You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
A
Alison
I just wanted to add here that my brother's computer has developed the exact
same problem.
I've been at it for two days trying to sort it.
To stop it shutting down:
Click Start>Run>shutdown -a>OK (there's a space between the shutdown and the
-a)
I've not been able to get on the internet when logged in normally but can
get on in Safe Mode.
I've run Avira antivirus (eventually) and it's came up with two detections
so far - DR/Comet.BL.1 and TR/Dldr.Small.aexy - neither of which I can find
on any internet/virus searches.
I had to give up tonight because it was getting late but if anyone has any
ideas how to get rid of this pest, I'd be grateful.
Oh, and my brother is still on Service Pack 2...........................
same problem.
I've been at it for two days trying to sort it.
To stop it shutting down:
Click Start>Run>shutdown -a>OK (there's a space between the shutdown and the
-a)
I've not been able to get on the internet when logged in normally but can
get on in Safe Mode.
I've run Avira antivirus (eventually) and it's came up with two detections
so far - DR/Comet.BL.1 and TR/Dldr.Small.aexy - neither of which I can find
on any internet/virus searches.
I had to give up tonight because it was getting late but if anyone has any
ideas how to get rid of this pest, I'd be grateful.
Oh, and my brother is still on Service Pack 2...........................
L
Leonard Grey
Some things to know about malware infections:
1- Unfortunately, there is no standard naming convention for malware, so
the same infection can have different names from different anti-malware
organizations.
2- Malware frequently changes itself into variants of the original. By
the time you find a solution to the original infection, it might have
morphed into a new infection.
In your case, the solution is clear: You must remove whatever has
infected the computer. (In the larger sense, you have to learn to avoid
becoming infected in the first place.) Don't think it's a simple matter
to remove a malware infection. It often requires the aid of a
professional, which is what I recommend in your case. Some infections
are so entrenched that the only thing you can do is erase your hard disk
and start from scratch.
1- Unfortunately, there is no standard naming convention for malware, so
the same infection can have different names from different anti-malware
organizations.
2- Malware frequently changes itself into variants of the original. By
the time you find a solution to the original infection, it might have
morphed into a new infection.
In your case, the solution is clear: You must remove whatever has
infected the computer. (In the larger sense, you have to learn to avoid
becoming infected in the first place.) Don't think it's a simple matter
to remove a malware infection. It often requires the aid of a
professional, which is what I recommend in your case. Some infections
are so entrenched that the only thing you can do is erase your hard disk
and start from scratch.
M
Max Wachtel
General Cleaning Instructions (you may want to print this out)Alison said:To stop it shutting down:
Click Start>Run>shutdown -a>OK (there's a space between the shutdown and the
-a)
1.Ensure the built-in firewall is enabled (remove 3rd party PFW).
2.Internet Options
General tab
Under 'Browsing history' click the 'Delete...' button to delete
temporary files, history, cookies etc..
Advanced tab
Under 'Security' [check] 'Empty Temporary Internet Files folder when
browser is closed'.
Click the OK button.
3.On-demand AV applications.
David H. Lipman's MULTI_AV Tool
<http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe>
<http://www.pctipp.ch/downloads/dl/35905.asp>
English:
<http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/>
Additional Instructions:
<http://pcdid.com/Multi_AV.htm>
--and/or--
Kaspersky's AVPTool
<http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/>
--or--
<http://ftp.kaspersky.com/devbuilds/AVPTool/>
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and/or--
Dr.Web CureIt!® Utility - FREE
<http://www.freedrweb.com/cureit/>
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and--
Malwarebytes© Corporation - Anti-Malware
<http://www.malwarebytes.org/mbam/program/mbam-setup.exe>
--and--
SuperAntiSpyware - Free
<http://www.superantispyware.com/superantispywarefreevspro.html>
If you operating system is considered clean:
Flush your System Restore Cache
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [check] 'Turn off
System Restore on all drives'.
Click 'Apply' then click OK
Reboot.
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [uncheck] 'Turn
off System Restore on all drives'.
Note: ensure that under 'Available drives' the Status of Drive does show
'Monitoring'.
And then manually create a Restore point.
Go to:
<http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx>
And scroll down to: Create a Restore Point.
Then download/install:
Avira AntiVir® Personal - FREE Antivirus
<http://www.free-av.com/>
(The free version won't scan your emails.)
Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM),
scanning email is worthless.
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
<http://thundercloud.net/infoave/tutorials/email-scanning/index.htm>
Ensure your e-mail program is configured to display e-mail messages in
'Plain Text' only.
And:
Windows® Defender
<http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en>
Then:
Download and execute HiJack This! (HJT)
<http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis>
Please, do not post HJT logs to this newsgroup.
Forums where you can get expert advice for HiJack This! (HJT) logs.
<http://www.thespykiller.co.uk/index.php?board=3.0>
<http://www.spywarewarrior.com/viewforum.php?f=5>
<http://forums.tomcoyote.org/index.php?showforum=27>
<http://www.bleepingcomputer.com/forums/forum22.html>
<http://www.malwarebytes.org/forums/index.php?showforum=7>
<http://www.5starsupport.com/ipboard/index.php?showforum=18>
<http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29>
NOTE: Registration is required in any of the above mentioned forums
before posting a HJT log and read the 'stickies'
(instructions/guidelines) for the respective HJT forum.
Routinely practice Safe-Hex.
<http://www.claymania.com/safe-hex.html>
Post back with results.
A
Alison
Thank you all for your help.
I seem to have it sorted.
I ran Avira Anti-virus and it picked up two infections. I then ran an
online scan from Eset - it picked up another two infections.
Then I ran an online scan from BitDefender - it picked up TEN viruses and 15
infected files!!!!
Very tentatively rebooted the PC into normal mode - and it stayed on!
I also hadn't been able to get on the internet unless it was in safe mode
and I couldn't install any other software because it kept flashing up that
the administrator had set policies to prevent the installation - couldn't
even run the Windows Installer Cleanup because it wouldn't let me.
Everything is working now.
I've given my brother a huge lecture about neglecting his PC housekeeping.
Installed Avira Antivirus and Ad Aware. I've switched on Windows Firewall -
the reason he had taken off third party firewall and disabled windows
firewall was because he couldn't get his Xbox live to connect with the
firewall on!!!!
I'm really quite paranoid about computer security and I perhaps overly check
- antivirus every day, antispyware, firewall but I've not ever had a problem
- apart from a bad driver once.
I really thought this one was beyond my capabilities but I seem to have it
sorted.
I seem to have it sorted.
I ran Avira Anti-virus and it picked up two infections. I then ran an
online scan from Eset - it picked up another two infections.
Then I ran an online scan from BitDefender - it picked up TEN viruses and 15
infected files!!!!
Very tentatively rebooted the PC into normal mode - and it stayed on!
I also hadn't been able to get on the internet unless it was in safe mode
and I couldn't install any other software because it kept flashing up that
the administrator had set policies to prevent the installation - couldn't
even run the Windows Installer Cleanup because it wouldn't let me.
Everything is working now.
I've given my brother a huge lecture about neglecting his PC housekeeping.
Installed Avira Antivirus and Ad Aware. I've switched on Windows Firewall -
the reason he had taken off third party firewall and disabled windows
firewall was because he couldn't get his Xbox live to connect with the
firewall on!!!!
I'm really quite paranoid about computer security and I perhaps overly check
- antivirus every day, antispyware, firewall but I've not ever had a problem
- apart from a bad driver once.
I really thought this one was beyond my capabilities but I seem to have it
sorted.
Max Wachtel said:General Cleaning Instructions (you may want to print this out)Alison said:To stop it shutting down:
Click Start>Run>shutdown -a>OK (there's a space between the shutdown and the
-a)
1.Ensure the built-in firewall is enabled (remove 3rd party PFW).
2.Internet Options
General tab
Under 'Browsing history' click the 'Delete...' button to delete
temporary files, history, cookies etc..
Advanced tab
Under 'Security' [check] 'Empty Temporary Internet Files folder when
browser is closed'.
Click the OK button.
3.On-demand AV applications.
David H. Lipman's MULTI_AV Tool
<http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe>
<http://www.pctipp.ch/downloads/dl/35905.asp>
English:
<http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/>
Additional Instructions:
<http://pcdid.com/Multi_AV.htm>
--and/or--
Kaspersky's AVPTool
<http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/>
--or--
<http://ftp.kaspersky.com/devbuilds/AVPTool/>
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and/or--
Dr.Web CureIt!® Utility - FREE
<http://www.freedrweb.com/cureit/>
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and--
Malwarebytes© Corporation - Anti-Malware
<http://www.malwarebytes.org/mbam/program/mbam-setup.exe>
--and--
SuperAntiSpyware - Free
<http://www.superantispyware.com/superantispywarefreevspro.html>
If you operating system is considered clean:
Flush your System Restore Cache
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [check] 'Turn off
System Restore on all drives'.
Click 'Apply' then click OK
Reboot.
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [uncheck] 'Turn
off System Restore on all drives'.
Note: ensure that under 'Available drives' the Status of Drive does show
'Monitoring'.
And then manually create a Restore point.
Go to:
<http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx>
And scroll down to: Create a Restore Point.
Then download/install:
Avira AntiVir® Personal - FREE Antivirus
<http://www.free-av.com/>
(The free version won't scan your emails.)
Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM),
scanning email is worthless.
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
<http://thundercloud.net/infoave/tutorials/email-scanning/index.htm>
Ensure your e-mail program is configured to display e-mail messages in
'Plain Text' only.
And:
Windows® Defender
<http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en>
Then:
Download and execute HiJack This! (HJT)
<http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis>
Please, do not post HJT logs to this newsgroup.
Forums where you can get expert advice for HiJack This! (HJT) logs.
<http://www.thespykiller.co.uk/index.php?board=3.0>
<http://www.spywarewarrior.com/viewforum.php?f=5>
<http://forums.tomcoyote.org/index.php?showforum=27>
<http://www.bleepingcomputer.com/forums/forum22.html>
<http://www.malwarebytes.org/forums/index.php?showforum=7>
<http://www.5starsupport.com/ipboard/index.php?showforum=18>
<http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29>
NOTE: Registration is required in any of the above mentioned forums
before posting a HJT log and read the 'stickies'
(instructions/guidelines) for the respective HJT forum.
Routinely practice Safe-Hex.
<http://www.claymania.com/safe-hex.html>
Post back with results.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is for use in USENET-feel free to use it yourself.
L
Leonard Grey
Good show! I'm very glad that you were able to sort things out. And no,
you shouldn't think of yourself as paranoid. Most people do not grasp
the extent of the malware problem. The internet is by far the worst
neighborhood in the world...and they /are/ out to get you.
Now's the time to learn how to protect yourself. You need comprehensive
protection from all malware threats and you need to keep your software
updated (including Windows.)
But software is only your second line of defense. You are your own first
line of defense.
---
Leonard Grey
Errare Humanum Est
you shouldn't think of yourself as paranoid. Most people do not grasp
the extent of the malware problem. The internet is by far the worst
neighborhood in the world...and they /are/ out to get you.
Now's the time to learn how to protect yourself. You need comprehensive
protection from all malware threats and you need to keep your software
updated (including Windows.)
But software is only your second line of defense. You are your own first
line of defense.
---
Leonard Grey
Errare Humanum Est
Thank you all for your help.
I seem to have it sorted.
I ran Avira Anti-virus and it picked up two infections. I then ran an
online scan from Eset - it picked up another two infections.
Then I ran an online scan from BitDefender - it picked up TEN viruses and 15
infected files!!!!
Very tentatively rebooted the PC into normal mode - and it stayed on!
I also hadn't been able to get on the internet unless it was in safe mode
and I couldn't install any other software because it kept flashing up that
the administrator had set policies to prevent the installation - couldn't
even run the Windows Installer Cleanup because it wouldn't let me.
Everything is working now.
I've given my brother a huge lecture about neglecting his PC housekeeping.
Installed Avira Antivirus and Ad Aware. I've switched on Windows Firewall -
the reason he had taken off third party firewall and disabled windows
firewall was because he couldn't get his Xbox live to connect with the
firewall on!!!!
I'm really quite paranoid about computer security and I perhaps overly check
- antivirus every day, antispyware, firewall but I've not ever had a problem
- apart from a bad driver once.
I really thought this one was beyond my capabilities but I seem to have it
sorted.
Max Wachtel said:General Cleaning Instructions (you may want to print this out)Alison said:To stop it shutting down:
Click Start>Run>shutdown -a>OK (there's a space between the shutdown and the
-a)
1.Ensure the built-in firewall is enabled (remove 3rd party PFW).
2.Internet Options
General tab
Under 'Browsing history' click the 'Delete...' button to delete
temporary files, history, cookies etc..
Advanced tab
Under 'Security' [check] 'Empty Temporary Internet Files folder when
browser is closed'.
Click the OK button.
3.On-demand AV applications.
David H. Lipman's MULTI_AV Tool
<http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe>
<http://www.pctipp.ch/downloads/dl/35905.asp>
English:
<http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/>
Additional Instructions:
<http://pcdid.com/Multi_AV.htm>
--and/or--
Kaspersky's AVPTool
<http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/>
--or--
<http://ftp.kaspersky.com/devbuilds/AVPTool/>
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and/or--
Dr.Web CureIt!® Utility - FREE
<http://www.freedrweb.com/cureit/>
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and--
Malwarebytes© Corporation - Anti-Malware
<http://www.malwarebytes.org/mbam/program/mbam-setup.exe>
--and--
SuperAntiSpyware - Free
<http://www.superantispyware.com/superantispywarefreevspro.html>
If you operating system is considered clean:
Flush your System Restore Cache
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [check] 'Turn off
System Restore on all drives'.
Click 'Apply' then click OK
Reboot.
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [uncheck] 'Turn
off System Restore on all drives'.
Note: ensure that under 'Available drives' the Status of Drive does show
'Monitoring'.
And then manually create a Restore point.
Go to:
<http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx>
And scroll down to: Create a Restore Point.
Then download/install:
Avira AntiVir® Personal - FREE Antivirus
<http://www.free-av.com/>
(The free version won't scan your emails.)
Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM),
scanning email is worthless.
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
<http://thundercloud.net/infoave/tutorials/email-scanning/index.htm>
Ensure your e-mail program is configured to display e-mail messages in
'Plain Text' only.
And:
Windows® Defender
<http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en>
Then:
Download and execute HiJack This! (HJT)
<http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis>
Please, do not post HJT logs to this newsgroup.
Forums where you can get expert advice for HiJack This! (HJT) logs.
<http://www.thespykiller.co.uk/index.php?board=3.0>
<http://www.spywarewarrior.com/viewforum.php?f=5>
<http://forums.tomcoyote.org/index.php?showforum=27>
<http://www.bleepingcomputer.com/forums/forum22.html>
<http://www.malwarebytes.org/forums/index.php?showforum=7>
<http://www.5starsupport.com/ipboard/index.php?showforum=18>
<http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29>
NOTE: Registration is required in any of the above mentioned forums
before posting a HJT log and read the 'stickies'
(instructions/guidelines) for the respective HJT forum.
Routinely practice Safe-Hex.
<http://www.claymania.com/safe-hex.html>
Post back with results.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is for use in USENET-feel free to use it yourself.
A
Alison
Leonard Grey said:Good show! I'm very glad that you were able to sort things out. And no,
you shouldn't think of yourself as paranoid. Most people do not grasp
the extent of the malware problem. The internet is by far the worst
neighborhood in the world...and they /are/ out to get you.
Now's the time to learn how to protect yourself. You need comprehensive
protection from all malware threats and you need to keep your software
updated (including Windows.)
But software is only your second line of defense. You are your own first
line of defense.
Thank you. It was quite a stressful experience.
As I said, I'm really paranoid and check my computer daily - my brother on
the other hand doesn't seem to be aware of all these problems he's leaving
himself open to.
From what I can gather from all the scanning I've done, the fault appears to
be in free screensavers that he downloaded (yeah, it was lovely with
waterfalls and parrots and soothing music). It wasn't until he uinstalled it
that the virus kicked off.
And a few years ago, he got the W32 BlasterWorm (Love san I think it was) on
his old laptop - and it was from the very same screensavers.
You'd think he'd learn.
Is it possible though that trying to uninstall these screensavers sort of
activates the virus?
The other fault that showed up that appeared the last time was a MyWebSearch
toolbar that he couldn't get rid of.
But it's all gone now!!
Thanks again.
Alison
L
Leonard Grey
"Is it possible though that trying to uninstall these screensavers sort
of activates the virus?"
Certainly.
Another good practice is to backup regularly. Backing up every day is
not too often.
of activates the virus?"
Certainly.
Another good practice is to backup regularly. Backing up every day is
not too often.
D
Dan
I have the problem but every time the system boots and I log into a screen
name I can not do anything at all so I can even rut a scan I watch about 49
programs start before the restart note pops up.
Is there a scan that I can run from boot up before windows starts I do not
want to re-install windows.
name I can not do anything at all so I can even rut a scan I watch about 49
programs start before the restart note pops up.
Is there a scan that I can run from boot up before windows starts I do not
want to re-install windows.
D
Dan
When I put the Windoes CD i n and try to do a repair I get a request for a
Admin password I have the home version there should not be a password so I
can not even try to get in through that door.
I nee to run the scan at the boot up before windows starts and is there a
program to do that.
Admin password I have the home version there should not be a password so I
can not even try to get in through that door.
I nee to run the scan at the boot up before windows starts and is there a
program to do that.