you gotta be really quick if you wanna stop it and then delete it. These buggers restart nearly instantaneously. fractions of a second. Once I got nailed with a trojan or two that opened the floodgates of adware dewm. I ran adaware constantly and each time it found more and more. It never found the hive queen trojan, the key to it all. eventually the beast hunted down adaware and lock it up during the quarantine stages. Every. single. time. It had broken through my nubish non-exsistant defenses. I thought I was a smart web surfer. I guess not. With the last dying clock cycles of my pc I initiated my own dewmsday device. A beauty I like to call format and reinstall windows. Not even the strongest adware beasts of the underworld and the undernet can survive formatting and reinstalling the OS.
Yeah, next time this happens (if every) it pays to have a virus scanner / spyware scanner on hand. First thing u usually want to do. Disconnect, either through lockdown or otherwise, this stops the flow of new infectious material. Step 2, reboot into safe mode. Safe mode only starts windows processes, nothing fancy, nothing virus related.
Run your scanners from in there. After all you can do is done, reboot.
Make sure your system isnt showing new viruses or programs as before, run for a little bit and make sure nothing is installing itself.
Then you can connect to the internet again.
Or u can just open C:\windows\ and thats where regedit.exe is....
But whatever, regedit is kinda complex to use, if you have another comp, download regcleaner and run it, it will categorize registry entries by install date and allow you access to all startup entries, while keeping backups just in case.
If you turn your compy back on after cleaning and it still shows signs of infection, go back into safe mode, repeat, and clear all internet and other temporary files. Often a virus will show itself from a temporary file or sometimes something tagged for the recycler.
Safe mode? Restart PC, and spam F8 button (I THINK it's F8) and it should eventually give you the option to boot into Safe mode.
Best option evar though <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo--> I had a few things I couldn't delete with my method so I had to use Safe mode. I also used it for changing privileges before, but now this computer is MEIN!
Im going to spam the f8 key and my computer will explode, where afterwards my XP CD will look at me, frown, shake his head in dissappointment, turn and then walk away.
Can you use the command prompt to delete files that are in use? I've had files (not virus related) that froze explorer.exe when I tried to right-click on them, and I was able to delete them using the command prompt.
If you want to try it, just say so and I can post some detailed instructions on how to navigate and delete files.
I got a similar Macro Virus (one that installs many different worms and trojans at startup), too. My AVGuard from today finally picked up the mother file (the ones from yesterday didn´t, so that thing must be fairly new. Those only cought the siblings, so there wasn´t any damage.
- WINKEY+R - "regedit" - click 'my computer' or whatever in regedit - CTRL-F - type in whatever you know of the toolbar, best two things are the name of the toolbar itself and the company that made it - delete any keys you are sure of that belong to the toolbar - F3, repeat last step & this 1 until it finishes searching
regedit. Tracked down the files and deleted them. However some of the files could not be deleted and instead had their value changed to "file data unknown" or .. "value unknown" .. or something to that extent, losing their name and their path.. but I can only assume thats good?
Safemode and reboot, however not under administrator. I gotta do that now, because when I did it under my screenname the program started itself up ASAP.
Is there *no way* I can just directally override the fact that the programs being used? I dont really *care* that it is, just let me delete it...!
I hear a lot of talk about adware/malware, when back at the beginning, Haze pointed out he didnt have any Anti-Virus software. So, without further ado, download <a href='http://free.grisoft.com/freeweb.php' target='_blank'>Grisoft AVG Free Edition</a>. Its a free Anti-Virus program, and whether your current problem is virus related or not, you need protection.
Oh, and some of you suggested hunting down unknown folders/registry keys and deleting them - Do you realize just how bad you can screw up your computer doing this? Rampantly straight deleting tends to lead to a ton of faulty registry entries, which, even if it doesnt kill your computer immediately, tends to seriously hamper it in the long run. Whenever possible, uninstall, rather than straight delete, to avoid ripping huge holes in your system.
Seriously, guys, I would have expected better advice out of you
<!--QuoteBegin-Haze+Jun 8 2005, 08:28 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Haze @ Jun 8 2005, 08:28 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Firefox = Condom for when I screw my self with the internet...
Changed it to my default browser as of now. Starting up in safe mode... *crosses fingers* then I'll come back and download tons of anti virus. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> A condom is pretty useless after you get the girl pregnant.
<!--QuoteBegin-Thansal+Jun 8 2005, 12:05 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Thansal @ Jun 8 2005, 12:05 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I would realy suggest downloading and installing MS antispyware.
that schould actualy recognize the problems instantly and disable them (it can do alot of the fancy back door stuff you are not comftrable with) <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> I second this notion.
Not to mention the fact that MS Anti-Spyware will tell you if something is trying to do anything allowing you to stop it before it even starts.
<!--QuoteBegin-Comprox+Jun 8 2005, 07:02 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Comprox @ Jun 8 2005, 07:02 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Ok, this is a bit of mess here, so I'll do it step by step.
1. Make sure you have adaware downloaded and fully updated.
2. Reboot and like you said, spam the F8 key until the boot menu comes up. Choose safe mofe (no networking or anything).
Running the AVG thing. Finding 28 infected objects so far, the same, damn, ones. Whats the one that disables the program then deletes it? Tell me.. I must have it.
<!--QuoteBegin-AlienCow+Jun 8 2005, 08:42 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (AlienCow @ Jun 8 2005, 08:42 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-Comprox+Jun 8 2005, 07:02 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Comprox @ Jun 8 2005, 07:02 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Ok, this is a bit of mess here, so I'll do it step by step.
1. Make sure you have adaware downloaded and fully updated.
2. Reboot and like you said, spam the F8 key until the boot menu comes up. Choose safe mofe (no networking or anything).
3. Log into any adminstrator account.
4. Run adaware and pray.
5. Reboot
6.Use explorer not firefox.
<!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo--> <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> QFT. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> Quoted for Quoteh4x! <!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> 6. Install and use firefox.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Anyway, if things have gotten this far, theres a good chance that even after you get everything cleaned up (assuming you manage that) your system may still be seriously screwed up. In other words, even if you win, you may still need to format and re-install. So, I suggest you get to backing up your valuables. Hey, Windows installs only last so long anyway.
<!--QuoteBegin-Haze+Jun 8 2005, 08:50 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Haze @ Jun 8 2005, 08:50 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Running the AVG thing. Finding 28 infected objects so far, the same, damn, ones. Whats the one that disables the program then deletes it? Tell me.. I must have it. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> <a href='http://www.microsoft.com/athome/security/spyware/software/default.mspx' target='_blank'>Microsoft Windows AntiSpyware (Beta)</a> There ya go. And please, tell us what viral infections you come up with, as its possible that AVG wont be able to fully clean things up. Thats what specific viral repair kits are for.
It's actually all my fault to start with <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
So everyone, commence the e-beatings! (In the form of PMs, duh <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo--> )
Comments
Step 2, reboot into safe mode. Safe mode only starts windows processes, nothing fancy, nothing virus related.
Run your scanners from in there. After all you can do is done, reboot.
Make sure your system isnt showing new viruses or programs as before, run for a little bit and make sure nothing is installing itself.
Then you can connect to the internet again.
Or u can just open C:\windows\ and thats where regedit.exe is....
But whatever, regedit is kinda complex to use, if you have another comp, download regcleaner and run it, it will categorize registry entries by install date and allow you access to all startup entries, while keeping backups just in case.
If you turn your compy back on after cleaning and it still shows signs of infection, go back into safe mode, repeat, and clear all internet and other temporary files. Often a virus will show itself from a temporary file or sometimes something tagged for the recycler.
You'll have to navigate there manually btw.
Best option evar though <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
I had a few things I couldn't delete with my method so I had to use Safe mode.
I also used it for changing privileges before, but now this computer is MEIN!
Keep a camera with you, and if u get a pic of it im sure the NS community can gather enough cash to just buy u a new HDD and XP cd.
<!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo-->
If you want to try it, just say so and I can post some detailed instructions on how to navigate and delete files.
1. Make sure you have adaware downloaded and fully updated.
2. Reboot and like you said, spam the F8 key until the boot menu comes up. Choose safe mofe (no networking or anything).
3. Log into any adminstrator account.
4. Run adaware and pray.
5. Reboot
6. Install and use firefox.
<!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo-->
Try the newest AVGuard version!
- WINKEY+R
- "regedit"
- click 'my computer' or whatever in regedit
- CTRL-F
- type in whatever you know of the toolbar, best two things are the name of the toolbar itself and the company that made it
- delete any keys you are sure of that belong to the toolbar
- F3, repeat last step & this 1 until it finishes searching
Works 99% of the time.
that schould actualy recognize the problems instantly and disable them (it can do alot of the fancy back door stuff you are not comftrable with)
Tried running ad-aware and spybot - search and destroy.
Abra:
<a href='http://www.acesoft.net/lop.com.htm' target='_blank'>http://www.acesoft.net/lop.com.htm</a>
It's just steam that keeps booting Iexplorer when i join a server.
Alright. This is what I've done so far.
regedit. Tracked down the files and deleted them. However some of the files could not be deleted and instead had their value changed to "file data unknown" or .. "value unknown" .. or something to that extent, losing their name and their path.. but I can only assume thats good?
Safemode and reboot, however not under administrator. I gotta do that now, because when I did it under my screenname the program started itself up ASAP.
Is there *no way* I can just directally override the fact that the programs being used? I dont really *care* that it is, just let me delete it...!
Changed it to my default browser as of now. Starting up in safe mode... *crosses fingers* then I'll come back and download tons of anti virus.
Seriously, guys, I would have expected better advice out of you
Changed it to my default browser as of now. Starting up in safe mode... *crosses fingers* then I'll come back and download tons of anti virus. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
A condom is pretty useless after you get the girl pregnant.
that schould actualy recognize the problems instantly and disable them (it can do alot of the fancy back door stuff you are not comftrable with) <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
I second this notion.
Not to mention the fact that MS Anti-Spyware will tell you if something is trying to do anything allowing you to stop it before it even starts.
1. Make sure you have adaware downloaded and fully updated.
2. Reboot and like you said, spam the F8 key until the boot menu comes up. Choose safe mofe (no networking or anything).
3. Log into any adminstrator account.
4. Run adaware and pray.
5. Reboot
6.Use explorer not firefox.
<!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo--> <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
QFT.
1. Make sure you have adaware downloaded and fully updated.
2. Reboot and like you said, spam the F8 key until the boot menu comes up. Choose safe mofe (no networking or anything).
3. Log into any adminstrator account.
4. Run adaware and pray.
5. Reboot
6.Use explorer not firefox.
<!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo--> <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
QFT. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Quoted for Quoteh4x!
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
6. Install and use firefox.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Anyway, if things have gotten this far, theres a good chance that even after you get everything cleaned up (assuming you manage that) your system may still be seriously screwed up. In other words, even if you win, you may still need to format and re-install. So, I suggest you get to backing up your valuables. Hey, Windows installs only last so long anyway.
<a href='http://www.microsoft.com/athome/security/spyware/software/default.mspx' target='_blank'>Microsoft Windows AntiSpyware (Beta)</a>
There ya go. And please, tell us what viral infections you come up with, as its possible that AVG wont be able to fully clean things up. Thats what specific viral repair kits are for.
So everyone, commence the e-beatings! (In the form of PMs, duh <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo--> )