computer (almost illiterate) looking for virus help

[bcmaxx]

Home computer must have caught something, It'll boot up, connect to the internet for a few minutes then start getting virus messages (virus, worm,etc,popups and diverted websites, type in naxja and it'll redirect to their ad site) then the internet locks up. If I scan for virus with antivir it comes up with o threats found. Is there any free virus programs I can download, or download on my laptop and burn for use on my home pc?

 

[theNAST1EST]

My desktop came down with the same thing a few weeks ago. After a decent amount of time and frustration I was able to do a system restore. Everything seemed fine, but a remnant of the infection was still causing search engine results to redirect.

Anyway, the problem came back today with a vengence. The tower is on its way to pop's software gurus.

I guess the point I'm trying to reach is that I have relatively comprehensive anitvirus and adware/malware protection software (that apparently didn't work), and everything online advertising 'free virus scan/protection' looks completely sketchy.

Consult an expert, that's the best advice I can give.

 

[superdave]

Download and run the following programs in order:
http://download.cnet.com/MSConfig-Cleanup/3000-2094_4-10388647.html
http://www.stevengould.org/index.php?Itemid=70&id=28&option=com_content&task=view
http://www.ccleaner.com/
http://www.malwarebytes.org/mbam.php
http://www.combofix.org/download.php
http://www.simplysup.com/tremover/download.html
http://free.avg.com/us-en/download

 

[bcmaxx]

Download and run the following programs in order:
http://download.cnet.com/MSConfig-Cleanup/3000-2094_4-10388647.html
http://www.stevengould.org/index.php?Itemid=70&id=28&option=com_content&task=view
http://www.ccleaner.com/
http://www.malwarebytes.org/mbam.php
http://www.combofix.org/download.php
http://www.simplysup.com/tremover/download.html
http://free.avg.com/us-en/download

for real?

 

[TunaSoda]

Click Start
Click Run
Type msconfig

Services & Startup tabs,
Uncheck unrecognized stuff (make sure "messenger" service is disabled, it is not msn)

Open this file in notepad: C:\WINDOWS\system32\drivers\etc\HOSTS
It should just have like "127.0.0.1 localhost"
(and some stuff up top commented out by #'s)
any other non recognized stuff remove and save

Reboot

Download AVG free version from http://www.naxja.org/forum/free.avg.comhttp://free.avg.com
Scan PC

Download Malwarebytes anti-malware from here: http://download.cnet.com/Malwarebyt...4572.html?part=dl-10804572&subj=dl&tag=button
Run scan

See if the problem goes away

I hope this helped!

 

[RichP]

Copy important files, music, porn, etc to a an external hard drive.
Insert your windows cd and boot, wipe partition and recreate, then reinstall.
Do all the updates, then download AVG and install that.
Good rule of thumb is to reinstall windows at least once year just on basic principles.

 

[TunaSoda]

Copy important files, music, porn, etc to a an external hard drive.
Insert your windows cd and boot, wipe partition and recreate, then reinstall.
Do all the updates, then download AVG and install that.
Good rule of thumb is to reinstall windows at least once year just on basic principles.

That is way drastic for the situation at hand don't you think?

 

[RichP]

That is way drastic for the situation at hand don't you think?

Not really, if it has been installed for a year or two it's time to clean the crap out. I am starting to HATE microsoft, we have 40+ HP workstations, all running XP pro, all of a sudden I'm getting 'your version of xp did not pass microshit validation' WTF, they came from HP already installed, now I got to go screw with 10 or so that cropped up during the DHCP BS I'm dealing with now.
I'm supposed to get on the phone wasting my time so they can give me a new license number that I will then have to go thru and enter in every workstation. If I had a version of Avaya phone software that would run on linux I'd be over to ubuntu to fast it would make peoples heads spin. That they are still nitpicking an operating system that is what, 10 years old. Sorry for the vent but I'm busy enough with out their $#$#@ paranoia.

 

[TunaSoda]

I feel for ya, I'm looking to make the jump from XP pro/32 to Win7 64 soon, probably goint to be a nightmare :|

 

[bcmaxx]

Trying once again to get a laptop cleaned up, currently running avg. Its an older dell inspiron 1501. running avg and malware bytes, avg comes up with a message saying : the virus vault has reached maximum file count limit. moving objects to virus vault failed. do you really want to delete this object :
c:\windows\system32\winad.exe
souds important.
help :roll:

 

[bcmaxx]

we are going to try and backup pics, documents,etc, and do a wipe. Ant tips on doing this on a dell? we have to boot or dell boot cd's

 

[TA2Jeep]

That is way drastic for the situation at hand don't you think?

Nah - If a virus is that bad, you want to make sure you get it completely out of the registry and this is the way to get there..

I am starting to HATE microsoft, we have 40+ HP workstations, all running XP pro, all of a sudden I'm getting 'your version of xp did not pass microshit validation' WTF, they came from HP already installed, now I got to go screw with 10 or so that cropped up during the DHCP BS I'm dealing with now.
I'm supposed to get on the phone wasting my time so they can give me a new license number that I will then have to go thru and enter in every workstation.

Sounds like the symptoms of a virus that piggy backed in on a recent Adobe update. Remove Adobe from the system completely and you should then be able to use your original key - then get the latest Adobe from their webpage. This worked for me when I got hit with the same thing. I run a :skull1: version of Win7, so I was kind of freaked when I was getting the validation errors; especially because my machine just doesn't get viruses. I did the above and all is good..


Surprisingly, Microsoft Security Essentials does a damn good job ferreting the shit out. I'm even using it instead of Avast now..

 

[TA2Jeep]

do you really want to delete this object :
c:\windows\system32\winad.exe
souds important.

Yes. The key is c:\windows\system32\winAD.exe

It's adware get rid of that shit..

we are going to try and backup pics, documents,etc, and do a wipe. Ant tips on doing this on a dell? we have to boot or dell boot cd's

Not much in tips - make sure you're thorough and track down everything you want to backup and then just follow the prompts and read the directions to make sure you're clear on what the next keystroke is going to do..

 

[Sniggs]

Linux

 

[87manche]

Linux

truth.

To the OP, sounds rootkitted. AVG removed the files that become active in the filesystem, but can't remove the rootkit infection, That's above AVG's pay grade.

Try this:

www.surfright.nl

Download and run hitman pro
I've had good sucess with it un hosing a machine well enough to use traditional antivirus/malware programs to finish cleaning the machine. It must be connected to the internets for hitman to work.

I'll second the microsoft security essentials recommendation. It actually works pretty well.

 

[Mesh]

Dell Inspiron 1501 recovery CD instructions
http://support.dell.com/support/edocs/systems/ins1501/en/om_en/html/trouble.htm#wp1064231

 

[AIbandit]

I know this is a bit late but my lap top had the exact same symptoms. I've fixed pc's with similar issues before some I ended up having to reformat. I tried the usual programs malwarebites etc AVG didn't detect it but norton did norton couldn't cure it though. Surprisingly Norton Power Eraser ended up being the cure.

http://security.symantec.com/nbrt/npe.asp?lcid=1033

PS: my issue was a rootkit which are extra fun and dangerous.

 

[Gonepostal]

I work in a facility that has around 600 workstations. Our cure is usually to wipe the drive and reimage, but that is a bit drastic and we have the luxury of a system image.

This seems to be going around AGAIN I just had one of these nasty bugs try to nail me not more than an hour ago. My wife loaded one of these on my system last year. They seem to be designed to skip around most AV software so I always go to the Task Manager and end the process whenever anything out of the ordinary opens up. That said, if you have gotten what I think you have, the malware generally pops up looking like an antivirus message. When you click on the popup thinking its real, the malware runs and dumps into your system attaching to your OS, and also embeds itself in the registry. You will have to remove it from both areas to get rid of the popups and other crap this wonderful little chunk of chit creates.

If you can determine anything about the malware name, you might get some removal information by doing a search on Google. I’ve had limited success doing this, and that is what worked for me last time. If you get lucky you might find a site that will have pretty concise instructions. Beyond that everyone here has had some great suggestions.

If you need more information about the drivers and hardware in your system you can go to the support section on the DELL site and enter the service tag information found on a little white tag on you system. If you have to wipe the system, you will need to go here and burn a CD for your NIC drivers. After reloading your OS load the NIC drivers then go back to the site and load the remaining drivers. If you need your OS license it can also be found on a Windows sticker on your system.

 

[87manche]

most of these are built on the tdss/alureon rootkit. It roots the IDE device drivers in Windows and hides sectors and alters the MBR. Once you know what you're looking for you can kill it rather easily.

If hitman didn't work for the OP he can try the TDSSKiller utility from Kaspersky.

 

[xjtrailrider]

I have a new Dell, Win7 64bit. I'm running Kaspersky and it works great, its always catching stuff. My wife runs AVG and it does okay, still lets one get by sometimes.