2nd Computer is infected!

While i am still dealing with the remaining issue of how to get my laptop back online (patiently awaiting a response on Bleeping) my desktop is now infected too. my laptop had psecurity virus. I'm not sure if my desktop has the same because it seems smarter and more agressive. It disabled my antivirus, posed as my antivirus to get me to click on it, and kept on putting up warnings and a "windows help" page that describes "Safe Mode". When I shut that box I think it activated another malware operation. It also removed my Carbonite program, and wouldn't let me change computer settings... I was completely stuck until I used msconfig to change start up to only run a few programs. I then reinstalled Carbonite and put it in "recovery" mode. I have not used the restore function, because I am afraid I have malware or viruses or whatever in something that I will reinstall. I'm afraid to do anything til I talk to you. I have done the following to no avail:
I used rkill and malware bytes and ATF cleaner.exe . I think they might now be corrupted or deleted and replaced with a malevolent twin! Should I download again? Is the issue my usb -- like sharing a tissue with a sick friend???!
Another thing is that my computer seems to have a lot of new files on my desktop and probably in a lot of other places that begin<-$> . They are all names of files that I have, only the name has been changed so that the first few letters are changed to -$. The hyphen before the dollar sign is actually a key I don't seem to have, it's more like a curvy hyphen. Anyhow. Probably too much info. Please tell me, what's my first step!

Get (and use) the following free programs:
(Make sure you get the latest updates for each program before you scan.)

(DO be sure to scan your USB jump drive for infections).

SUPERAntiSpyware:
http://www.superantispyware.com

What makes you think your MBAm is corrupted ?
You can uninstall your present MBAm and then download it again.
Malwarebytes` Anti-Malware:
http://www.malwarebytes.org/mbam.php
(Other posts on this site recommend renaming the file to zztoy.exe before saving it to your desktop)

a-squared Free 4.5:
http://www.emsisoft.com/en/software/free/

If SUPERAnti-Spyware, Malwarebtes' Antimalware, a-squared Free find/fix infections, you may want to delete your restore points (to ensure there are no infected restore points). To delete all restore points, go to Control Panel, System, System Restore tab, put a checkmark in "Turn Off System Restore" and hit Apply.

(After you get all of this fixed, you will probably want to turn System Restore back on. To turn System Restore back on, go to Control Panel, System, System Restore tab, click to take the checkmark out of "Turn Off System Restore" and hit Apply. Then hit OK to close. )

If you don't already have/use CCleaner, it is a good program, and it's free. Take the tour, see what the program does, look at the screen shots. It not only cleans your computer, it also has a Registry tool that will check for/fix registry errors, and it also has an "uninstall programs" tool and a "startup" tool.
The website for CCleaner is: http://www.ccleaner.com/

Continue to check Startup tab in msconfig, make sure the items you "unchecked" are still "unchecked".

Run an online scan with Kapersky:
http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

You did not specify which antivirus program you are using.
AVG Anti-Virus Free Edition
http://download.cnet.com/AVG-Anti-Virus-Fr...4-10320142.html
http://free.avg.com/us-en/homepage

Please report back with the results of the scans and whether you are still experiencing symptoms of infection.
Good luck

Edited by Sashacat, 10 February 2010 - 11:11 AM.

I'm also a fan of Flash_disenfector

made by the same group as malewarebytes

Sashacat
It has taken most of the day but what else is a blizzard/school closed day for? Anyway I thank you very much. I wish I could go have fun now, but I have to get back to my other infected computer, my laptop.
Thank you very much. I only have one more issue:
I couldn't get Kapersky to run because of AVG. I can't figure out how to temporarily turn it off. I'm sure it is something simple! Please let me know. Thanks.

I only have one more issue:
I couldn't get Kapersky to run because of AVG. I can't figure out how to temporarily turn it off. I'm sure it is something simple! Please let me know. Thanks.

Hello and you are most welcome. It is my pleasure to help.

AVG Free Antivirus is a big pain in my hind end for this very reason.
Before making any changes, make notes, so that you can undo them later, when you are done.
What you are going to have to do (only way I've found to do it....) is to tell AVG NOT TO RUN on the next boot, and
then reboot the computer.

If you have CCleaner, look on the left side, hit Tools. There is a Startup tool. You can uncheck items here, to disable them on Startup.
(Even if you DO have CCleaner, you'll still need to do the "services.msc" thingy below)

Another way to do it is the System Configuration Utility that comes with Windows.
Start Button, Run, type in msconfig
and then hit Enter.
Click the Startup tab. Uncheck AVG and hit Apply, then close that screen.
You will get a message that changes will take effect on next restart, and it will give you the option to restart the computer right then, or later.
(DON'T restart just yet).

Then, you will need to stop any AVG "services" from running on boot.
Start Button, Run, type in services.msc
and hit Enter.
Enlarge the screen.
There should be at least TWO entries for AVG.
Click the first AVG entry. It will go highlighted when you click on it.
In the column that shows "Automatic" (means it will "automatically" run on boot), RIGHT CLICK on Automatic, hit Properties.
A dialog box comes up. Hit the drop down arrow for Automatic, and change it to "Manual" or "Disabled".
Hit OK.
Do this for all AVG entries.

Then restart your computer. Upon reboot, you will see the message, You have used System Configuration Utility.......put a checkmark to tell it don't tell you that anymore, and ignore it.

(Remember, make notes, so you can go add AVG back to Startup later on, and turn the AVG "services" back on when you're finished.)

Hi Sashacat
Wanted to get back again and tell you that everything is running fine on both computers. I just wanted to go over which of the programs do you think I should use on a regular basis, and how often. I have now AVG, Asquared, Malware Bytes a-v, Superantispyware, Eusing registry cleaner and ATF cleaner. Seems like a lot -- can you please tell me what is overkill here? Several of the free programs won't run scans on their own -- guess that's how they get you to buy the pay version. I never did the Kapersky after all; please tell me if it's on your list or not. Happy Valentine's Day, I'm sending hearts your way for sure!

I'm happy for you, and thank you for your kind comments

There are MANY dangers nowadays to your computer, and not just on the internet.
Infections can also enter your computer through infected USB jump drives, cd's/dvd's etc.

This site has many posts from users experiencing HORRENDOUS problems.
We can not afford to be lax in taking precautions against "bad things".

To begin to answer your question on what is NECESSARY to run, you need a firewall running at all times.
Please see item #5 in this topic regarding use of a firewall:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
ZoneAlarm offers a free firewall, and there's a link to it here:
Freeware Replacements For Common Commercial Apps
http://www.bleepingcomputer.com/forums/topic3616.html
I have used ZoneAlarm and like it.

You need to have an antivirus program running at all times.
You now have AVG. Make sure it is updated daily, scans daily, and DO check the scan results daily.

For me, personally, I run CCleaner DAILY (when I am done using the internet) because trash/junk accumulates, and makes my computer run slower, and that makes me CRAZY.
With regular use of CCleaner, you will see that AVG accumulates approx 50mb ea day that CCleaner will delete.
I used to use ATF Cleaner, and liked it. Then I found CCleaner, and liked that better. (Just a matter of personal preference. There wasn't anything wrong with ATF Cleaner.)

I am not familiar with Eusing registry cleaner, so I am not able to comment (intelligently) on that.

A good alternative (if you are interested) to AVG Free is Avast.
You can find a link to Avast here:
Freeware Replacements For Common Commercial Apps
http://www.bleepingcomputer.com/forums/topic3616.html
(I saw a comment from a Moderator on this site, that said they use Avast, so that means it is reputable.)

I have a-squared, but do not use it on a daily basis. Am keeping it for "just in case".
Kapersky Online Scanner isn't something I do daily, or even weekly. It's just one of those things I keep a link to,
for "just in case". If I'm not having issues, or am not suspicious, I don't bother with it.

I have Malwarebytes' and SUPERAntiSpyware, and have been keeping them updated, and scanning with both every 2 to 3 days, because I recently had an infection.
Go with the theory "better safe than sorry", because you can always scan with one or the other and then go to bed and leave it running, and let it scan during the night.
It takes LESS time to do this, than it does to fix infections.


One of the most important tools of Prevention is KNOWLEDGE.
PLEASE take the time to read (and read again):
How Malware Spreads - How did I get infected
http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/

How Did I Get Infected?, With steps so it does not happen again!
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/



Freeware Replacements For Common Commercial Apps
http://www.bleepingcomputer.com/forums/topic3616.html

Anytime I have an infection, I scan, scan, scan, and then scan again.
I KEEP scanning until ALL scans come up "clean" (zero infections).
Also, anytime I have an infection, I turn off System Restore to delete all restore points.
After I am confident that the infections are fixed, I turn System Restore back on.

I keep an eye on how many/what processes show as running in Task Mngr (Processes tab). Many times, this is my first clue there is a problem, just noticing that something extra is running. While it isn't a foolproof method, it has helped me in the past. It is not necessary to memorize it verbatim, but the more familiar you are with the normal processes, it will enable you to recognize something that is suspicious, and might need further looking into (such as using Process Explorer to view a command line for a rundll32.exe that suddenly starts running in Task Mngr).
I also check msconfig Startup tab fairly regular, just to make sure that there are no new entries.

Warm Regards ,
Lisa