Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? Antivirus, malwarebytes, spycatcher, system restore not working... please help


  • Please log in to reply
18 replies to this topic

#1 girl15

girl15

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 15 March 2009 - 08:59 PM

I have a BAD virus!!

I am not the best with computers, but i have fixed problems before using forums, but this one has got me good.

First the updates for McAfee couldn't be downloaded and because of that i couldn't scan the computer for viruses... I have windows XP and the start menu and other windows are now somehow in classic view so i am positive it is a virus. I downloaded AVG to try to run a scan and again it wouldn't allow me to run it without updates. CCleaner worked. I tried to run Malwarebytes Anti-Malware software and i'll get an arrow with an hour glass, but then just an arrow and it won't open. This weekend it escalated to where i no longer have an icon for internet connection and when i click internet explorer the page cannot load and it's just a blank screen. I tried to re-download Malwarebytes Anti-Malware, but now i cannot open a webpage. Spycatcher will open, but the scan button won't work either. I tried to run a system restore. Sometimes i get an error message saying that system restore cannot be used on this computer an to restart or something of that nature and other times i get all the way to picking a date, but clicking next does not work. I even tried starting the computer in safe mode and trying to do a system restore, but the same thing occurred. As of right now i cannot open an program without it being "not responding" so I am TOTALLY stuck. I'm going to run another registry cleaner and try another virus scan and system restore before bed, but any replies would be appreciated!!!

I'm pretty much on my last thread, i have no idea what to do. PLEASE HELP!!! Keep in mind I am not the best with computers so I'm no so computer talk savvy :thumbsup:

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 AM

Posted 15 March 2009 - 10:06 PM

Please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".
-- Post the log in your next reply.

Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.
Print out and follow these Instructions for scanning with Malwarebytes Anti-Malware and perform a Quick Scan in normal mode.
  • Check all items found for removal.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with disinfection. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Temporarily disable such programs or permit them to allow the changes. Click this link to see a list of programs that should be disabled.

Since you cannot use the Internet or download any programs to the infected machine, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Save Dr.Web CureIt (launch.exe) and mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

You will also need to manually download the latest definition database from another computer, save and transfer them to the infected machine. After installing MBAM, just double-click on mbam-rules.exe to apply the update.Mbam-rules.exe is not updated daily. Another way to get the most current definitions is to update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 girl15

girl15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 16 March 2009 - 07:35 AM

As of last night I was unable to get on the internet what-so-ever to even download anything. I can try it tonight, but I don't think the web page viewing situation has changed. Anything else? I do have a flash drive, should I run it from the flash drive?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 AM

Posted 16 March 2009 - 08:30 AM

I provided instructions in my previous post for what to do when not able to use the Internet.

Since you cannot use the Internet or download any programs to the infected machine, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Save Dr.Web CureIt (launch.exe) and mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

You will also need to manually download the latest definition database from another computer, save and transfer them to the infected machine. After installing MBAM, just double-click on mbam-rules.exe to apply the update.

* alternate rules.ref download link 1
* alternate rules.ref download link 2

Mbam-rules.exe is not updated daily. Another way to get the most current definitions is to update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 girl15

girl15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 16 March 2009 - 09:08 AM

Oh I am sorry I must have overlooked that or thought it was associated with another post, I'm sorry. I will try to follow the instructions after work today. Thank you!!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 AM

Posted 16 March 2009 - 09:13 AM

Not a problem
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 girl15

girl15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 16 March 2009 - 05:32 PM

Alright I tried to run the Dr.Web Cure It but it only got halfway into the preparing to scan part before it locked up and couldn't be completed. Then I tried to just got ahead and use Malwarebyes, but again I clicked it and installed it and everything, but it wouldn't actually let me get to the scan at all. And then I logged off to try the whole process in safe mode and now I cannot even log on, both the keyboard and the mouse are locked. I'm pretty stuck.

#8 girl15

girl15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 16 March 2009 - 05:47 PM

It did allow me to restart the computer in "Normal" mode, but I couldn't run it in safe mode.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 AM

Posted 17 March 2009 - 07:17 AM

Then perform the scan in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 girl15

girl15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 17 March 2009 - 08:04 AM

I eventually tried that with no luck either. It starts to launch the Dr WebCureIt, but it gets halfway through the "preparing for scan" phase and it freezes. Also, the Malwarebytes could be installed but not run. The program won't start when I double click it from the desktop. Is there a way to go to RUN and go in that way. I also cannot access the C:\ drive unless I go into it from the RUN menu. I was able to run an AVG scan without the latest updates I am assuming, but it didn't find anything. Everytime I try to start the computer in safe mode it locks me out and I cannot use the keyboard or the mouse, but I can run in normal mode.

I think those are all the latest updates.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 AM

Posted 17 March 2009 - 08:28 AM

Malwarebytes could be installed but not run. The program won't start when I double click it from the desktop.

What specifically is happening? Any error messages? Opens and closes?

I also cannot access the C:\ drive.

The inability to open drives and partitions is a common sign of a USB flash drive infection.

Please download Flash_Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run the tool and follow any prompts that may appear.
  • If asked to insert your USB flash drive and other removable drives, please do so and allow the utility to clean up them as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 girl15

girl15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 17 March 2009 - 12:52 PM

Malwarebytes could be installed but not run. The program won't start when I double click it from the desktop.

What specifically is happening? Any error messages? Opens and closes?


When I double click it nothing happens. The arrow will turn into an arrow with an hour glass, but then right back to an arrow and never get into the wizard for running the program; it doesn't open at all. No error messages either.

I will run the flash drive scanner after work. I don't have enough privileges to run it at work.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 AM

Posted 17 March 2009 - 02:09 PM

If you cannot use or complete a scan in normal mode, then try performing a Quick Scan in "Safe Mode".

Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. However if you cannot complete a scan in normal mode, then give safe mode a try. After reboot, click the Logs tab and copy/paste the contents of the new report in your next reply.

Edited by quietman7, 17 March 2009 - 02:10 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 girl15

girl15
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 17 March 2009 - 05:39 PM

When I tried to download the flash disinfector McAfee popped up:

"McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: Generic.dx (Trojan), Generic.dx (Trojan)
Location: C:\Documents and Settings\Ash\Local Settings\Temporary Internet Files\Content.IE5\LV0C15J6\Flash_Disinfector[1].exe

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer."


So is it actually a safe program or is it actually a virus??

And again, I cannot restart my computer in safe mode. I cannot logon -> the mouse and keyboard freeze so I cannot run Malwarebytes in safe mode.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:53 AM

Posted 17 March 2009 - 06:24 PM

FlashDisinfector is not malware. However, certain embedded files that are part of legitimate programs or specialized fix tools such as FlashDisinfector may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes some features or additional files that can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive". Either have your anti-virus ignore this threat alert or temporarily disable it until you run the tool.

Then download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users