I run Windows 2000 Professional, and the other day, my roommate was harmlessly searching for game cheats on the internet through Google when he came across a site that matched his entry perfectly, so naturally he thought "Oh yeah! This is it!" and he clicked on it.
He said that it brought him to a website with a media player in it, and it kept wanting him to download an ActiveX control to play the movie. He denied every pop-up that came across, and finally got fed up with it all and closed the window. Suddenly, pop-up after pop-up came up of porn (which got my attention, because he was searching for game cheats after all).
Once I got home from work, I checked out the problem by going to the website (because he wasn't all too clear in explaining what was wrong...he thought that it downloaded porn onto my computer). Well, it was actually me that caused the spyware and such to infiltrate my computer, because I actually opened up the ActiveX control download, knowing that it wasn't being downloaded from the official site! (*sigh*) Don't know why, but I did it...
So, pop-ups flooded with porn, my background image was changed to neon blue with a yellow window in the middle saying "Spyware is detected on your computer. Run an antivirus or antispyware program to clean it immediately", and after 5 seconds of idle mouse movement, cockroaches would appear from the sides of the screen and "eat away" my desktop as the screen saver.
I panicked and shut off my internet connection once I saw the flashing of command prompt screens (thus frying my wireless USB adapter, I think). I shut off the computer and rebooted into safe mode. I manually took out the files "ctfmona.exe", "ctfmonb.bmp", and "blackster.scr" along with any other registry files that the .exe created.
However, whenever I boot up in normal mode, under ANY created account, I soon lose access to control panel, registry files, my C:\ drive, my display panel, and my task manager. And during all of this, my clock changes itself to military time, in the format of "hh:mm: VIRUS ALERT!" while pop-ups of Windows Security Alert and Spyware Alert continue to appear on my screen.
I've been trying to manually take out this virus due to my outdated antivirus software and my lack of internet connection to download anything from home (I'm typing this from work right now). I know that the virus is still in my computer somewhere because of the obvious clock and system properties settings, and because of Windows Security pop-ups (when Windows Security and System Restore wasn't even invented until Windows XP!) So if anyone can make it through this novel of a post to help me, it would be greatly appreciated. I have a Hijack This log file made, but I won't post it here, so if you can help, I'll move this to the appropriate forum.
Thank you for your time!
Edited by rigel, 29 May 2008 - 02:42 PM.
Mod edit - Moved to a more appropriate forum.