Since the end of last week my computer has been acting like it has a virus. It started with error messages about my anti-virus software not being able to update. When I tried to go to the AV site it would tell me that my network connection was down. I could not go to any AV sites (AVG, Symantec, Lavasoft, etc...) all of them came back with errors. I could get to other sites like Google and ESPN but not AV sites. When I ran my anti virus software it came back with nothing found. But it usually finds cookies and small things so I knew something was up. So I booted my computer in safe mode and ran the Microsoft Malicious Software Removal Tool and it found 3 major threats, then I ran AVG and it found some more. Then I ran Ad Aware and cleaned up all my temp files. I brought my computer back up to regular mode and I can now get to the AV sites and my AV software can update but I get these random alerts from my AV software saying that different Trojans are being found. One of the ones that came up talked about a Trojan Horse Downloader.Generic.7.BDNN The process name it had listed was C:/windows/system32/svchost.exe. I ran HJT and will post the log in the next message, can someone help me?
I think my computer could have a virus
- Thread starter sjoseph
- Start date
- Status
almcneil
Posts: 1,236 +1
There's one very good, excuse, OUTSTANDING, anti-spyware utility you haven't tried yet: Spybot Search & Destroy. I recommend my customers use 3 anti-spyware utilities to stay on top of Spyware and you have run 2 of them: AVG and Ad-Aware 2008. You need a thrid and it's Spybot. Although Spybot finds the least spyware, it targets the NASTY spyware, the kind that's trying to change something on your computer and instead, messes it up. Spybot is the best at detecting adn removing this type of spyware.
You can download Spybot here
Repost if you still are experiencing problems.
You can download Spybot here
Repost if you still are experiencing problems.
Try These
-Spybot Search and Destroy
http://www.safer-networking.org/
-Anti-Malware AND RogueRemover Free
http://www.malwarebytes.org/
I WILL POST MORE LATER ON TODAY! CHECK BACK AFTER or AROUND 9pm EST!
-Spybot Search and Destroy
http://www.safer-networking.org/
-Anti-Malware AND RogueRemover Free
http://www.malwarebytes.org/
I WILL POST MORE LATER ON TODAY! CHECK BACK AFTER or AROUND 9pm EST!
I have used Spybot Search and Destroy before and every time I have run it in the past it removed something that caused another program to stop working. But since I have tried so many things and it is still on there I will try this tool as well. I am very good at keeping my AV software up to date and running it on a regular basis but somehow this one got through my defenses. I will let you know if Spybot gets rid of it. Thanks.
I would recommend using Malwarebyte's Antimalware as well. I've ran this freeware virus/spyware scanner on machines that were completely infested and it has cleaned everything out perfectly.
Anti-Malware AND RogueRemover Free
http://www.malwarebytes.org/
Anti-Malware AND RogueRemover Free
http://www.malwarebytes.org/
USE ANY OR ALL OF THESE I HAVE ALL OF THESE BECAUSE EACH ONE HAS A DIFFERENT FEATURE JUST DISABLE ALL OF THE AUTO START/REAL TIME PROTECTIONS FEATURES TO SAVE RAM/MEMORY
----------------------------------------------------------------------------
>>Virus Protection<<
-Spyware Blaster (immunizations)
http://www.javacoolsoftware.com/
-Spybot Search and Destroy (scanner, immunizations, autorun viewer)
http://www.safer-networking.org/
-Anti-Malware (all around good anti-malware)
http://www.malwarebytes.org/
-RougeRemover Free (fake virus, trojan remover)
http://www.malwarebytes.org/
-Spyware Terminator (scanner, immunizations)
http://www.spywareterminator.com/
-SUPERAntiSpyware (scanner)
http://www.fileresearchcenter.com/
-WinPatrol (autoruns, ***scans/display hidden files feature and can remove the some rootkits from the file that hide it***, many other features )
www.winpatrol.com
>>Maintenance<<
-CCleaner (cleans temp files regulatory, autorun viewer)
http://www.ccleaner.com/
-Filehippo.com FREE Update Checker (use this to update all software on your computer download the "FileHippo.com Update Checker")
www.filehippo.com
>>Hosts file<<
***For information on the "hosts file" go to: http://en.wikipedia.org/wiki/Host_file it will give you the information needed to understand a Hosts file for the three programs below***
-HOSTSMAN (get this to block a lot of bad sites, domains, and etc with hosts file)
http://www.abelhadigital.com/
***Here are some extra update sources after you become familiar with the program***
***Right click and copy shortcut and past in "manage update sources" under the "tools" menu***
http://www.hosts-file.net/download/hphosts.zip
http://hostsfile.mine.nu/Hosts.zip
http://www.grc.com/sn/hosts_mvps_org.txt
http://members.dialmaine.com/drdole/Apps/SCoooBYsHosts.zip
http://pgl.yoyo.org/adservers/serverlist.php?showintro=0;hostformat=hosts
-Advance hosts manager (very good advance hosts manager with good updates, can also use the update sources above)
http://bluetack.co.uk/download/hosts20setup.exe
-Hosts Switch (turn on/off the hosts file only supports the Hosts Manager from B.I.S.S. -> http://wwwbluetack.co.uk )
http://bluetack.co.uk/download/switch13setup.exe
>>Advanced<<
***below are some last resort virus removal - these can be very dangerous if you delete the wrong items***
-Unlocker 1.8.* (force a delete on some file by unlocking it from the running process)
http://ccollomb.free.fr/unlocker/
-Hijack This
http://www.merijn.org
-GOOGLE SEARCH "SysInternals AutoRuns" download this program from Microsoft TechNet and run this to check system autoruns.
-Also from the same Microsoft Technet get the "Rootkit Revealer" also by SysInternals
-If all else fails for file deletion try a program called Combo-Fix or ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------------------------------------
>>Virus Protection<<
-Spyware Blaster (immunizations)
http://www.javacoolsoftware.com/
-Spybot Search and Destroy (scanner, immunizations, autorun viewer)
http://www.safer-networking.org/
-Anti-Malware (all around good anti-malware)
http://www.malwarebytes.org/
-RougeRemover Free (fake virus, trojan remover)
http://www.malwarebytes.org/
-Spyware Terminator (scanner, immunizations)
http://www.spywareterminator.com/
-SUPERAntiSpyware (scanner)
http://www.fileresearchcenter.com/
-WinPatrol (autoruns, ***scans/display hidden files feature and can remove the some rootkits from the file that hide it***, many other features )
www.winpatrol.com
>>Maintenance<<
-CCleaner (cleans temp files regulatory, autorun viewer)
http://www.ccleaner.com/
-Filehippo.com FREE Update Checker (use this to update all software on your computer download the "FileHippo.com Update Checker")
www.filehippo.com
>>Hosts file<<
***For information on the "hosts file" go to: http://en.wikipedia.org/wiki/Host_file it will give you the information needed to understand a Hosts file for the three programs below***
-HOSTSMAN (get this to block a lot of bad sites, domains, and etc with hosts file)
http://www.abelhadigital.com/
***Here are some extra update sources after you become familiar with the program***
***Right click and copy shortcut and past in "manage update sources" under the "tools" menu***
http://www.hosts-file.net/download/hphosts.zip
http://hostsfile.mine.nu/Hosts.zip
http://www.grc.com/sn/hosts_mvps_org.txt
http://members.dialmaine.com/drdole/Apps/SCoooBYsHosts.zip
http://pgl.yoyo.org/adservers/serverlist.php?showintro=0;hostformat=hosts
-Advance hosts manager (very good advance hosts manager with good updates, can also use the update sources above)
http://bluetack.co.uk/download/hosts20setup.exe
-Hosts Switch (turn on/off the hosts file only supports the Hosts Manager from B.I.S.S. -> http://wwwbluetack.co.uk )
http://bluetack.co.uk/download/switch13setup.exe
>>Advanced<<
***below are some last resort virus removal - these can be very dangerous if you delete the wrong items***
-Unlocker 1.8.* (force a delete on some file by unlocking it from the running process)
http://ccollomb.free.fr/unlocker/
-Hijack This
http://www.merijn.org
-GOOGLE SEARCH "SysInternals AutoRuns" download this program from Microsoft TechNet and run this to check system autoruns.
-Also from the same Microsoft Technet get the "Rootkit Revealer" also by SysInternals
-If all else fails for file deletion try a program called Combo-Fix or ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
OK, I have run SpyBot which found more problems and I fixed them. Then I ran the Malwarebytes which found 11 infected files which it fixed. I am rerunning AVG to see if it finds anything. I am running all of these in safe mode because SpyBot couldn't remove somethings while the computer was running normally. I will let you know how it goes.
Thanks
Thanks
Have a look at:
Viruses/Spyware/Malware Preliminary Removal Instructions
This is the proceedure that TechSpot has confirmed works
All support should quote this proceedure first before all other utilities
@Auguss please remove your capitals in your posts
If you are just copying and pasting, you are best to provide the link only
Otherwise this thread by sjoseph may get too long.
We are helping the member, not providing stacks of program links ?!
Viruses/Spyware/Malware Preliminary Removal Instructions
This is the proceedure that TechSpot has confirmed works
All support should quote this proceedure first before all other utilities
@Auguss please remove your capitals in your posts
If you are just copying and pasting, you are best to provide the link only
Otherwise this thread by sjoseph may get too long.
We are helping the member, not providing stacks of program links ?!
Unless you know how to personally/manually know how to remove the virus or want to explain step by step you have to point the person to a program that can help or do the job and maintain a good working order computer. I made this list from scratch and added short descriptions to help the user. I removed the caps and deleted empty space as requested you made a valid point.
I ran SpyBot and the Malware software and when I restarted my computer the AVG Resident Shield came up with an alert that a virus was found in Win32/Cryptor. Every time I reboot my computer Resident Shield tells me that it has found a virus in a different file (last time it found a Trojan Horse called Downloader.Generic.7.BDNN, which when I Googled this file I found nothing). Which makes me believe that the virus is just giving itself generic names so that I can't find out what it is. It seems like the virus is hanging out in my System Volume Information folder because that is the location of the file name that was opened when the alert was triggered. But what it finds each time differs. Has anyone seen anything like this? I am about to just give up and restore my computer back to the factor defaults.
BTW my name is Susan and I really do appreciate everyone's help with this.
BTW my name is Susan and I really do appreciate everyone's help with this.
Wow sounds like a pretty good one. dont know im going to have to let one of the better people help you with that one. im not going to give you some bad info on it. i just hope every time the virus scanner removes it. use all your options that you can possibly think of start downloading trials from higher credible websites AVG, Bitdefender, Avast (most of the time good). Avira, try some of them, install the trials update and then if it finds something remove it and then uninstall to save yourself hte space on you HDD.
MOST of the virus scanner WILL have a conflict with other virus scanner for kernel resources. just install one at a time. not every anti virus has the same definitions as it competitor,
you could also try Spyware Doctor Pretty good anti-spyware and Adaware Free edition pretty good anti-adware
MOST of the virus scanner WILL have a conflict with other virus scanner for kernel resources. just install one at a time. not every anti virus has the same definitions as it competitor,
you could also try Spyware Doctor Pretty good anti-spyware and Adaware Free edition pretty good anti-adware
The System Volume folder is where Windows stores it's system restore information. This is a common place where virus re-infection will take place.
You can try to disable System Restore, reboot, and scan using all the utilities again.
On XP - Right-click on my computer, choose properties. Look for a tab that is called System restore. Click the check box to turn off system restore on all drives. Click OK. Your computer will lag for a moment while it deletes the information.
Just make absolutely sure you turn it on afterwards again!
You can try to disable System Restore, reboot, and scan using all the utilities again.
On XP - Right-click on my computer, choose properties. Look for a tab that is called System restore. Click the check box to turn off system restore on all drives. Click OK. Your computer will lag for a moment while it deletes the information.
Just make absolutely sure you turn it on afterwards again!
OK, it looks like I may have gotten the little bugger. I ran all of the tools that were suggested on the 8-Step Viruses/Spyware/Malware Removal instructions. I rebooted my computer last night and I haven't gotten the alert from my AVG that I usually see about a virus being found. I kept my computer up today hoping that if anything tried to reattach itself my AVG would alert me like it has been in the past. But I am hoping that I finally was able to remove it. Not sure which piece of software finally got it but I really appreciate all the help.
Thanks,
Susan
Thanks,
Susan
Probably Malwarebytes got it
But I'm not concerned
If you're happy, then that's that
Thanks for the update :grinthumb
You should really have a look at normal Virus\Spyware removal threads like this recent one, on what was suppose to happen https://www.techspot.com/vb/showthread.php?p=679084
Without doing these individualized steps, it's likely you'll be back anyway.
But I'm not concerned
If you're happy, then that's that
Thanks for the update :grinthumb
You should really have a look at normal Virus\Spyware removal threads like this recent one, on what was suppose to happen https://www.techspot.com/vb/showthread.php?p=679084
Without doing these individualized steps, it's likely you'll be back anyway.
LuckytoHaveYOU
Posts: 14 +0
I would like to follow up to this helpful and informative thread by firstly, thanking sjoseph (Thanks Susan!) for your hard efforts and well documented progress. This thread was the first thing that popped up on Google for me and I would have had a much harder time figuring out my own problem if not for everyone's help (or simply figuring out where to start for that matter!)
The main reason that I am writing this response though is to warn whoever else that might be reading this about another, much worse malware program or virus that I currently have on my computer. This virus is quite a bugger.
So it turns out that the virus I have generates a fake Microsoft security icon next to all of my other active running program icons in the bottom right-hand corner of my screen that indicating that my computer may be at risk. When I clicked on it an almost identical "Microsoft" firewall security page comes up with all of the firewall settings and security features (some of which are defaulted to "security off" to make me think windows is not covering my security needs properly) and refers me to a third party paying service that claims it will get rid my computer of any viruses.
Let me tell you one thing at this point, I am twenty hours deep in figuring out the process to get this wretched virus off my computer. I have used the 8-step viruses/spyware/malware preliminary removal instructions and although some infections were erased, the final result was that my computer was still cursed with this "thing" infecting my computer.
Some of my other symptoms of this mystery virus include: firefox starting up very slowly and taking longer to refresh information, iTunes taking a lot longer to do everything, ***Any/ALL spyware, firewall, and malware programs not being able to update their databases (including a freshly installed norton anti-virus)!****, system restore will NOT work, and neither will windows updates. Oh, and did I forget to mention that my windows "turn off system restore" is "disabled by group policy"?
At this point in time I am almost certain that all my bank accounts, passwords, credit cards, and other accounts have been compromised. I will be reprogramming all my accounts after this is fixed.
Anyways, to try fixing the problem, I referred to post #21 by herr5407 and tried to turn off system restore, but since this feature/option was disabled by the virus, I had to find out another route. I Googled my problem and I got some instructions from a website to go in manually through Start<Run<"regedit.exe"<(navigate /scroll mouse to)=HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore<then delete DisableConfig and DisableSR in the right hand screen.
Now that my system restore is turned off, I will not reboot and attempt to rescan my computer with some of the programs from the 8-step viruses/spyware/malware preliminary removal instructions. I will try to get back when and if I fix this issue. Hopefully I will see you guys soon!
The main reason that I am writing this response though is to warn whoever else that might be reading this about another, much worse malware program or virus that I currently have on my computer. This virus is quite a bugger.
So it turns out that the virus I have generates a fake Microsoft security icon next to all of my other active running program icons in the bottom right-hand corner of my screen that indicating that my computer may be at risk. When I clicked on it an almost identical "Microsoft" firewall security page comes up with all of the firewall settings and security features (some of which are defaulted to "security off" to make me think windows is not covering my security needs properly) and refers me to a third party paying service that claims it will get rid my computer of any viruses.
Let me tell you one thing at this point, I am twenty hours deep in figuring out the process to get this wretched virus off my computer. I have used the 8-step viruses/spyware/malware preliminary removal instructions and although some infections were erased, the final result was that my computer was still cursed with this "thing" infecting my computer.
Some of my other symptoms of this mystery virus include: firefox starting up very slowly and taking longer to refresh information, iTunes taking a lot longer to do everything, ***Any/ALL spyware, firewall, and malware programs not being able to update their databases (including a freshly installed norton anti-virus)!****, system restore will NOT work, and neither will windows updates. Oh, and did I forget to mention that my windows "turn off system restore" is "disabled by group policy"?
At this point in time I am almost certain that all my bank accounts, passwords, credit cards, and other accounts have been compromised. I will be reprogramming all my accounts after this is fixed.
Anyways, to try fixing the problem, I referred to post #21 by herr5407 and tried to turn off system restore, but since this feature/option was disabled by the virus, I had to find out another route. I Googled my problem and I got some instructions from a website to go in manually through Start<Run<"regedit.exe"<(navigate /scroll mouse to)=HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore<then delete DisableConfig and DisableSR in the right hand screen.
Now that my system restore is turned off, I will not reboot and attempt to rescan my computer with some of the programs from the 8-step viruses/spyware/malware preliminary removal instructions. I will try to get back when and if I fix this issue. Hopefully I will see you guys soon!
- Download Smitfraudfix by S!ri from HERE
- Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
- Double-click SmitfraudFix.exe
- Select 2 and hit Enter to delete infected files.
- You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
- A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
Afterwards attach rapport.txt and a fresh Hijackthis log
But instead of replying here, you will need to create a New Thread just for you
You can learn how to create a new thread by clicking here: How to post a New Thread
- Status
