1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Make yourself a coffee first.. You'll need one..

Discussion in 'Networking & Security' started by Kymberly_S, May 18, 2009.

  1. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    Where do I begin...

    Recently I took my personal data off of an old laptop of mine so I could give it to my son. He had it for one afternoon/evening.. the internet became increasingly slow then cut out.

    He did nothing wrong though. I think I picked up a virus either from software updates OR AVG..

    So I couldn't get into the computer normally from the user area as there was something loading in the processor area. I managed to see it once and went 'end process' .... then it duplicated itself to the point that the virtual memory was used up in a matter of 40 secs or so.

    After that I could no longer access task manager and a message would appear that said the Administrator had disabled task manager.. although the USER is the Administrator..

    (one thing you should know is that there was a " Warning! you have a virus" window flashing on the desktop of the user area. I checked the desktop settings to check out what was happening and there was an internet explorer icon in the area where you can click on anything to change the desktop appearance, BUT I couldn't click on any of the other background options as they had been grayed out.. so to say... unclickable.. This is where the interned explorer icon was. There was no option to 'unclick' the 'web' function either.. I don't know how that got there. It was planted and wasn't going to be removed)

    Soooo, I went in through safe mode. Tried to run AVG but it wouldn't.
    I deleted AVG (removed program through control panel). Then I downloaded the latest version of AVG from the official site, onto a memory stick (from another computer) and then put it in the laptop, loaded it and ran it through command prompt, from safe mode, as this is the only way it would run.

    It picked up a lot.. a lot of exe files.. etc..... (can you see where this is headed)

    When it finished running, it closed down.

    I assumed, yes I know :( , that everything would be hunky dorey and I had in fact conquered the situation.

    However... when I shut the computer down and started it up normally so I could get into the normal user area a white screen came up. This white screen remained up. Nothing else appeared except a log in window. When I logged in.. by clicking on ok because there is no password.. the screen was white, and bleak and nothing else appeared, which made my mood go from :) to :( and then to grrrrrrr and now I am just a little ?

    I have no idea what is going on and if someone does and fixes this for me.. I will be Forever Grateful and send you a present! :respect: Seriously.. if someone could help me out.. I am sooooooooo sick of fixing computers.. lol.. I really fixed this one didn't I?

    The virus is one that adds onto exe's??
  2. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    download the 30 day trial of kaspersky from here.

    avira, AVG etc - despite what some say, all those free antivirus are crap. 2/3 of what they find isnt even a virus at all, they find 'more' than other antiviruses because they find harmless things and make them out to be massive threats.

    kaspersky will solve your problem - you may need to do a clean boot however. Start windows in safe mode, and open up the start menu. Go to run and type MSconfig then click ok. on the startup tab, untick EVERYTHING.

    reboot the machine, install kaspersky. let it update online when asked. Once its up and running make it do an entire scan of the PC (right click the C: drive in my computer, and get it to scan there).

    That should clear things up.

    Oh and in my experience, when a male under 18 gets on a PC and it gets a virus moments later... they nearly always clicked something they shouldnt have, and lied about it. its not so much commonplace as its a law of nature.
    Last edited: May 18, 2009
    Kymberly_S says thanks.
  3. infrared New Member

    Joined:
    May 28, 2005
    Messages:
    3,307 (0.98/day)
    Thanks Received:
    183
    Location:
    Southampton, UK
    In your situation it would probably be best to format it and re-install the OS. Usually takes a couple of hours tops, probably a lot less time than you will spend trying to fix what's happened.

    You were lucky you backed up all your stuff before this happened! :)
    Kymberly_S says thanks.
  4. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    hrmmmmm ...

    ok.. Will give that a go. Right now.. And run it from safe mode of course? because nothing else is working.

    be back to let you know..
  5. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    safe mode blocks everything from starting with windows that isnt windows. so you cant really run an antivirus from it. some work, some dont.

    MSconfig will prevent the virus starting with windows, allowing kaspersky to get its updates online and delete them. I suggest that the second kaspersky starts its scan, you disconnect the laptop from the internet.
    Kymberly_S says thanks.
  6. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    I can't access the internet from the laptop in question because it just wont let me.. So, if I can't register this Kaspersky.. will it work if it can't register?

    Also, if I re format? I have done this once before .. about a year ago now with another laptop (yeah, real hot at this aren't I) and the disks would only go so far (yes, original) and then nothing but a black screen. (still haven't fixed that. Was going to go into a shop and get them to do it for me because I am so done with all this.. !)

    I am somewhat dubious about putting in the original disks now.. sorry, please don't get offended because I do appreciate your help.. just don't want to wreck the computer ...
  7. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    i'm not too sure how kaspersky handles without activation, as i own a licence i can activate it offline. I still suggest using MSconfig and removing all the entries, it will stop the virus running at startup and may allow you to get back online.

    Yes, you could use the disks and format it. That would solve the problem, i doubt you'll have the same black screen issue. You did get lucky this time, by having your data backed up right before the crap hit the fan.
    Kymberly_S says thanks.
  8. KainXS

    KainXS

    Joined:
    Sep 25, 2007
    Messages:
    5,600 (2.21/day)
    Thanks Received:
    501
    I have had this prob, but I forgot the app i used to fix it

    its a little app where you reset the network keys, anyone remember the name of it,

    and I had to use a pendrive to send the app from another pc

    but the virus has to be removed first, got any old norton cd's laying around that are usually bundled with alot of pc stuff
    Kymberly_S says thanks.
  9. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    lucky .. yes ...

    Yes.. I was very lucky to have taken all my data off before I gave it up... BUT... I saved it to my external memory and just tonight realised that ....

    I SAVED IT TOOOO MYYYY EXTERNALLL MEMORY!!!!!!

    I haven't started up the external memory since I did this as I thought it was best to make sure I haven't transferred the virus to all of my important documents and family photos from the past 7 years or so.!!!

    :cry:

    I will do the config thing and the download and if that doesn't work.. I will be back and see if there are any other suggestions before I run the disks.. (save me)
  10. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    external memory?

    Not a term i'm familiar with.
    Kymberly_S says thanks.
  11. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    ext mem

    silver box that plug into the computer with memory.. 380GB I think.. like a massive memory stick/ flash drive..
  12. Pinchy New Member

    Joined:
    Apr 29, 2006
    Messages:
    5,109 (1.68/day)
    Thanks Received:
    284
    Location:
    Sydney, Australia
    Kymberly_S says thanks.
  13. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    external hard drive.

    It may work the same as a flash drive as far as you can tell, but its a very different thing on the inside.
    You should be ok with the data on there, as it sounds like the virus infected the machine after you finished backing up the data.

    In all honesty, i suggest you hop on to ebay and buy a kaspersky key (they're about $15au for a year) and protect your other machine, just so that they dont both go down on you if the virus manages to spread somehow.
    Kymberly_S says thanks.
  14. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    kaspersky key ?

    Just went on ebay and put it in search but nothing came up?
  15. oily_17

    oily_17

    Joined:
    Sep 25, 2006
    Messages:
    2,313 (0.80/day)
    Thanks Received:
    670
    Location:
    Norn Iron
    You can download Malwarebytes on the PC your are on at the moment.Then transfer it to a CD/USB stick and put it on the other PC.Then install it.

    When it has finished installing, then place the attached rules.ref file(unzip it first) in -

    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

    You may have to unhide system files to see these folders.Then run a scan with it and see if it helps.

    Attached Files:

    Kymberly_S says thanks.
  16. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    Enjoy

    Its a 3 PC licence so you can install it to both PC's.
    Kymberly_S says thanks.
  17. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    paranoid much?

    Ok.. now I may be being paranoid.. but..

    when I plugged in the mem stick 1GB.. there is avg. the latest one I downloaded that I mentioned in my first 'question/explanation' and .. adaware.. AND EXPLORER.EXE Run as DLL as an app Microsoft Cooperation and another thing that says RUNDLL32.EXE Run as DLL as an app Microsoft Cooperation is this a part of the adaware and avg thing or is it a bad virus, like in disguise..?

    This is the memory stick I would be downloading your good suggestions onto to put into the laptop and try to save it..
  18. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    if you're worried about the flash drive, format it on the good PC before placing any files on it.
  19. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    It has some of my daughters work on it.. should I scan it with avg and then delete the avg.exe and adaware.exe and copy her work to the computer??? then reformat it..

    sorry if this sounds stupid but I don't want to be fixing another computer if I can get out of it..
  20. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    That sounds like a good plan of action.
    heres a good idea: put her work in a zip file. viruses rarely corrupt files they cant identify, if its in a password protected zip file they cant infect it.
    Kymberly_S says thanks.
  21. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    sorry to bug you.. pardon the pun ...

    How do you password protect a zip file?
  22. oily_17

    oily_17

    Joined:
    Sep 25, 2006
    Messages:
    2,313 (0.80/day)
    Thanks Received:
    670
    Location:
    Norn Iron
    Flash_Disinfector

    http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

    Run it and follow any prompts that may appear.
    It may ask you to insert your flash drive and/or other removable drives including your mobile phone etc.
    You can allow the utility to clean up those drives as well.
    Wait until it has finished scanning and then reboot.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
    Kymberly_S says thanks.
  23. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    I have to go and try some of these things.. Thank you soooo much to you all for helping me out.

    I have to say that out of all the forums I have been in I have never got such quick responses, not to mention so many, and VERY helpful all round, as I have from here.

    Thank you again and will let you know how it all goes.. Fingers Crossed.. :)

    Crumbs... one more thing.. Obviously I would be running these from safe mode right???

    Because I can't get anything else to load..
    Last edited: May 18, 2009
  24. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,150 (11.66/day)
    Thanks Received:
    9,474
    i just had a moment of inspiration. There is a particular website of a... well its nature fits under about every negative word you can think of, to moral people. To immoral people, its got everything from porn to pictures of cats with funny hats.
    Point is an infection has spread to many from an attack on that website called vundo. After looking into it, it spreads and downloads many other programs and sounded similar to what you described.

    http://vundofix.atribune.org/

    It cant hurt to try, and if it turns out the PC did have vundo, i'll PM (private message) you the site of the website so you can block it.
    Kymberly_S says thanks.
  25. Kymberly_S New Member

    Joined:
    May 27, 2008
    Messages:
    165 (0.07/day)
    Thanks Received:
    2
    Location:
    Australia (SA)
    :respect: Thanks soo much..

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page