PDA

View Full Version : Heeeeeelllllppppp!!!!



Thoughtbot360
2007-08-03, 06:25 PM
My computer won't stop playing video pop-ups! There is also a continuous advertisement for winantispyware (the type that warns you about a spyware component and then offers its own services to help, I don't trust those. at all.). Also one day recently winantivirus just magically appeared on my desktop.

I need some proffesional help fixing this nonsense. I am currently using AVG antivirus, which was updated recently.

Rawhide
2007-08-03, 06:35 PM
Free virus scanner I recommend:
www.avast.com

Free online virus scanner I recommend you use every once in a while:
housecall.trendmicro.com

Free anti-spyware programs, I recommend you use both. Spybot is the most important though.
www.safer-networking.org
www.adaware.com

Thoughtbot360
2007-08-03, 06:39 PM
Thanks Rawhide, really. I'll download them immediately. I was literally being assaulted by pop-ups.

Thoughtbot360
2007-08-03, 10:57 PM
Well, I've hit a snag.

avast, all by itself, is picking up all sorts of Win32:Virtumonde-BW adware thats attached to the Windows folder and it might be dangerous to mess with that. avast will not delete those processes-nor move then to the chest, largely because they are being used by themselves.

What do I do?

Rawhide
2007-08-03, 11:07 PM
First, make sure you are not using Avast and AVG at the same time. You should never run two scanners at the same time. Virus scanners have what is known as 'real time scanning' or 'active scanning', where it will try to scan every file before it is used. (Note: Advanced users can disable the real time scanning so that only one virus scanner is using real time scanning).

Now, if what you are finding is adware, not a virus, I suggest you first try SpyBot Search and Destroy to remove it as it is a dedicated spyware removal tool. It may provide you with instructions that you need to preform manually to remove it. Failing that, Adaware, failing that, Avast or Trend's Housecall may have manual removal instructions.

You might try looking for it in one of the virus encyclopedias:
http://www.trendmicro.com/vinfo/virusencyclo/default.asp
http://www.symantec.com/enterprise/security_response/threatexplorer/threats.jsp

Thoughtbot360
2007-08-04, 12:33 AM
First, make sure you are not using Avast and AVG at the same time. You should never run two scanners at the same time. Virus scanners have what is known as 'real time scanning' or 'active scanning', where it will try to scan every file before it is used. (Note: Advanced users can disable the real time scanning so that only one virus scanner is using real time scanning).

Now, if what you are finding is adware, not a virus, I suggest you first try SpyBot Search and Destroy to remove it as it is a dedicated spyware removal tool. It may provide you with instructions that you need to preform manually to remove it. Failing that, Adaware, failing that, Avast or Trend's Housecall may have manual removal instructions.

Theres a few problems with those instructions, I'm afraid. First of all, I'm not sure how to switch off an anti-virus' "real-time scanning." Also, my computer won't run the installer for SpyBot, I can't get it online. I have less than ten seconds before the installer just disappears.

Rawhide
2007-08-04, 12:41 AM
There are options in the programs to switch off the real time scanning. If you can't find them, you should disable all but one antivirus entirely as they will cause conflicts (ie. shutdown AVG while you run Avast - you can decide which to use after you fix the problem).

You can download the spybot installer and the manual update files on a different computer, you don't need to be connected to the internet to install it. But note, whether you do it automatically or manually, make sure that you do update your spybot and antivirus files to the latest version.

Thoughtbot360
2007-08-04, 01:53 AM
There are options in the programs to switch off the real time scanning. If you can't find them, you should disable all but one antivirus entirely as they will cause conflicts (ie. shutdown AVG while you run Avast - you can decide which to use after you fix the problem).

You can download the spybot installer and the manual update files on a different computer, you don't need to be connected to the internet to install it. But note, whether you do it automatically, make sure that you do update your spybot and antivirus files to the latest version.

Well, thanks again for answering my thread, I'll give you an update tomorrow on how I've done, possibly close the thread.

Thes Hunter
2007-08-04, 06:11 AM
Rawhide's such a hero.


I imagine him, riding up on his white pixels to any user who is in need.

Or hunting through metropolsis cloaked with dark pixels weeding out the bad guys vigilante style!

Jibar
2007-08-04, 06:44 AM
Or hunting through metropolsis cloaked with dark pixels weeding out the bad guys vigilante style!

I read that as "wedding", which led to hilarity, naturally.

Rawhide
2007-08-04, 06:50 AM
Do you, MSBlaster, take Gator to be your awfully wedded husband?

Swedish chef
2007-08-04, 08:33 AM
Best way to get rid of viruses that Avast can find but not delete "because they are beeing used" is to schedule a boottime scan, reboot computer and then take any action desired when you get prompted by Avast that it has found the virus/adware/whatnot. By doing a boottime scan none of the evil programs has been loaded yet and can therefore be incarcerated in chest, or as I preffer "executed with extreme prejudice" (aka removed, my policy is that if it breaks anything I can always reinstall, regular backups are your friends).

Good luck with your virushunting.

PhallicWarrior
2007-08-04, 09:54 PM
If you can't get Spybot to work, I recommend Adaware SE. It's a bit less... tempermental than Spybot.

SDF
2007-08-04, 09:58 PM
I like to use hijack this myself, but you have to be careful with that program.

Thoughtbot360
2007-08-04, 11:04 PM
Well, I finally got the pop-ups to stop piling up (but not stop completely, more on that later.) Here's where my computer stands:

1) Its safe to leave my DSL on. (it normally is but in the last few days I got 5 pop-ups for just turning the damn thing on)

2) I still haven't stopped pop-ups completely and if I leave the computer afk for ten minutes, I will suddenly hear a video pop up playing.

3) the worst for last, every so often Mozilla firefox will "phase out." The window will go from dark blue to light blue, and be unusable (its stopped me typing over five times just writting this comment.....make that SIX time!:smallfurious: ) but it does that for a second before working again. I've increased the pop-up blocking settings for Mozilla and Internet Explorer (which is what the pop-ups use) but I don't think it should "block" a pop-up like this.

Thanks for all of your help, Its much better now but anyway to deal with this strange behavor detailed into note #3?

Oh yes, and I got Spybot to work. I hit the enter key repeatedly and "beat the clock." I couldn't find that Spybot downloader you mentioned, rawhide.

Rawhide
2007-08-04, 11:29 PM
Are you running a firewall? You should be using a firewall such as Windows XP's inbuilt firewall or ZoneAlarm.

ZoneAlarm Free: http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en


For Spybot, go here:
http://www.safer-networking.org/en/download/index.html
Those hosted by Safer-Networking will download directly

You will need to download:
Spybot - Search & Destroy
Detection updates
Tools update
Advanced check library update
TCP/IP Plugin

Thoughtbot360
2007-08-05, 12:05 PM
Are you running a firewall? You should be using a firewall such as Windows XP's inbuilt firewall or ZoneAlarm.

ZoneAlarm Free: http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en


For Spybot, go here:
http://www.safer-networking.org/en/download/index.html
Those hosted by Safer-Networking will download directly

You will need to download:
Spybot - Search & Destroy
Detection updates
Tools update
Advanced check library update
TCP/IP Plugin

Well, once that firewall got up, everything started running smoothly. I would like to thank the academy, Rawhide, and everyone else who offered help on this thread and furthermore *music starts playing him off* ........