Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Window XP Repair virus


  • Please log in to reply
6 replies to this topic

#1 mchunter

mchunter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 01 July 2011 - 04:43 PM

Hi everyone,

First I want to say that I am not very computer savvy, so I may not understand some advice that may be given.

I work for a company that controls their whole computer system, so I cannot just go in and work on my computer, the IT department has to do that. There is a certain fishing forum which I like to visit and about a month and a half ago (I have visited before and never had a problem) when I visited it I was infected with the Windows XP Repair virus, which wiped out my harddrive. Our IT department was able to retrieve everything. Not knowing at the time that it came from this certain site, I logged back onto it about a week later and immediately the same thing happened again. I didn't visit the site for about 3 or 4 weeks and finally got brave again. As soon as I logged on it happened again.

I have informed the site Administrators and they said they have received some other complaints also, but they have run all kinds of checks and cannot find anything on their site.

I have watched my IT department use Malwarebytes and even TDSSKILLER was used this last time to get my pc back up. Is there something that can be done so I can visit this site or is it a problem they are going to have to solve first? I do not have any problem on other sites, just this one. Thanks.

BC AdBot (Login to Remove)

 


#2 lilley

lilley

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 01 July 2011 - 06:44 PM

Greeting. I am the admin of the fishing site mchunter is talking about. I am seeking help to assure my members I don't have any virus issues.

Like you, I am using IP.Board 3.05. I sent in a trouble ticket and the IT guys scanned the forum and said it was clean. I have also asked my server IT people as well as the co-owner of the site (http://ozarkanglers.com), he is an IT person as well, and he can't find any problem with the site.

As for the rest of the site, I use Mamba. I am the only person with access to the admin section.

Do you have any suggestions for me?

Thanks!

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 AM

Posted 01 July 2011 - 08:51 PM

There are a few tools and important steps to remove this.. One being to run RKill first//

Please follow our Removal Guide here Remove Windows XP Repair (Uninstall Guide).
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 lilley

lilley

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 01 July 2011 - 09:23 PM

boopme- do you have any suggestions for me? Do you have any ideas how to make sure my site is free from this and other viruses, other than what I've already done.

Is there a chance, seeing mchunter was on http://ozarkanglers.com/forums, a IP.Forum like this one, could have gotten the virus from this site after I've scanned and ran the necessary tools provided by IPB?

Thanks

#5 mchunter

mchunter
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 02 July 2011 - 11:37 AM

Thanks boopme. I do not fully understand everything, especially the scan log part, but I will
try to do what you said. I'm not sure I will have the privileges needed to allow me to do this, but if not I will try to find someone in our IT dept. willing to help me out. I do not go back to work until Tuesday, so with that and the time it takes to possibly get this done, it may be awhile before I get any results to post. Thanks.

Also, thanks to Lilley for trying to get this worked out.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 AM

Posted 03 July 2011 - 02:43 PM

I am asking the BC Admin to look here as they may have a better idea for "site" issues.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mchunter

mchunter
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 11 July 2011 - 03:56 PM

I am unable to perform this myself, because I do not have the access privileges required. After checking it out though, this is the process that my IT department did when they repaired my pc, so I do not understand why it is still happening all over again only when I go to this certain site. Any ideas? Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users