Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Work Computer Infected


  • Please log in to reply
4 replies to this topic

#1 Amartin56

Amartin56

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 26 August 2010 - 05:00 PM

My work computer stopped working properly out of the blue today. It is one year old Dell running XP.

Every time I go to open a program a screen pops up saying that the application can not be executed. __(program name) is infected. Run antivirus program. Yes or No.

Click no and then it closes and nothing happens. Click yes a web browser opens for www.antivirul for you to download their program.

I can't even open up task manager to see what is running or add or remove programs to remove animalware.

The whole time this is happening 2 additional pops are happening on the bottom of the screen saying my computer is being infiltrated.

This has happened before on my personal computer, though with different pop ups. I was able to restore the system to a previous time and put a good spyware program on it to fix, but the work computer has no previous restore programs since this problem happened. (Which I find really odd).

My biggest concern is we work off 3 servers with multiple users logged in, if I reconnect my computer to the network to get internet I worry about server files and other users being infected.

I really don't want to wipe the computer because the computer runs a lot of unique programs with different serial numbers that are specific to the computer. Any suggestions would be appreciated, thank you.

Amy

BC AdBot (Login to Remove)

 


#2 Jayson201

Jayson201

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 26 August 2010 - 05:53 PM

If you can get it running in Safe Mode with networking, we can go from there.

How to get into safe mode?
Right after you turn the computer on, BEFORE Windows starts, Press F8.
Then using the directional keys, move down (or up) to Safe Mode with networking.
Once it is fully started up and logged in, Open up Internet Explorer, or firefox.
The browser was most likely hijacked with a proxy put under the settings, so to remedy that.

Internet Explorer:
Tools>Internet Options
Then click the "connections" tab, and then the "LAN" settings button. If anything is checked in the LAN Settings window, uncheck everything.

For Firefox ( I usually forget this method. I have had your problem before, I dont remember Firefox or Chrome being hijacked. )
Tools>Options...
Click Advanced, Then on Settings. Then Check "No Proxy".

Now that your browsers are proxy free, and will no longer redirect.

Malwarebytes.com

Download that, install it, update it, and do a quick scan.
All of this can be done in Safe Mode (With networking)
I usually do it that way. Its just simpler for me.

It is said that Malwarebytes isnt as effective in safe mode as it is in normal mode...Do the quick scan in safe mode anyway. (In most cases, quick scans are sufficient)

Then when Malwarebytes is finished scanning, Have it remove the malicious software it has found, and restart the computer as it tells you. If it doesnt tell you to restart the computer, thats alright, You can just restart yourself....

You can let your computer boot up normally. The virus should be gone, and once it is fully started up, Do another quick scan with Malwarebytes, to be sure...

If my method does not work for you. There are articles here that should be able to help you, I'll give you a link.


http://www.bleepingcomputer.com/virus-remo...-security-suite
(Theoretically, that guide should work for most of the fake anti virus programs, as I have used the instructions on that guide for more than just the Rogue that is mentioned in that guide.)

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 PM

Posted 26 August 2010 - 05:56 PM

Since you say this a work computer, have you contacted and advised your IT Department? In most work environments, the IT staff implement specific policies and procedures for the use of computer equipment and related resources. In fact, many companies will require you to read those policies and sign a statement of understanding. These official procedures are designed and implemented to provide security and certain restrictions to protect the network. This allows all users to safely use business resources with minimum risk of malware infection, illegal software, and exposure to inappropriate Internet sites or other prohibited activity. We will not assist with attempts to circumvent those policies or security measures.

Our forums are set up to help the home computer user deal with issues and questions relating to personal computers. We are not equipped to involve ourselves in any legal issues that may arise due to loss of business data and loss of revenue as a result of malware infection or the disinfection process which in some instances require reformatting and reinstallation of the operating system. Further, many helpers are not familiar with Servers and many of the tools we use are restricted to non-commercial use by their creators.

A business IT staff generally has established procedures in place to deal with issues and infections on client machines on the network. As such, they may not approve of employees seeking help at an online forum or outside the business office as doing so could interfere or cause problems with their removal methods. The malware you are dealing with may have infected the network. If that's the case, the IT Department needs to be advised right away so they can take the appropriate disinfection measures.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Jayson201

Jayson201

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 26 August 2010 - 05:59 PM

Quietman, I did not think of that when writing my reply, although I should have.
My apologies.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 PM

Posted 26 August 2010 - 07:18 PM

No need to apologize.

We just don't want to step on any "IT toes" and its important they know what has happened so the entire network can be protected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users