Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Your computer is infected!" message popup with big red "X"


  • Please log in to reply
12 replies to this topic

#1 The Black Plague

The Black Plague

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 18 November 2008 - 01:12 PM

I'll get right to the point concerning my computer. I'm running Windows XP Home Edition, and I was browsing the web using Internet Explorer Monday night at 11 PM. I am an avid fan of the tv series on Fox called "24", so I was searching online to watch some of last season's episodes. Places like Hulu only had the first five episodes, so I was navigating around to find the rest of the episodes in that season (I know, dumb idea). I went to one website, (sorry I don't remember the name of it), and found that it had links to other places which I had no interest in following. I exited out of that browser page, and then my computer continued to exit out of iTunes, AIM, and another browser page I had open from Fox's website. I didn't know what was going on, and as my computer was closing out of the programs, I tried reopening AIM, to no avail. An error popped up saying that my computer was shutting down, and the program could not be opened. My computer shut down and rebooted itself. Upon reaching my desktop again, a popup in the bottom right corner came up and said the following:


Your computer is infected!
Windows has detected spyware infection.

It is recomended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you.

Click here to protect your computer from spyware!


That was the entire message in the popup. And yes, in the popup, "recomended" and "pervent" were spelled incorrectly. It is not my typo. The popup had a large red 'X" at the bottom of my screen, and I did not click it. Also, a screen popped up that said "ViewMgr" is not responding and asked whether I wanted to Debug it or not. I did not click anything on the ViewMgr popup, and I did not try much. A friend of mine had the very same message pop up about "Your computer is infected!" and he told me to try Bleeping Computers. I tried to access your website from my infected computer, but for some reason, it said that "Internet Explorer could not display this webpage". However, I still had access to Google.com and Yahoo.com. My wireless connection even said that my signal strength was excellent. I tried installing Norton Internet Security, but for some reason, the installation process continued without end. This morning, before going to school, I attempted to shut down my computer, but my computer would not do anything. I even tried an illegal shutdown by pressing and holding the button on my computer. That did not work either! Finally, I was left with no choice but to turn off my power strip in which my computer is plugged into. I have not tried any steps to eradicate the virus because I am afraid to do something wrong. I am not the most tech savvy person, however my dad is a computer programmer and is relatively good with computers. I am typing these posts from an uninfected computer. Hopefully my infected computer will allow me to access Bleeping Computers, however, I was not able to last night. I would really appreciate any help that can be given to me. If I do not have enough information concerning my computer or the virus' symptoms, please let me know. All I want to do is fix my computer and go back to the way things were before I was dumb enough to look for a TV episode of "24". I am a teenage student in high school and I just want my own computer back! Please respond as soon as possible! Thank you in advance.

BC AdBot (Login to Remove)

 


#2 bama_fan

bama_fan

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama.RollTide
  • Local time:08:52 AM

Posted 18 November 2008 - 02:10 PM

try this.....http://www.malwarebytes.org/

one of the best spyware utilities i have found.....it has successfully cleaned a dozen or so pc's for me....

Edited by bama_fan, 18 November 2008 - 02:12 PM.

Posted Image

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:52 AM

Posted 18 November 2008 - 04:17 PM

Moving to Am I Infected
Good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 The Black Plague

The Black Plague
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 19 November 2008 - 10:38 AM

Thank you so much for the weblink!!! I downloaded the program onto a CD-R and attempted to run it from my computer. Only problem was, it wouldn't run. I tried Googling the problem, and I found on Google that changing the name of the downloaded program will result in the program being able to be run. I let it scan my computer for 3+ hours and it found 21 infected files. After talking to some of my friends, they told me that there still might be remnants of the virus on my computer. Does this anti-malware download also remove adware and everything else, or does it only remove the malware on my computer? Will I need to download fixes for the remaining infections that might be floating around on my computer?

I can't tell you enough how thankful I am that it worked!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:52 AM

Posted 19 November 2008 - 11:01 AM

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another.

Please post the results of your MBAM scan for review.

To retrieve the MBAM scan log information, launch MBAB.
Click the Logs Tab at the top.
mbam-log-2008-10-12(13-35-16).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 rockas

rockas

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 23 November 2008 - 09:09 PM

Thank you so much for the weblink!!! I downloaded the program onto a CD-R and attempted to run it from my computer. Only problem was, it wouldn't run. I tried Googling the problem, and I found on Google that changing the name of the downloaded program will result in the program being able to be run.



I'm having similar problems with the 'your computer is infected' pop up. i first used adaware when i noticed slowness online and got the pop up alert. thought that fixed it but the alert kept coming back and i noticed the incorrect spelling of pervent and decided to do a search on this. then i found this website (THANK GOD AND ALL OF U) . I still probably wouldnt realize anything was wrong until i got here. anyway i been trying to sort this out for hours now

I downloaded the program mbam, renamed it in the process of downloading and loaded onto my laptop (problem comp).... it installed but wont run....... i tried renaming the program file it would download to when prompted during the install but no luck

also some sites like malwarebytes or even bleepingcomputer wont load.


PLEASE HELP

#7 rockas

rockas

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 23 November 2008 - 09:14 PM

BTW I unistalled and reinstalled mbam a few time already because it wouldn't run ... my last attempt was to use command 'prompt' ( mbam.exe /fullscan) in the run option.



much thanks!

Edited by rockas, 23 November 2008 - 09:16 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:52 AM

Posted 24 November 2008 - 08:33 AM

Hello rockas

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 rockas

rockas

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 24 November 2008 - 09:06 AM

hey quietman, sorry bout that, after reading a bit more i realized i should have started my own topic

#10 The Black Plague

The Black Plague
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 24 November 2008 - 10:50 AM

Ok, so I have been running countless scans on my computer, mostly Antimalwarebytes' scan, but also some Norton scans. Norton no longer picks up any infected files, but Antimalwarebytes continues to locate the same three trojans (Trojan.Downloader). Two of them apparently have infected my registry. The third trojan is unknown to me. I have tried Googling the problem because after safely removing the three trojans, they return only hours later for my next scan. I ran into someone's suggestion to check my Task Manager and locate svchost.exe and lsass.exe. Apparently this virus can disguise itself in my registry as svchost.exe and lsass.exe. I know that both (healthy) processes are extremely important to the operation of my computer, however, any infected processes are really screwing me up. I have six svchost.exe processes (which can be normal) but, oddly enough, I have two svchost.exe\SYSTEM processes. One of them is approximately 30,000k and the other is about 4,000k. Deleting the wrong svchost.exe can be tragic for my computer, but I am really unsure how to remove these trojans and KEEP them off my computer. I am extremely fed up with finding them returning for every scan that I run...If you need any logistics concerning the trojans or Task Manager, please let me know. Thanks in advance.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:52 AM

Posted 24 November 2008 - 11:13 AM

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is a hidden piece of malware which has not been detected that protects files (which have been detected) and registry keys so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a RIST/HijackThis log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running Random's System Information Tool (RSIT) which will create a hijackthis log as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 The Black Plague

The Black Plague
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 24 November 2008 - 11:56 AM

I have considered reinstalling my operating system and then just reinstalling all the programs that I want to keep. I know that could be time consuming, but it should completely rid my computer of whatever is still around, shouldn't it? However, in terms of time and energy, I feel that reinstalling my operating system and my programs won't be worth everything that I will have to go through. Would it be better to keep trying ways to rid my computer of it, or should i just reinstall my operating system?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:52 AM

Posted 24 November 2008 - 12:02 PM

Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

"When should I re-format? How should I reinstall?"
"Help: I Got Hacked. Now What Do I Do?"
"Where to draw the line? When to recommend a format and reinstall?"

Posting a log in the HJT forum may take some extra time but at least you would know exactly what you are dealing with and then go from there. But again, that's a decision only you can make.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users