Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected?


  • Please log in to reply
6 replies to this topic

#1 deionara

deionara

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 11 June 2007 - 03:19 AM

Hello.

I've had my antivirus turned off for a few days and in that period, malicious websites were accessed. I use Kaspersky AV and Antihacker.

I noticed that something was wrong when suddenly after a reboot, certain keyboard keys stopped working (1 2 3 4 7 8 9 0 and [ ) - so not all number keys. I started Kaspersky and ran a virus scan. Several trojans were found in my java/ cache folder. I deleted the whole contents of that folder (even the files that were not detected as trojans).

The keyboard problem was not solved. After a system restore and several reboots later, and after removing all suspicious programs from my add/remove programs, the keyboard problem disappeared. However I got an error 2-3 times after rebooting "System has recovered from a critical error" (I have a picture of what happened if it's relevant). I don't get that error anymore but I'm afraid that my PC might still be infected.

I opened my taskmanager to see if there's anything suspicious going on, but was unable to find anything besides 6 svchost.exe running. I did some research and found out that it can be a virus target. From what I understood svchost can be ended from the task manager, but I got an NT Authority error - system will nshut down, after trying to end it. I did a search on my pc for svchost.exe and found 3 exe files that had 57kb each, all located in my Windows folder.

I downloaded the WinPFind3U program and tried to run a scan after disabling my Kaspersky AV and anti-hacker, but it just froze each time after 5 seconds. I also downloaded the AVG spyware program but instructions suggested that I run it after rebooting in safe mode - I tried tapping my f8 key but it takes me to a blue screen with "select boot to drive - removable floppy, hardware, removable cd drive" - instead of the normal options "restart in normal mode/ safe mode/ ms dos mode".

Can I/ Should I run the AVG program in normal mode? Does the fact that I have an AV make any difference - considering it's disabled?

Could you please advise on what I should do to discover if my PC is still infected?

Thank you in advance for your support.

Best Regards,
Deionara.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 11 June 2007 - 03:27 AM

Yes, try running AVG in normal mode. I would also try running SuperAntiSpyware and doing an online scan with Housecall.

If you're still having problems I would recommend posting a HijackThis log. See this for more information.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 deionara

deionara
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 11 June 2007 - 03:37 AM

Jó napot!

Thank you very much for your prompt reply. I am running an AVG scan as we speak. Infected objects: 1089

I use cookies for all my passwords as I have a lot of them - lol. In the results window however, there are about 50-70 files, all called TrackingCookie, and threat: medium.

I'm sorry I am completely useless when it comes to spyware, could you please suggest on a course of action - should I be worried about these results or not? What should I delete from my computer in order to restore its safety and my mental health?

Thank you again for your kindness.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 11 June 2007 - 03:52 AM

Szia!

Tracking cookies can be a privacy issue but they won't cause any problems with your computer. There is some info on cookies here. If you computer isn't back to normal after running the scans I would go down the HijackThis route.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 deionara

deionara
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 11 June 2007 - 04:04 AM

Thanks for your quick reply again. I have completed the AVG scan and besides those tracking cookies with medium threat, it found a BackdoorSturf with High risk. I will remove these files and see if anything odd happens from now on, and if it does, I'll seriously consider a HijackThis scan.

By the way, would you suggest having AVG run in the background together with Kaspersky AV and anti-hacker?

All the best!

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 11 June 2007 - 04:09 AM

There are 2 AVG products:

1. Anti-virus
2. Anti-spyware

You should not have 2 anti-virus programs running in the background at the same time. They tend to fight against each other and actually leave you less protected.

It is okay to have one anti-virus program and several anti-spyware programs running in the background. The freeware version of AVG Anti-spyware does not have an option for real-time protection (running in the background).
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 deionara

deionara
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 11 June 2007 - 04:15 AM

Alright, great! I ran the AVG anti-spyware, not anti-virus program. You've been most helpful, I hope my PC is healthy again. If not, allow me to come back here and ask for your support :thumbsup:

Thank you, have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users