O/T computer virus woes

[michael hurd]

Low and behold I was infected last night around midnight and spent all night and half the morning battling this ugly virus.

This thing decided to take a hold of my Windows/IE explorer and add functions to my toolbar. On top of that, it was trying to connect to the internet. The first thing that I did was to kill the power to the DSL modem, and start to look for new files that were created last night in the Windows system and program files.

Ran Adaware and Spybot S&D, found and deleted more programs. Restarted, and found that the startup menu had been changed and more items added. GRRRR... By this point, it had slowed trying to connect to the modem, and I ran Spybot S&D again.

To my surprise, everything that I had deleted had reappeared again! Common hijacker, keyloggers, coolwwwsearch, Igetnet, were some of the displayed items that Spybot had shown. I then powered up the modem and braved a connection to the net. I quickly Googled coolwwwsearch, and found and antidote. As soon as I had the program downloaded, I killed the modem again.

My fix came in the form of a program called Spy Subtract, which also contains Cwshredder, which removes the redirection of searches and such. I had run the program twice, and restarted with my fingers crossed. Problem solved!

I hate people that write and design malicious code, and send nothing but spam.

[michael hurd]

The virus that I had received overwrites the history files, so that if you do a system restore, restoring the computer to an earlier date, Windows thinks that it has been there all along. This is why programs such as Spybot S&D do not "fix" the problems.

Whenever you sign on to the internet, the program morphs. It justs gets uglier, kind of like a carnival game where the heads pop out of holes, and you try and bash it, but then it reappears in another hole.

[ARPRINCE]

Yup I know exactly what you mean. Losing several hours trying to fix the PC.

If you are using XP, you need to disable the system restore. That's why it always comes back when you reboot your system.

Also use HIJACK. With it, you can track down all "programs" that were suddenly installed into your PC/Registry. You can delete the offending files with it (just make sure you are deleteting the malware and not a system file itself).

Then replace your IE with FIREFOX!!!! FIREFOX rules!!!

Lastly, I would stay away on those "nasty but entertaining" sites (if you know what I mean)!

[Frzninvt]

Yikes! That sounds like a nasty one, that was some quick thinking and diligence on your part to track the thing down. I probably would have done the system restore thing and would have been at a loss if it did not correct the problem.

I run Norton's Personal Firewall on my Desktop and Laptop but for some reason I cannot log onto MSN when Norton's Personal Firewall is running on my laptop which worries me since it will be vulnerable.

Malicious code writers should be put in front of a firing line for the aggravation that they cause.

[michael hurd]

I have Norton Anti-Virus, but it is worthless. It didn't pick up a thing! The virus definitions are up to date, the last possible revision. Spybot showed what the problems were, but could not correct them.

[rpittman]

You didn't have a virus, you've got spyware. (Granted the difference between the two is largely semantic.) At some point, you or another user clicked on a link to check on a 1.5% mortgage rate, make $1 million working at home, get free MP3s, or some other such crap. All those nifty little toolbars and useless desktop icons got shoved down the pipe onto your computer at that time. Try downloading Ad-Aware, and running it. It does a pretty good job of cleaning up the spyware stuff. SpySweeper is also another product that does a pretty good job of controlling spyware. Using one of these should help you get the situation under control.

I had a helluva time getting rid of this stuff until I educated my kids to never, ever click "OK" or go to any of the links that install spyware.

[3dzapper]

I subscribbed to Lavasoft's Adwatch SE+ program in addition to the Adaware search and destroy. SE+ is a realtime monitor of incoming data. If a site attempts to load spyware or adware the little icon flashes and blocks the transmission. If a really baaad thing is coming in, Se+ imediately shuts down IE. Plus I have Spybot running in the background, McAffee Virus Scan and Firewall Plus and a router between my computer and the cable modem.

Just because I'm paranoid, doesn't mean everybody isn't out to get me!

Rick

[verso]

Haven't been around here in a while.

Sorry to hear about your computer 'woes'. Usually, when something like that happens to me - I just reformat.

I have everything that is important to me backed up to another partition. So, I lose nothing. Heh.

Oh and, heh. I like your little quote. "I'm a Canadian - like an American but without a gun."

I'll just assume that it's in jest and you do not actually believe all Americans have guns. Though I do. Heh.

- Steven

[Marvel]

I don't have a gun. I have three or four!

[T2K]

----------------

On 1/24/2005 1:16:23 PM Frzninvt wrote:

Yikes! That sounds like a nasty one, that was some quick thinking and diligence on your part to track the thing down. I probably would have done the system restore thing and would have been at a loss if it did not correct the problem.

I run Norton's Personal Firewall on my Desktop and Laptop but for some reason I cannot log onto MSN when Norton's Personal Firewall is running on my laptop which worries me since it will be vulnerable.

Malicious code writers should be put in front of a firing line for the aggravation that they cause.

----------------

Did you download the MSN freeby 'Webroot Spy Sweeper'? Works better for me than even the storebought stuff. No kidding.

Keith

[chuckears]

I had a similar problem a week ago; it took me about half a day, but I finally got it whooped, and here is my current regimen:

Running SpywareGuard (SG) and Spyware Blaster in the background to stop incoming offenders (these are not removers; they are preventers, and freeware).

Regularly scanning with both Ad-aware and Spybot Search and Destroy; they seem to cover nearly everything. Then an occasional scan with HijackThis; but as a previous poster commented, it requires knowing something about your system files and applications to prevent removing some benign apps.

Finally, I am using AVG as my anti-virus, and looking for updates regularly.

...and I agree that these bored, malicious code-writers need to get themselves a girlfriend.

[michael hurd]

I'm glad that I go the problem licked and up and running again. The girlfriend was worried that I would have to take it to someone that could fix it for us, but I persevered. We don't have the original boot discs ( used computer ), so I was crossing my fingers that I would't lose all the pictures and files on here.

Someday, I will have to make backup discs of everything, and I keep saying I should. Just seems like there are never enough hours in a day.

[white_shadow]

You've got the problem under control thats nice to hear.

But some tips for the future, use Firefox. And I use the tools available from merlin.org.

You can find hijack this, CWSshredder, and some other good stuff. I don't have problems with spy/ad/mal-ware.