Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezing Computer, Past Winfixer Presence, Hijacked?


  • Please log in to reply
7 replies to this topic

#1 Triumph

Triumph

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 13 December 2005 - 12:02 AM

I posted before, cant find old post, couldnt print answer, trying again.

I had downloaded a winfixer virus I think from website, kept getting winfixer popups that coincided with freexing computer, slow operation, slow print, multiple open websites were sure way to crash it all.

I often use contl alt del to unfreeze, sometimes ahve to do a hard shutdown by holding on off for 5 secs.

I tried adaware 6.0, it removed 135 total items and now I have 254 items in quarantine because I didnt know if it was all bad or not. Was afraid to remove or delete it.

Tried spybot dont recall the results.

Then bought Norton internet security and installed, it found two items if I recall correctly which were removed. That seemed to coinicide with the slowdown of the computer....

I cant take it anymore, can you tell me what to do next?

THANKS!

BC AdBot (Login to Remove)

 


m

#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:12:50 AM

Posted 13 December 2005 - 12:17 AM

Hello Triumph.
Welcome to BC. We feel your pain. This link will get you on the way to recovery... http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/
"2007 & 2008 Windows Shell/User Award"

#3 Triumph

Triumph
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 13 December 2005 - 12:26 AM

Hi,

Thanks. I forgot to say that I am no longer getting the winfixer popups, in fact no more at all it seems. Maybe Norton is doing its thing. BUT the computer is definately slow and crashing.

So sorry I did not mention this. Still proceed as indicated above?

#4 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:12:50 AM

Posted 13 December 2005 - 12:36 AM

Thats alright. Just like it did not hurt to send it, it wont hurt to look it over....right :thumbsup:
By the way Welcome to BC. :flowers:
"2007 & 2008 Windows Shell/User Award"

#5 Triumph

Triumph
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 13 December 2005 - 11:35 AM

HELPPPPP!!

I started following instructions from the recommended link and got to this part

Download VirtumundoBegone and save it to your desktop.

VirtumundoBegone

Reboot your computer into Safe Mode

Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

Exit when it has finished


Using windows XP I opted to follow the system configuration Tool method to start in safe mode by going to start button etc.

When it restarted I had the option of clicking on my icon, my wifes icon or one that I frankly had not noticed anymore, an administrator icon that had chess pieces on it. Not knowing what to do and thinking I was administering my system I clicked on the adminsitrator icon.

The screen went black with a small safe mode message in white in each corner of the screen with the following centered on the top [w/o quotes of course] "Microsoft ® Windows XP ® (Build 2600.xpsp_SP2_gdr.050301-1519:servicepack2)"

I could not obtain my desktop so that I could proceed with instructions to use the VirtumundoBeGone.exe program I had downloaded to my desktop. I decided to hard turnoff the computer and it restarted I used F8 this time clicked on my icon and got the same results. I did this several times and then opted on the F8 screen to choose the one that says something like Lasst known system settings that worked. This did nothing as well.

Each time it restarted I got for a fleeting second a large box in the center of the screen that seems to be telling me it is starting in safe mode with yes or no buttons. I finally caught it once to luckily hit the yes button and still nothing happened. So I turned it off and left it, am now on my work computer.

WHAT THE HECK DO I DO NOW????????????????????????????????????????

:thumbsup:

#6 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:02:50 AM

Posted 13 December 2005 - 03:30 PM

If you start the computer in "administrator" mode, you won't be able to see what you downloaded to your desktop. It has to start in your name. However, you also need to be able to get back into regular mode. Go to Start -> Run and type in msconfig and click on the radio button for normal startup. You should be able to get into safe mode by hitting the F8 key repeatedly during startup and then choosing safe mode from the menu that appears. Does any of this help?

#7 Triumph

Triumph
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 13 December 2005 - 03:49 PM

Yes I tried that but It wont let me get back to a normal looking screen to use the start toggle if I recall correctly. Ill have to try again at home later.

Thanks.

#8 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:04:50 PM

Posted 13 December 2005 - 09:13 PM

Are you presented with an "Advanced Options" menu when you tap the F8 key while booting?
If so choose the "Safe Mode with Command Prompt" option and use system restore to go back to a date when the system was bootable :

To start the System Restore tool from a command prompt

1. Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.

2. Log on to your computer with an administrator account or with an account that has administrator credentials.

3. Type the following command at a command prompt, and then press ENTER: %systemroot%\system32\restore\rstrui.exe
- where %systemroot% is usually C:\Windows

4. Follow the instructions that appear on the screen to restore your computer to an earlier state.

Reboot and check the computer runs normally then try to boot to Safe Mode by pressing the F8 key when you start (Do not set the option in msconfig) If you can boot in safe mode OK then log on as your normal user (are you an administrator?) and continue with your malware removal procedure.

hth :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users