Posted 09 January 2010 - 10:17 AM
First off, I am new here and found this site while searching for info about the virus I am dealing with. As I am sure you will be able to tell, I am a relative noob, and don't know much about this kind of thing. In the past, I have "plugged nd chugged" my way through these kinds of issues until I found a fix, but this one is making me crazy. Thank you in advance for taking a loook at this, and I appreciate any help you might be able to offer.
I have two computers, my personal laptop and my business laptop. This is dealing with the problem on the business laptop.
A box appears before desktop fully loads:
“Security Warning! Worm32.NetSky detected on your machine. This virus is distributed via the Internet through e-mail and Active-x objects. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attachers to access your computer, stealing passwords and personal data. Viruses and can damage your confidential data and work on your computer. Continue working in unprotected mode is very dangerous.
System Affected: Windows 200, NT, ME, XP, Vista, 7
Security Risk (0-5): 5
Recommendations: It is necessary to perform a full system scan.”
Once the desktop finishes loading, the desktop image is a green background, black box containing the follwing text: “Your system is infected (red text)! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use this computer before all spyware removed (white text).”
In the System tray in the bottom right corner, there is a red icon with a white x, displaying the following in a dialog window: “Click here to protect your computer from spyware! Your computer is infected! Windows has detected an infection of spyware! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.”
For the most part, I cannot access Internet Explorer. I can access control panel—though, at times, have not been able to do so. As soon as I realized I couldn't get online, I went to check the status of my networking card.
When I log into Safe Mode as Administrator, I get the same “Spyware Alert! Security Warning” box that I mentioned previously.
After having read your instructions to another poster encountering a very similar issue (“Don’t know the name of the virus”), I downloaded the following using links on BleepingComputer:
Dr. Web CureIt
Using my personal laptop, I downloaded the 4 programs, saved them to a thumb drive, and moved them to my business laptop. When using these programs, I encountered the following results:
Malwarebytes: Could not run the program—dialog box appears, saying “Missing Shortcut—Windows is searching for mbam.exe. To locate the file yourself, click Browse.” When I do so, the file is not present in the folder containing the program. It then offers to point to a similar file, “mbamservice.” Needless to say, I haven’t been able to run a scan with it yet.
Dr. Web CureIt: I select the Scan option as instructed, selecting it instead of the Update option, and a window pops up containing a second Dr. Web logo. My laptop then shuts down and reboots. This happens every time I try to run CureIt.
ATF Cleaner: Seemed to run fine. I used the “Select All” option and deleted everything listed under “Select Files To Delete.”
SUPERAntiSpyware: A dialog box appears when I try to install and run the program, saying “Windows Installer—The system administrator has set policies to prevent this installation.” I attempted renaming the file with random letters and numbers, but received the same message.
After finding the DDS utility in another thread, I connected to the Internet and downloaded it to the desktop of my business laptop so that I could produce the log files that I hope will help to get it operational again.
While visiting BleepingComputer to get DDS, I received the following dialog box: “Message from Webpage—Warning!!! Your personal computer needs to install antivirus software! Personal Secuity can perform fast and free scan of your computer.” Then, on top of that one, I also got this: “Warning—Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need update your current security software. Click OK to download official intrusion detection system (IDS software)” When I clicked the X in the corner of the dialog boxes, a “scan” of some sort began. Another box appeared, saying “Message from webpage—Harmful spyware or adware software. Such vulnerabilities can destroy or steal your private info and mail. On-lines scan should install Personal Security utilities to fix your pc. Please click OK to download and install Personal Security tool.” I quickly disconnected from the net at this point.
My initial response was to download DDS on my personal laptop and save it to a thumb drive to move to my business laptop, but I am afraid of contaminating them both--though I am guessing this has likely already happened. What should I do?
Again, thanks for reading--I appreciate any advice anyone might be able to offer!
Edit: Moved topic from XP to the more appropriate forum. ~ Animal