Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help - Damage Done; Heur.invader? Others?

  • Please log in to reply
No replies to this topic

#1 Lucky131


  • Members
  • 1 posts
  • Local time:04:16 AM

Posted 16 April 2008 - 03:54 PM

Hello and thanks for the help...OK. I'm embarrased to say I think I completely blew it. Here's the story. I would appreciate any help I can get. My mom's PC (running Windows 2000 Pro) appeared to be infected. She is a frequent user of MSN for chatting, etc. as well as opens a lot of attachments from friends around the world. To top it off, she's 67 and not computer savvy in the least. PS- I'm relatively conversant, but no pro myself. All in all, a recipe for this kind of thing to happen. So.... I read a bunch of postings and it appeared, based on the common issues, that running a ComboFix would be a good place to start. Well...it appears in doing so, things went poorly. The application froze up (I left it alone for hours on end). So I uninstalled it and then purchased Kaspersky Anti-Virus for all of our home PCs and it cleaned quite a few viruses in the process. But apparently damage was done. I was suspicious that the ComboFix was infected based on what had hapenned to my mom's PC as well as based on some blogs I read that mentioned warnings, so I re downloaded it from this site just about 1 hour ago and Kaspersky blocked it saying it found Heur.Invader. Therefore I aborted the download. Here are the problems I have noticed:

1. Random closing of all applications; most noticeably the desktop just dissapears/goes to blue
2. I noticed there is a new Administrator file that is renamed Administrator. followed by a series of letters/numbers. The old Administrator remains with her files within it.
3. Numlock key activated at each reboot
4. Funny thing...her my.yahoo.com site has an all new "sports" theme. My mom would have no idea how to even change the look of her My Yahoo page
5. When the PC was rebooted, her desktop image was gone and there were two applications on the desktop I had not seen before. One was a Repair System Registry short cut, and another was a registration wizard shortcut. Also, she told me that screens would pop up to request registration. I believe my mom responded to some of these pop-ups before she asked me for help...not sure what she did however.
6. She mentioned that she had excessive ads popping up recently.

One thing to note about this laptop - we don't have a back-up CD or any CDs. It is legal/registered software, but from a ways back and the laptop is a hand me down to my mom. There is no data on here that needs to be saved really.

Any help is sincerely appreciated. :thumbsup:

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users