A virus disabled my computer in about 5 minutes

By Zerothma
Oct 23, 2008
Topic Status:
Not open for further replies.
  1. The Story: (there is a shorter version below if you want to skip to that)

    I received some good reviews for a game in a gaming forum that was going a bit off topic. I went to go and download the game (Can't remember the name of it). The website I went to said "100% Spywear free" so I downloaded it. It downloaded really fast, so I thought maybe something was wrong when I went to run the program. My Norton box popped up and said it blocked an attacker. "Good" I thought. I went to delete the stupid "game" and when I clicked on it I selected delete, then a box appeared. I needed administrator rights, which I have. "CRAP" I thought, "this cannot be good." I clicked "OK" on the administrator rights box, and the program was gone. Not deleted, but gone. Norton persisted with telling me everything is ok, that box kept saying that attackers were blocked. Everything was fine for a few minutes, so I did some homework.
    Suddenly my "start bar" at the bottom of my screen disappeared. Norton blocked, it reappeared. This happened maybe 4 or 5 times. I was annoyed but optimistic, so I got my Norton to start scanning. Then my paper I was writing disappeared without asking me if I wanted to save. I noticed the desktop icons were missing. This means that I was staring at a blank screen except for Norton. So I did the obvious-Ctrl-Alt-Delete, but the task manager was suddenly disabled and it gave me some box saying administrator, or something to that effect.
    I used Norton to my advantage. I used it to talk to a technician for a few hours... He basically said "Give me $100 no guarentee I'll fix your computer." I tried to scan my whole computer. Before my computer was shut down by my unknowing brother, I had scanned something like 1,600,000 files with 22 viruses. I wrote down the name of the ONE AND ONLY VIRUS that showed on the list and could not be controlled, and another that appeared first of all the others (since Norton scans commonly infected files first). I found Backdoor.Tidserv (all I needed to do was reboot said Norton) and Hacktool.Rootkit which Norton couldn't deal with. The technician strained, "You are screwed without giving me $100". "No way, I said. I have a 300GB external hard drive and Norton Ghost. Also, my computer sucks, I could buy a better one for $400."
    Later, me and my family went over what we wanted to keep with Norton Ghost. We got most of it I think. But I'd much rather just keep my computer and my money. So I need help. If someone could start me off so we can work through this, I'd be great full. I'm not so computer savvy so use small words (figure of speech) so I can understand.

    The Extremely Short Version

    -Cannot use Task Manager
    -Desktop Icons are missing
    -Start bar is completely gone
    -Most windows that are opened get closed within 3 seconds (Except Norton and the internet)
    -Use Newbie step by step terms to help me.
    -Known problems: Hacktool.Rootkit & Backdoor.Tidserv

    I'll tell you more details if/when you ask. Please help, I have an online college course and so does my brother. We need a computer and fast!

    Oh, and I should note that I am at a library right now, but while I am here I got some stuff on my flashdrive. I got sysclean and aproposfix.exe I'll try those later tonight if that is even possible at this point.
  2. jnjgoss

    jnjgoss Newcomer, in training Posts: 16

    Reboot in safemode and run virus scan

    Reboot your computer and press F8 before or at first screen and boot into safe mode and choose administrator and then run your virus scan and let it clean out this bad boy.
    Hope all goes well.
  3. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Update on My Computer...

    Well, things are a bit better. 3 of the 4 major problems have been eliminated, but my computer still is crapped up. Now I can see my start bar, desktop icons, and things don't close out immediately. I still cannot access many things because I "do not" have administrator rights, as well as run programs. I was, however, able to run Anti Spyware and HijackThis. I'll post the information for you. Please remember, I'm under the clock here.

    Thank you in advance.

    Attached Files:

  4. jnjgoss

    jnjgoss Newcomer, in training Posts: 16

    You need a good antivirus

    If you are trying to run online without a good updated antivirus then you will be in trouble quickly. Go to avast.com and download their free home addition and after it loads it will reboot and scan your computer before windows loads up. Move all the viruses to the chest if you can. Delete them if you can't. Once you reboot fully and windows loads up set your antivirus to high and set auto updates to automatic.
    Register it for free and get an activation code to give you full coverage from now on.
  5. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    What ?

    How do you know he doesn't have an AntiVirus

    Actually I'm pretty sure he does
  6. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    I have Norton 2007

    I could always use another Antivirus I suppose. Especially since this could get rid of more viruses.
  7. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You can only have one at a time

    Remove Norton and:

    Try Free Antivirus like Avast or Avira
  8. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Update on my computer:

    It seems to be doing much better now. I finally have administrator rights back. It seems I can do everything just fine. The next step is to connect to the internet I think. But I need to know, is it safe to do that? I'll post my updated HJT. I can stop all cookies too. Just tell me how it can be safe for me to reconnect please.

    (Just as a side note, Avast found a virus in Symantec's folder.)
  9. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Can someone please review my HJT?

    Posted ^^^ I need to get my computer fixed soon, and the only thing I can't do is go online. Can someone help me out here? I can't go online because it might be unsafe if I have a virus that brings more viruses when I plug in to the net.
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Please run the Norton Removal Tool: http://www.techspot.com/vb/topic100496.html#2
    You can also use this program: http://service1.symantec.com/SUPPOR...56ede00518d9d?OpenDocument&seg=ag&lg=en&ct=us

    Norton is still on your system and running

    I notice that you have Norton Ghost for Windows running :
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    Although Norton Ghost is excellent (actually I use it, but the Dos Bootup part only) it does not need to running with every startup. You can turn off un-needed startups with this tool: http://www.mlin.net/StartupCPL.shtml

    InetCntrl is related to Bsafe Online Internet Content Filter
    If you do not require this, please remove it
    This program also comes with PopupKil, which again is not needed

    'inetcntrl0007' may be required by BSafe Online Filter for your connection to function
    You may need to contact your ISP to confirm if you can remove it or not, if you can I have quoted the steps here:
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.


    CLEAR & RESET SYSTEM RESTORE'S CACHE
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    Please note: Due to sooo many Symantec (Norton) entries, it was difficult (it took time!) to read the entire log
  11. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Do you think it is safe for me to go back on the internet now?

    I got rid of Norton with that thing you gave me. I got Comodo and used it's scan. I found like 4 viruses and I'm not sure if Comodo could get rid of them. One was something like AdminCntrl and another was a rootkit. I have 3 firewalls up: Bsafe, Comodo, and.... I can't seem to remember the name of the other one. But if I do connect to the internet I can get Zone Alarm too.
  12. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You can only have

    1 Firewall
    1 Antivirus

    Otherwise you will receive issues online
  13. almcneil

    almcneil TechSpot Guru Posts: 1,554

    Agree and disagree with Kimsland.

    You only need one firewall and one anti-virus. Additional firewalls are redundant and you gain nothing by having more than one. For anti-virus, having more than one will slow your computer down and,r eally, most AV are very good or outstanding. it's anti-spyware that you need more than one because there are many different types of spyware.

    You can go back onto the Internet but stay away from high risk activities such as filesharing and illicit sites.

    Best,
    -- Andy
     
  14. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Alright, well. Thank you very much. IS there any one antivirus and firewall you suggest having up? I've probably already loaded them on my computer at this point. Then what should I do with the rest of them? Just uninstall them? I have them on my flashdrive if I ever need them again.
  15. almcneil

    almcneil TechSpot Guru Posts: 1,554

    My business serves the home market, so for msot I recommend AVG. It's free and does a good job. If it's someone who runs a home business that uses the Internet or someone whose heavy into the Internet, then I recommend a paid anti-virus. Kaspersky or NOD32 are excellent. As for firewalls, well, most home users have routers which usually have a hardware firewall included.

    -- Andy
  16. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes I have suggested these Antivirus softwares already
    Avira being the better of the two
  17. tw0rld

    tw0rld TechSpot Maniac Posts: 609   +6

    Enable Task manager
    Copy and paste the following in Notepad and save as TskMgr.reg.

    Double click the reg file and click yes.

    _______________________________________________________

    Retraction


    You seem to have already fixed this problem. Please ignore if yes.
  18. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Game Over

    Well, I have truly screwed up this time. Let me just give you the summary. I did most of the scans on my user, not the administrator, so only my user was virus free (I don't really get it, but... that's how it was). I didn't feel like wasting another week+ just to clean off the rest of the computer and I still couldn't get on the internet. No matter what I tried I could not use the internet. My computer recognized the connection, My Xbox 360 could go on Live. My wifi was up and running, but my computer wouldn't let me do anything. So I gave up. I got my windows CD and decided to install windows. Well APPARENTLY there are CORRUPT files so I couldn't repair windows (wtf?). So I got my neighbors CD and installed windows. Now I have 30 days to register windows (as expected) but until I've registered I cannot log on (not expected, last time I did this I had the freedom to do whatever I wanted until 30 days was up. In this case I can do nothing until 30 days are up and then when time runs out I still can do nothing). So now I can do nothing. Screw you Microsoft.
  19. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  20. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Amazed!

    Thank you. I love how I get rewarded when I get angry. One question though, when I can no longer reset the activation trial, can I just reload windows and redo this whole process? If that is the case, all I have to do is use my (very portable) 300 GB external hard drive for everything.
  21. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Only my account is free of viruses, as far as I can tell, or truly harmful viruses I should say. Every other account on my computer says "Virus Alert!" in the corner. Should I rerun all my antivirus stuff on the administrator? I think that's the next step here. But I can't connect to the internet at all. My computer recognizes a connection but will not send/receive data. Should I contact my ISP? I think they may have blocked me out (but oddly not my wifi, just my computer) probably because I may have been sending viruses out to people against my will, or something to that effect.
  22. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Oh, yes if we were only working from your original account last week, and that was not an Administrator account; then yes you will need to start from the start of this thread

    Also I missed the last reply last week, relating to can you continue with activation over and over
    Only if you format, and re-install Windows clean ;)
    Which does not sound like a bad idea :)
  23. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Ok, well I did about half the work on safe mode administrator. I have administrator rights on my account but I suppose that doesn't count as far as the virus scanning goes. So what I'll do is scan on safe mode admin until all the users no longer say "Virus Alert!" and then contact my ISP. If my ISP can fix my internet problems I'll update my antivirus/spywear stuff, and from there I should be good to go. If I have any more problems, I'll get back to you. Thank you!
  24. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Also try this excellent tool, in Safe mode

    [​IMG] Run Smitfraudfix
    • Download Smitfraudfix by S!ri from HERE
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
  25. Zerothma

    Zerothma Newcomer, in training Topic Starter Posts: 23

    Here's my update:
    I've run just about everything I've been given this far. After running Avast a few days ago, I noticed there were some (all) infections Avast could not remove. I wrote down what they were and where they were and tracked them all down and deleted all but one (called dna.exe located in the hidden RECYCLE trash cans and the base of the C drive). Upon doing this, I visited the other users. Strangely, 4 out of 6 users resembled mine, seemingly virus free. Upon visiting my brother's and the visitor user, they still had early signs and symptoms of viruses. I ran a couple programs to fix my brother's user, now it is fine. How did my antivirus programs get 4 users and almost completely miss 2? Now I'm paranoid again.

    Also, I contacted my ISP and asked them why my internet was not working. Of course, they said the problem was on my end. They said something about the internet not working because I reinstalled Windows and now I need some sort of driver. I've dealt with drivers in the past, such as the dreaded sound driver, and graphic driver. I have no clue about internet drivers though. Any help here would be great.

    Finally, I have a mostly updated HJT. As of this point in time I know my computer still has viruses on the visitor. This HJT was taken before fixing my brother's user. So it may not be worth taking a look at.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.