iDRY Vacuum Kilns

puter problem

Started by bedway, May 28, 2010, 11:22:04 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

bedway

Ok all you puter whiz people, i need help! I was doing some surfing last night when all of a sudden this window pops up and says my computer is infected. It says its an antispyware soft  and the free scan has found im infected. Of course it wants me to buy their full program to get rid of these infections. Help!

Warbird

Ugh.  I *really* hate this particular virus.  I've dealt with it twice now, on 2 different computers.  One was real easy, one required a format and reinstall of Windows.

What, exactly, did you click on when this window first popped up?  Also, please describe exactly what it is doing.  Does it eventually start popping up windows to inappropriate sites?  If you try to right click on My Computer and view properties, does it automatically close that window?  What version of Windows are you running?

I'm heading into work now.  Once you get me that info, I will help you out more in a bit.  A good first step is to unplug that computer from the internet/network.  Unless it is your only way of getting here.  Also, until we get this cleaned up, DO NOT log into ANY of your financial institutions web sites (banks, credit cards, anything).

Also, might be a good idea if someone could move this thread to the Behind The Forum board.  I don't have mod privs here.

Warbird

Boy, I sure hope that isn't his only computer.  Might explain why we haven't seen him since.  :-\

clearcut

This is could be just a scam know as scareware.

   http://en.wikipedia.org/wiki/Scareware

Windows Defender is probably adequate protection for most folks.

   http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

Several free antivirus programs are described here.

   http://lifehacker.com/035683/free-anti+virus-roundup

Or get a Macintosh
   
Carbon sequestered upon request.

Warbird

Yup, it is definitely a scam.  I've run into it numerous times and actually had to clean it up twice.  We need to determine if his system is infected before we have him start installing a bunch of other stuff.  Usually, when this particular 'ad' pops up, people click something they shouldn't and that is when the hammer drops.  :-\

WH_Conley

I had exactly the same program hit me the other night. I have windows defender and malwarebytes, free edition on my machine.

First step was to shut off my modem, didn't want it communicating to anybody on the net.

Then I did a scan with windows defender, it deleted one file, still had the problem.

Ran Malwarebytes as a quick scan. The bug kept stopping progress of malwarebytes, had to keep clicking on the x in the dialog box, that would let scan for a few more seconds. Finally got the scan done, found and deleted 4 registry keys, 2 registry values and one file. They were Trojan.Fraudpaack and Rogue.Antivirussuite.

Down loaded updates to Malwarebythes and did a complete scan, then ran CCleaner. Everything seems to be OK now. I have not been able to find anymore traces of the PIA programs. If anybody has any ideas where to look for any remains, let me know.
Bill

Warbird

It usually dumps files in the Windows\systems32\ directory.  Be careful deleting anything from that directory unless you know exactly what you are doing.

The easy one that I cleaned up was accomplished by simply doing a System Restore.  I rolled it back a few weeks to where we knew the system had not been infected yet.  Worked like a charm.  The other one was so bad, System Restore wouldn't run properly.

bedway

Heres the latest on my computer problem. I had it shut down over the weekend because of a house full of out of state company. Upon turning it on today, that little icon down in the little right hand lower corner had disappeared. Friday when i clicked on that icon a box opened and it was titled Antispyware soft. It wouldnt give an option of delete or exit or anything else. It kept saying it had run a free scan and detected several problems. If i wanted to correct these i had to purchase their software. Now today for the most part it seems my computer seems to be ok. I did try to run the malware program i have but part way thru it said their was an error and couldnt run. I also tried to run a restore on three different dates and it wouldnt do that. Im running windows xp 64 bit operating system. To your other question, i dont recall what i had opened when this started but it did eventually start opening adult sites.

beenthere

You've contracted a malware of some kind...it is typical virus entry method.

If you can search here, there have been discussions on how to get rid of it. I've tried to help my grand-daughters get rid of theirs but finally had them take it to someone for about an hours worth of work.

When that window first pops on my screen, I do nothing except power down.  Hit the power off switch. When I power up, it is gone. But trying to cancel or hit the X in the upper right corner of the window that looks much like a Windows window, will just load the virus into your computer. Then they will try to sell you software to get rid of "them". Bad one, but many, many users get taken.
south central Wisconsin
It may be that my sole purpose in life is simply to serve as a warning to others

Warbird

bedway, how is it going?  Is the computer still infected?

beenthere

Bedway
Any update on how you are doing with the apparent malware problem of 4 months ago?

I ask, because last evening I had it infect my computer. I for some reason didn't follow my own advice, and didn't power down.  ::) ::)   It suddenly came up flashing a long list of trojans, virus's, warnings, etc. under a Microsoft-looking window. I was doing a google search on cross dowels for a project and clicked on one site listed as having that hardware available.

I tried to ignore it and get my virus protection to run, of which it did partly, but did not remove it. The virus/malware with the name  Security Tool - protect your PC overrode the scan of the system.

I'm on a different computer, but am thinking I need to locate someone that can uninstall the virus/malware or download some software and try to get it to run on the other computer. 

Appreciate any ideas?
south central Wisconsin
It may be that my sole purpose in life is simply to serve as a warning to others

Reddog

Quote from: Warbird on May 29, 2010, 04:14:25 PM
The easy one that I cleaned up was accomplished by simply doing a System Restore.  I rolled it back a few weeks to where we knew the system had not been infected yet.  Worked like a charm.

This is what I had to do on the last malware that got me.
It was over riding the scan. So I did a system restore to a few weeks earlier.

DouginUtah

My experience has been that I know of nothing better than Malwarebytes Anti-Virus which is a free download.

http://www.filehippo.com/download_malwarebytes_anti_malware/  (Upper Right corner)

If you can't download/run that then the above advice is appropriate.


-Doug
When you hang around with good people, good things happen. -Darrell Waltrip

There is no need to say 'unleaded regular gas'. It's all unleaded. Just say 'regular gas'. It's not the 70s anymore. (At least that's what my wife tells me.)

---

Warbird

BT, IMO the very first thing to try with this is a System Restore.  Unplug the internet cable and then restore it to back to a few days ago.

bedway

Sorry i didnt update this thread sooner. For the most part my puter has seemed to of healed itself ;) and that makes me nervous. Running fine most of the time, other than the occational glitch or crash. Ive been told by some supposedly knowledgeable people that 64 bit operating systems do have some hiccups because the 64 bit system isnt compatable with some programs. The only thing i still cant get to work is the restore function,,,,,,,,,go figure :(

beenthere

Thanks for the replies.
I will look into the system restore plan first. With the infected system being turned off for 24 hours (?? .. don't know why that might have anything to do with it  :) ) and the internet cord unplugged, maybe things will work out. I'll look into how to do that system restore plan.

I suspect there is no good way to download the malware anti-virus on another computer and get it to run immediately on the infected one, via memory stick.

Will keep you posted.

bedway.. glad to hear you are running. Now about that healing.... ::) ::)   :)

south central Wisconsin
It may be that my sole purpose in life is simply to serve as a warning to others

Warbird

BT, it will make no difference that your system sat powered off for 24 hours.  Just unplug the internet cable, boot it up, and then do the System Restore.  The goal is to pick a date to restore to that is well before when it got infected.  The beautiful thing about this solution is you are guaranteed to remove the entire payload dropped by this thing, no matter what variant it is.

Just be advised that I have a 50% average with this working, with this particular virus.  It worked once and failed once (the restore wouldn't complete).

There are some good walk-throughs online detailing step-by-step how to do the system restore.  Just google for whatever Windows version you are running and "system restore".  It is super simple to do.

If it fails, then I would try Doug's advice.  He's right, Malwarebytes is pretty good.  You may have to jump through a few hoops to get it installed on the computer.  One system I worked on that was heavily infected with this would change the executable when you tried to download it.  And then once running, it would kill it halfway through.

Mooseherder

Quote from: DouginUtah on October 07, 2010, 08:05:34 PM
My experience has been that I know of nothing better than Malwarebytes Anti-Virus which is a free download.

http://www.filehippo.com/download_malwarebytes_anti_malware/  (Upper Right corner)

If you can't download/run that then the above advice is appropriate.


This recommendation and the folks at Malware Bytes is what fixed my PC not so long ago BT.
I'll PM you the process we went thru.

Warbird


beenthere

Thanks for the help and encouragement.
Appears that the System Restore to Oct. 1 is working. Doing a full scan now and hope all falls back in place as before. Will assume, at the moment.  ::) ::) :)
south central Wisconsin
It may be that my sole purpose in life is simply to serve as a warning to others

Warbird

Glad it's working, BT.  That System Restore function is quick, simple, and oftentimes the most effective way to go.  Just be aware it doesn't always work.