But the more you are prepared, the less likely you are to get infected.


I reposted this to a new thread, just in case anyone else would like to read it.

My system has never had a virus. I use a few simple rules//

a good anti virus is helpful. AVG is FREE and works great. There are a few others that are FREE and work just as well as a paid. Free just has a few less features that most of us do not need any way.

Turn OFF al automatic updates. Do not allow anything to auto update. Any updating should be done only with your full knowledge and permission. Yes, This is important. If something updates by itself.. And your software suddenly quits you do not have any idea what caused the problem. At least if you know something updated then that could be a clue.

Some updates remove functionality. I hate that when it happens too.

opening strange anything without protection is just not good no matter who you are dating.

Leave Internet Explorer in all flavors to the others. Avoid IE at all costs. IE and Outlook are not made to prevent spammers and malware. Firebird and Firefox and other mozilla flavors are way better choices.

Anyone online with out a software firewall and a router are asking for invasions. Nearly all high speed modems have a firewall but you need a software firewall too. That means 2 way protection. Going and coming in traffic. You have to know whats trying to call out too. many modern malwares call out to a site to download more of its junk. Smit fraud is a classic call out maggot software..

I have a Mac, I will just do that K.

opening strange anything without protection is just not good no matter who you are dating...

How did I ever survive the 80's?

This floggin PC's,,, and MACS are better over the virus thing is so old.

MAC's have problems too. They are not a god and owning a MAC is not supposed to be a religious experience kin to that of enlightenment..

NOT a MAC DUDE by any strech but went to their web site the otherday and priced a loaded computer!!!!

Came out to $25k...:omg: try it for fun

they better never get viruses for that kinda coin...

must be pretty quick....heh heh

stick to what youre used to i guess?

Hey, who doesn't need fibre channel network cards, a $3000 video card, 32GB of RAM (@ three times the going rate elsewhere), Quad 15,000RPM SAS RAID, and dual 30" monitors on a workstation?

You could knock $6000+ off the price right away by buying your RAM elsewhere, and it would come in about the same as a comparably equipped Dell. Although much of what Dell offers on it's website isn't directly comparable to Apple's options (ie: no quad channel fibre network card, 30" monitors, 32GB of RAM, etc). So you'd need some additional vendors to create a truly comparable system.

I am with techman. Get rid of Internet exploder and use Firefox. I see a lot of people talking AV, but AV does not do a whole lot for spyware that can cause a lot of issues as well. One of the top spyware detection software applications is Spybot Search and destroy. I use this and it cut down on many problems. One of my favorite features is that it will not allow a registry change or software install without you clicking allow or deny. This gets annoying sometimes, but it is well worth it. Something else I use that has helped my system is Registry Mechanic. This doesn't really do AV or catch spyware, but it will clean up your registry and improve your system's performance if there is a lot of unneeded or partial strings in your registry.

What about McAfee Enterprise??

McAfee

Sux big time

What about McAfee Enterprise??

I think that I would purposely install spyware on my PC before I installed McAfee.:frustrated:

I think that I would purposely install spyware on my PC before I installed McAfee.:frustrated:


BWAAAAHAAHAHAAA!!!!! That's funny! Actually, if you install McAfee on your system, isn't that just like installing spyware? Let's think about this one, it installs a billion packages on your computer, slows your machine down immensely by having all their crap running at all times, programs seem to crash more often once its installed, your internet and email is bogged down while it sniffs everything that comes in and everywhere you go, and no matter what you do to disable it, even temporarily, it returns in full-force time and time again!

Yep, sounds just like a virus to me!!!

I'd rather install Win 3.11 and go back to Aldus Pagemaker, Corel 3 and play Reversi than install mcafee (or norton's, that one's just as bad!) on my existing system, I'll probably get the same performance either way!


Chris