Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Finding An Expert To Help Me?


  • Please log in to reply
21 replies to this topic

#1 alice*in*wonderland

alice*in*wonderland

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:09:08 AM

Posted 19 June 2007 - 08:54 PM

I am inundated with Systemdoctor, Celldorado, pcturbopro, winantivirus and wixawin adverts, popups and error messages. I'm very angry, I am spending all my time running scans which are not fixing my problems. I also feel very frightened because some of the error messages say that my passwords and credit card numbers are exposed.

I have been using Norton Antivirus successfully for over 2 years until 7 days ago when a trojan found its way in. Until this time I never got spam or adverts of any kind.

I followed the steps in Norton to Quarantine and Delete it but both failed so I printed out all the Symantec info and took my tower and printouts to my local Computer Shop the next day to get it fixed. They told me that Norton Anti-virus is rubbish and I should have AVG, they recommended the removal of Norton (despite the fact that I paid only 3 months ago for re-subscription). I said I was happy to take their recommendations, so they removed Norton and installed AVG Antivirus, Anti-Spyware and Ad-Aware Personal. I paid my $100 for their labour to remove the trojans and change the virus stuff and left. I got home and the problems were back within half an hour.

I've printed out so much material on how to fix these problems but quite frankly don't have the skills/background knowledge to do this. The instructions for using HijackThis and Smitfraud Removal are well written but I fear I will get part way through the process and get lost/confused. I've had a protected existence and don't know much about security so I need to learn about how to use my computer and internet safely as a starting point. I need an expert to fix my problems for me so my questions are:

How do I find an "Expert"?

Should the "Computer Shop" experts have fixed my problems (or is it so complex that I should give them another go)?

What sort of questions do I ask to make sure the "expert" knows what they are doing?

As an aside, I feel uncomfortable with the person at the Computer Shop that I went to. His use of innuendo bothers me and I would prefer not to have to deal with that whilst trying to negotiate getting my computer fixed.

Any advice or suggestions welcome

BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:07:08 AM

Posted 19 June 2007 - 09:33 PM

Hi there,

Ordinarily I would urge you to go back to that shop and try to either get your money back or get them to fix your computer. However, I can understand your reluctance to do this, given the way you have been treated.

Also, the fact that they were unable to fix the machine the first time does not inspire confidence.

Consider trying to fix it yourself, under the guidance of one of the malware experts here. Read this preparation guide and follow the steps. It sounds like you may have taken most of them already. The last step in the guide is to post a HijackThis log. That should be done not on this forum, but on the BC HijackThis forum. The guide has a link to it.

Dave

#3 wyrd_chao

wyrd_chao

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 19 June 2007 - 09:44 PM

Well, read the below link and you can get an idea what I usually do when I get a computer with a virus in my shop.

---
http://www.bleepingcomputer.com/forums/t/96645/what-was-this-got-rid-of-it-but/
---

The short list:

Go to another computer, and download the following:

Avast 4.7 Home Edition ( www.avast.com )
Spybot Search&Destroy ( www.safer-networking.org )
SpywareBlaster ( www.javacoolsoftware.com )
HijackThis ( http://www.majorgeeks.com/download3155.html )
CleanUp! ( http://www.stevengould.org/software/cleanup/download.html )

Put this stuff on a USB memory stick or burn it on a CD (better).

Boot to Safe Mode with Networking (hit F8 right after the manufacturer's banner screen, choose off list).

Run CleanUp! Donate money if you are REALLY pleased...

Install Spybot S&D, allow it to update and immunize, run a scan. Let it fix anything it finds. Write down what it finds and check the Forums and Tutorials here for specific fixes.

Uninstall AVG (it's okay, but avast! seems to catch more bad things). Install avast!, allow it to schedule a boot scan, DON'T let it restart yet. Start avast! up from the little blue ball, wait for it to get going (can register later) and then choose 'Updating' off the upper left menu button. Update both the iAVS and the program.

Unplug from the Internet.

Restart. avast! may find stuff; choose 'move to chest' if possible, otherwsie try 'repair' or 'delete' on any item it finds.

When avast! is done, will boot into normal Windows. Verify that avast! started okay, then run another scan with Spybot S&D. If it's still finding stuff, restart in Safe Mode and run any particular fixes you may need base on what SS&D and/or avast! found before.

You may also have to turn OFF System Restore at some point. If XP is running okay other than the virus/malware problem, you should probably do this. Go to Start/Control Panel/Performance and Maintenance/System (classic view), choose the System Restore tab. BE SURE to turn this back on when you've taken care of the problem.

While in Safe Mode, run HijackThis, run the scan, and post the log in the appropriate Forum.

Luck!

- Wyrdchao





You're already at
-----

"Men talk of killing time, while time slowly kills them."
- Dion Boucicault

Pat Struthers
patstr@uci.net
Heppner, OR

#4 alice*in*wonderland

alice*in*wonderland
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:09:08 AM

Posted 19 June 2007 - 11:18 PM

Thanks DaveM59 and Wyrd-chao. The preparation guide is great. I spent last night studying it (along with all the other instructions and posts) then told the family that I was going to have a go at fixing the computer. They were MORTIFIED that I would even consider this (they are well aware of my limited skills) and after much rolling around on the floor laughing gave me strict instructions not to even consider this. My confidence is ...well... shattered.

I read Wyrds post earlier also and was impressed that he printed the HijackThis log for the customer. I'm going to ask for the same from whoever I get to fix the computer, just so that I can start learning, and also for lots more information about anti-virus-spy programs. My computer wouldn't go into safe mode either and yes, family members have used Limewire and Steam. I should probably be grateful that I didn't get problems before.

I'm going to spend much more time reading this forum and try to build my knowledge so that I can further grasp the jargon and really "understand" what I am doing.

#5 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:06:08 AM

Posted 19 June 2007 - 11:39 PM

Hi alice*in*wonderland,
You may want to refer to the Tutorial How to Start Windows in Safe Mode and note the System Configuration Tool Method if the F8 Method didn't work for you.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#6 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:02:08 AM

Posted 20 June 2007 - 12:23 AM

Hi alice*in*wonderland.

Don't let anyone tell you what you can't do. We all start at that point, but with help from the marvellous folks here you will soon get to know your way around. Ask away about anything and I'm sure someone will be happy to help you. Every little thing you manage to fix yourself is a great morale booster - and remember, your computer is only a box of bits.

Cheers

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#7 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:07:08 AM

Posted 20 June 2007 - 06:28 AM

I hate to be contrary but I must disagree with the recommendation to use the MSConfig tool for booting into safe mode. If the problem is just a "slow trigger finger," then that's a good solution. However, if Safe Mode has been disabled by malware, using that method can make the computer unbootable.

See here for a more detailed explanation.

I used to recommend a variation of the MSConfig method, but I no longer do so on an infected computer.

Alice, I heartily endorse Rowal's advice. However, since it seems your family is against your trying to fix your computer, you should insist that one or more male members of the family go back to the shop with you. That should eliminate the shop owner's inclination toward harassment.

As I said, his failure to fix it the first time means I would prefer to get my money back rather than giving him a second chance. However, the service agreement may give him that option. But whatever his terms, if you have to deal with him again, then it would be better to have a witness to anything he says.

#8 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:06:08 AM

Posted 20 June 2007 - 01:03 PM

I hate to be contrary but I must disagree with the recommendation to use the MSConfig tool for booting into safe mode. If the problem is just a "slow trigger finger," then that's a good solution. However, if Safe Mode has been disabled by malware, using that method can make the computer unbootable.

See here for a more detailed explanation.


Thanx for posting this valuable info and link DaveM59. Great article!
This is a most important detail that everyone should know.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#9 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:07:08 AM

Posted 20 June 2007 - 01:27 PM

You're welcome TMack. Infections that disable various Windows tools and other capabilities (like Safe Mode) seem to be getting more common, so it's important not to assume that a problem getting into safe mode is simply user error. And then to observe the old physician's maxim: "First, do no harm."

#10 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:02:08 AM

Posted 21 June 2007 - 12:29 AM

DaveM59

How does the BOOTSAFE mode in SUPERANTISPYWARE fit in this scenario?

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#11 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:07:08 AM

Posted 21 June 2007 - 06:20 AM

Rowal5555,

Safeboot does the same thing as the MSConfig maneuver, it edits boot.ini file to force safe mode. This is mentioned in that article I linked to.

Alice*in*Wonderland,

Sorry for diverting your thread like this!

Have you made any progress toward resolving your problem?

#12 alice*in*wonderland

alice*in*wonderland
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:09:08 AM

Posted 27 June 2007 - 10:55 PM

Hooray, I got my computer back. I found a new computer store and took it in (as my family demanded :flowers: ) for "fixing". Thanks everyone for your continued support even during my absence. I couldn't face going back to the first computer store and consider the money I lost a lesson learned.

The store kept my computer for 7 days :thumbsup: and returned it with the following report:

***************************
**Computer was badly infected with viruses, trojans and hijackers.
**Logged on as user "Alice" for repairs
**AVG & AVG Anti Spyware were already installed - Updated both programs and ran - No viruses detected, but 17x Spyware incidents were found and removed.
**Ad-aware was installed, updated and ran - 13 x incidents were detected and removed
**Installed Spybot, updated and ran - 33x Spyware items detected and removed (Imbedded spyware and hijackers Virtumonde, AstraKiller & SmitFraud self installed after reboot - More drastic measures were taken for these)
**Installed and Ran CWShredder & ran - No CWS Hijackers detected
**Reset Restore Points
**Ran Disk Cleanup to clear trash, temp and cashe files
**Installed and ran Cleanup! to clear out residual cashe, bak, temp, prefetch, install and other files from system.
**Installed HijackThis and ran - studies log and noted abnormalities
**Installed Symantec FXVundo and ran - No Vundo detected
**Installed Vundo Fix & Ran - Detected 11 x Vundo links and self install files. Removed these and deleted
**Installed Reg Cure & ran - Nul & Void registry links, dead keys and start programs were detected and removed
**Ran Regedit and removed links manually for Astakiller
**Ran Drweb Cure and detected other residual trojan files linked to Smitfraud and Vundo hijackers
**Manually removed self install links to Vundo with Regedit
**Installed and ran Smitfraud tools and ran - Removed Smitfraud files and registry entries
**Reran HijackThis and removed the last of the links and entries in the registry refering to hijackers and trojans
**Reran Cleanup!
**Installed Keparsky antivirus and ran - no viruses or trojans detected
**Uninstalled Keparsky
**Reset computer and reran Ad-Aware, Spybot, AVG, Vundo Fix, Smitfraud Tools, Drweb Cure and Regcure - System reported as clean!
**Reran Cleanup!

NOTES: Due to the extreme amount of spyware, viruses, trojans and hijackers detected and removed from the system I recommend running a full virus scan at least once a week. Programs that should also be run once a week and updated regularly are Spybot and Ad-Aware and CWShredder. If possible refrain from using peer2peer programs like Limewire and others as these free programs generally come packaged with spyware and hijackers or open ports that can be exploited. Other users should also run the programs listed above to ensure the system remains clean. If the computer becomes re-infected, run the free tools and programs installed under user "Alice" to clear. Due to the amount of intrusions removed, some programs may have been damaged or modified by the removed programs. In these cases, a reinstall of the damaged program will normally remedy problems. A full listing of the current status of the system is available in the log of HijackThis (installed under user "Alice")
*********************

I've used the computer for about 4 hours now and so far no problems.

I'm very pleased to be able to study the forum info sheets and practice with my new installations with a better state of mind (ie I'm not scared out of my wits), its much more fun.

I have Spybot 1.4 and I just ran it (for practice). The screens look different to the "Using Spybot" sheets I printed out. The screens are less colourful/user friendly I guess, do I have the wrong version?

Also I don't seem to have a firewall other than the WindowsXP one. Will it be OK to get one of the free ones (Sygate or ZoneAlarm) now?

I'm not really sure of forum etiquette. I need to know about "safe" sites for my family as well, and I don't know whether it is appropriate to ask all sorts of questions under this post or if I should start new ones.

Thanks so much everyone.

#13 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:06:08 AM

Posted 27 June 2007 - 11:35 PM

Glad to hear that you sorted your problems out alice*in*wonderland :thumbsup:

The Windows firewall isn't adequate and either ZoneAlarm or Sygate Personal Firewall Free are good choices and user friendly.

If you have other questions not relating to this topic, please start a new topic in the appropriate forum.
You may want to have a look thru the New User Orientation to familiarize yourself with how the board works.

:flowers:
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#14 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:02:08 AM

Posted 28 June 2007 - 01:53 AM

alice*in*wonderland

Very pleased to hear you have your system all cleaned up. No doubt you are feeling very happy now.

Further to TMacK's good advice, apparently SygatePF is no longer supported. I have been using it quite happily, but after reading this
http://www.pcworld.idg.com.au/index.php/id;159719021, I installed Comodo. This is said to be the most effective of any free or paid firewall, and so far I am quite impressed.

To post a question, simply click on the FORUM tab and choose the best place to ask your questions.

Good luck, and have fun. :thumbsup:

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#15 alice*in*wonderland

alice*in*wonderland
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:South Australia
  • Local time:09:08 AM

Posted 28 June 2007 - 03:11 AM

As soon as I read TMacKs post I went and installed ZoneAlarm. The Anti-virus Monitoring screen says that

there is no anti-virus running on your computer that ZoneAlarm can detect. Make sure that you are running anti-virus software. :thumbsup:

I've got the AVG 7.5 and AVG Anti-spyware installed. Now I'm worried that I got the ZoneAlarm installation wrong somehow or other. Also when I had finished installing ZoneAlarm there was a video tutorial to watch but it seemed to get stuck at about 1/4 loaded and wouldn't go any further. :flowers:

Thanks for all your support everyone.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users