Help - Search - Members - Calendar
Full Version: Computer Is Horribly Infected
BleepingComputer.com > Security > Am I infected? What do I do?
   
Soriku Enix
May 29 2008, 02:34 PM
Hello. I'm posting in this forum because I was wondering if anyone has gone through the same things that I am currently.

I run Windows 2000 Professional, and the other day, my roommate was harmlessly searching for game cheats on the internet through Google when he came across a site that matched his entry perfectly, so naturally he thought "Oh yeah! This is it!" and he clicked on it.

He said that it brought him to a website with a media player in it, and it kept wanting him to download an ActiveX control to play the movie. He denied every pop-up that came across, and finally got fed up with it all and closed the window. Suddenly, pop-up after pop-up came up of porn (which got my attention, because he was searching for game cheats after all).

Once I got home from work, I checked out the problem by going to the website (because he wasn't all too clear in explaining what was wrong...he thought that it downloaded porn onto my computer). Well, it was actually me that caused the spyware and such to infiltrate my computer, because I actually opened up the ActiveX control download, knowing that it wasn't being downloaded from the official site! (*sigh*) Don't know why, but I did it...

So, pop-ups flooded with porn, my background image was changed to neon blue with a yellow window in the middle saying "Spyware is detected on your computer. Run an antivirus or antispyware program to clean it immediately", and after 5 seconds of idle mouse movement, cockroaches would appear from the sides of the screen and "eat away" my desktop as the screen saver.

I panicked and shut off my internet connection once I saw the flashing of command prompt screens (thus frying my wireless USB adapter, I think). I shut off the computer and rebooted into safe mode. I manually took out the files "ctfmona.exe", "ctfmonb.bmp", and "blackster.scr" along with any other registry files that the .exe created.

However, whenever I boot up in normal mode, under ANY created account, I soon lose access to control panel, registry files, my C:\ drive, my display panel, and my task manager. And during all of this, my clock changes itself to military time, in the format of "hh:mm: VIRUS ALERT!" while pop-ups of Windows Security Alert and Spyware Alert continue to appear on my screen.

I've been trying to manually take out this virus due to my outdated antivirus software and my lack of internet connection to download anything from home (I'm typing this from work right now). I know that the virus is still in my computer somewhere because of the obvious clock and system properties settings, and because of Windows Security pop-ups (when Windows Security and System Restore wasn't even invented until Windows XP!) So if anyone can make it through this novel of a post to help me, it would be greatly appreciated. I have a Hijack This log file made, but I won't post it here, so if you can help, I'll move this to the appropriate forum.

Thank you for your time!
boopme
May 30 2008, 01:05 PM
Hello and welcome. Is this an XP machine?
Lets try to get this onto the PC via CD or USB and return a scan log.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.