I think my computer could have a virus

By sjoseph
Oct 27, 2008
Topic Status:
Not open for further replies.
  1. Since the end of last week my computer has been acting like it has a virus. It started with error messages about my anti-virus software not being able to update. When I tried to go to the AV site it would tell me that my network connection was down. I could not go to any AV sites (AVG, Symantec, Lavasoft, etc...) all of them came back with errors. I could get to other sites like Google and ESPN but not AV sites. When I ran my anti virus software it came back with nothing found. But it usually finds cookies and small things so I knew something was up. So I booted my computer in safe mode and ran the Microsoft Malicious Software Removal Tool and it found 3 major threats, then I ran AVG and it found some more. Then I ran Ad Aware and cleaned up all my temp files. I brought my computer back up to regular mode and I can now get to the AV sites and my AV software can update but I get these random alerts from my AV software saying that different Trojans are being found. One of the ones that came up talked about a Trojan Horse Downloader.Generic.7.BDNN The process name it had listed was C:/windows/system32/svchost.exe. I ran HJT and will post the log in the next message, can someone help me?
  2. sjoseph

    sjoseph Newcomer, in training Topic Starter

    I can't seem to post the HJT log file because the board software keeps saying I have a link attached and I can't post messages with links. I don't see a link in the file so I am not sure what it is complaining about can someone tell me how I can post the HJT log file?
  3. almcneil

    almcneil TechSpot Guru Posts: 1,554

    There's one very good, excuse, OUTSTANDING, anti-spyware utility you haven't tried yet: Spybot Search & Destroy. I recommend my customers use 3 anti-spyware utilities to stay on top of Spyware and you have run 2 of them: AVG and Ad-Aware 2008. You need a thrid and it's Spybot. Although Spybot finds the least spyware, it targets the NASTY spyware, the kind that's trying to change something on your computer and instead, messes it up. Spybot is the best at detecting adn removing this type of spyware.

    You can download Spybot here

    Repost if you still are experiencing problems.
  4. Auguss

    Auguss Newcomer, in training Posts: 16

  5. sjoseph

    sjoseph Newcomer, in training Topic Starter

    I have used Spybot Search and Destroy before and every time I have run it in the past it removed something that caused another program to stop working. But since I have tried so many things and it is still on there I will try this tool as well. I am very good at keeping my AV software up to date and running it on a regular basis but somehow this one got through my defenses. I will let you know if Spybot gets rid of it. Thanks.
  6. herr5407

    herr5407 Newcomer, in training Posts: 118

    I would recommend using Malwarebyte's Antimalware as well. I've ran this freeware virus/spyware scanner on machines that were completely infested and it has cleaned everything out perfectly.

    Anti-Malware AND RogueRemover Free
    http://www.malwarebytes.org/
  7. Auguss

    Auguss Newcomer, in training Posts: 16

    USE ANY OR ALL OF THESE I HAVE ALL OF THESE BECAUSE EACH ONE HAS A DIFFERENT FEATURE JUST DISABLE ALL OF THE AUTO START/REAL TIME PROTECTIONS FEATURES TO SAVE RAM/MEMORY
    ----------------------------------------------------------------------------
    >>Virus Protection<<
    -Spyware Blaster (immunizations)
    http://www.javacoolsoftware.com/
    -Spybot Search and Destroy (scanner, immunizations, autorun viewer)
    http://www.safer-networking.org/
    -Anti-Malware (all around good anti-malware)
    http://www.malwarebytes.org/
    -RougeRemover Free (fake virus, trojan remover)
    http://www.malwarebytes.org/
    -Spyware Terminator (scanner, immunizations)
    http://www.spywareterminator.com/
    -SUPERAntiSpyware (scanner)
    http://www.fileresearchcenter.com/
    -WinPatrol (autoruns, ***scans/display hidden files feature and can remove the some rootkits from the file that hide it***, many other features )
    www.winpatrol.com
    >>Maintenance<<
    -CCleaner (cleans temp files regulatory, autorun viewer)
    http://www.ccleaner.com/
    -Filehippo.com FREE Update Checker (use this to update all software on your computer download the "FileHippo.com Update Checker")
    www.filehippo.com
    >>Hosts file<<
    ***For information on the "hosts file" go to: http://en.wikipedia.org/wiki/Host_file it will give you the information needed to understand a Hosts file for the three programs below***
    -HOSTSMAN (get this to block a lot of bad sites, domains, and etc with hosts file)
    http://www.abelhadigital.com/
    ***Here are some extra update sources after you become familiar with the program***
    ***Right click and copy shortcut and past in "manage update sources" under the "tools" menu***
    http://www.hosts-file.net/download/hphosts.zip
    http://hostsfile.mine.nu/Hosts.zip
    http://www.grc.com/sn/hosts_mvps_org.txt
    http://members.dialmaine.com/drdole/Apps/SCoooBYsHosts.zip
    http://pgl.yoyo.org/adservers/serverlist.php?showintro=0;hostformat=hosts
    -Advance hosts manager (very good advance hosts manager with good updates, can also use the update sources above)
    http://bluetack.co.uk/download/hosts20setup.exe
    -Hosts Switch (turn on/off the hosts file only supports the Hosts Manager from B.I.S.S. -> http://wwwbluetack.co.uk )
    http://bluetack.co.uk/download/switch13setup.exe
    >>Advanced<<
    ***below are some last resort virus removal - these can be very dangerous if you delete the wrong items***
    -Unlocker 1.8.* (force a delete on some file by unlocking it from the running process)
    http://ccollomb.free.fr/unlocker/
    -Hijack This
    http://www.merijn.org
    -GOOGLE SEARCH "SysInternals AutoRuns" download this program from Microsoft TechNet and run this to check system autoruns.
    -Also from the same Microsoft Technet get the "Rootkit Revealer" also by SysInternals
    -If all else fails for file deletion try a program called Combo-Fix or ComboFix
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  8. sjoseph

    sjoseph Newcomer, in training Topic Starter

    OK, I have run SpyBot which found more problems and I fixed them. Then I ran the Malwarebytes which found 11 infected files which it fixed. I am rerunning AVG to see if it finds anything. I am running all of these in safe mode because SpyBot couldn't remove somethings while the computer was running normally. I will let you know how it goes.

    Thanks
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Have a look at:

    Viruses/Spyware/Malware Preliminary Removal Instructions

    This is the proceedure that TechSpot has confirmed works

    All support should quote this proceedure first before all other utilities

    @Auguss please remove your capitals in your posts
    If you are just copying and pasting, you are best to provide the link only
    Otherwise this thread by sjoseph may get too long.

    We are helping the member, not providing stacks of program links ?!
  10. Auguss

    Auguss Newcomer, in training Posts: 16

    Unless you know how to personally/manually know how to remove the virus or want to explain step by step you have to point the person to a program that can help or do the job and maintain a good working order computer. I made this list from scratch and added short descriptions to help the user. I removed the caps and deleted empty space as requested you made a valid point.
  11. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes I just did above

    But you pointing to all those programs, actually doesn't help
    Hey that's exactly what you said!
     
  12. Auguss

    Auguss Newcomer, in training Posts: 16

    What?

    Where?
  13. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    The huge list above :confused:

    Anyway don't worry
    I actually like your list
    And I have copied it plus kept you as the originator of it, if anyone asks I'll refer directly to your post :grinthumb
  14. sjoseph

    sjoseph Newcomer, in training Topic Starter

    Had power outages all day yesterday with the high winds here in the east so I haven't had a chance to try anything new, I will let you know how it goes tonight. I haven't rebooted since I ran SpyBot so I want to see if that may have gotten my issues.
  15. Auguss

    Auguss Newcomer, in training Posts: 16

    Malware Remover

    Try Malware Remover before you reboot.
  16. sjoseph

    sjoseph Newcomer, in training Topic Starter

    Actually I think I also did Malware Remover as well. I will have to see if it is on my computer but I think I ran both of these. Being off a day has a pain as I really wanted to see how it did. I will let you know if I see anything when I reboot.
  17. almcneil

    almcneil TechSpot Guru Posts: 1,554

    Let us know is any of the spyware symptoms have disappeared and what's left to be fixed.

    BTW, what's your name?

    Best,
    -- Andy
  18. momok

    momok Newcomer, in training Posts: 2,272

    Thread moved. Clearly a malware related issue.
     
  19. sjoseph

    sjoseph Newcomer, in training Topic Starter

    I ran SpyBot and the Malware software and when I restarted my computer the AVG Resident Shield came up with an alert that a virus was found in Win32/Cryptor. Every time I reboot my computer Resident Shield tells me that it has found a virus in a different file (last time it found a Trojan Horse called Downloader.Generic.7.BDNN, which when I Googled this file I found nothing). Which makes me believe that the virus is just giving itself generic names so that I can't find out what it is. It seems like the virus is hanging out in my System Volume Information folder because that is the location of the file name that was opened when the alert was triggered. But what it finds each time differs. Has anyone seen anything like this? I am about to just give up and restore my computer back to the factor defaults.

    BTW my name is Susan and I really do appreciate everyone's help with this.
  20. Auguss

    Auguss Newcomer, in training Posts: 16

    Wow sounds like a pretty good one. dont know im going to have to let one of the better people help you with that one. im not going to give you some bad info on it. i just hope every time the virus scanner removes it. use all your options that you can possibly think of start downloading trials from higher credible websites AVG, Bitdefender, Avast (most of the time good). Avira, try some of them, install the trials update and then if it finds something remove it and then uninstall to save yourself hte space on you HDD.

    MOST of the virus scanner WILL have a conflict with other virus scanner for kernel resources. just install one at a time. not every anti virus has the same definitions as it competitor,

    you could also try Spyware Doctor Pretty good anti-spyware and Adaware Free edition pretty good anti-adware
  21. herr5407

    herr5407 Newcomer, in training Posts: 118

    The System Volume folder is where Windows stores it's system restore information. This is a common place where virus re-infection will take place.

    You can try to disable System Restore, reboot, and scan using all the utilities again.

    On XP - Right-click on my computer, choose properties. Look for a tab that is called System restore. Click the check box to turn off system restore on all drives. Click OK. Your computer will lag for a moment while it deletes the information.

    Just make absolutely sure you turn it on afterwards again!
  22. sjoseph

    sjoseph Newcomer, in training Topic Starter

    OK, it looks like I may have gotten the little bugger. I ran all of the tools that were suggested on the 8-Step Viruses/Spyware/Malware Removal instructions. I rebooted my computer last night and I haven't gotten the alert from my AVG that I usually see about a virus being found. I kept my computer up today hoping that if anything tried to reattach itself my AVG would alert me like it has been in the past. But I am hoping that I finally was able to remove it. Not sure which piece of software finally got it but I really appreciate all the help.

    Thanks,
    Susan
  23. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Probably Malwarebytes got it

    But I'm not concerned

    If you're happy, then that's that

    Thanks for the update :grinthumb


    You should really have a look at normal Virus\Spyware removal threads like this recent one, on what was suppose to happen http://www.techspot.com/vb/showthread.php?p=679084
    Without doing these individualized steps, it's likely you'll be back anyway.
  24. LuckytoHaveYOU

    LuckytoHaveYOU Newcomer, in training

    I would like to follow up to this helpful and informative thread by firstly, thanking sjoseph (Thanks Susan!) for your hard efforts and well documented progress. This thread was the first thing that popped up on Google for me and I would have had a much harder time figuring out my own problem if not for everyone's help (or simply figuring out where to start for that matter!)

    The main reason that I am writing this response though is to warn whoever else that might be reading this about another, much worse malware program or virus that I currently have on my computer. This virus is quite a bugger.

    So it turns out that the virus I have generates a fake Microsoft security icon next to all of my other active running program icons in the bottom right-hand corner of my screen that indicating that my computer may be at risk. When I clicked on it an almost identical "Microsoft" firewall security page comes up with all of the firewall settings and security features (some of which are defaulted to "security off" to make me think windows is not covering my security needs properly) and refers me to a third party paying service that claims it will get rid my computer of any viruses.

    Let me tell you one thing at this point, I am twenty hours deep in figuring out the process to get this wretched virus off my computer. I have used the 8-step viruses/spyware/malware preliminary removal instructions and although some infections were erased, the final result was that my computer was still cursed with this "thing" infecting my computer.

    Some of my other symptoms of this mystery virus include: firefox starting up very slowly and taking longer to refresh information, iTunes taking a lot longer to do everything, ***Any/ALL spyware, firewall, and malware programs not being able to update their databases (including a freshly installed norton anti-virus)!****, system restore will NOT work, and neither will windows updates. Oh, and did I forget to mention that my windows "turn off system restore" is "disabled by group policy"?

    At this point in time I am almost certain that all my bank accounts, passwords, credit cards, and other accounts have been compromised. I will be reprogramming all my accounts after this is fixed.

    Anyways, to try fixing the problem, I referred to post #21 by herr5407 and tried to turn off system restore, but since this feature/option was disabled by the virus, I had to find out another route. I Googled my problem and I got some instructions from a website to go in manually through Start<Run<"regedit.exe"<(navigate /scroll mouse to)=HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore<then delete DisableConfig and DisableSR in the right hand screen.

    Now that my system restore is turned off, I will not reboot and attempt to rescan my computer with some of the programs from the 8-step viruses/spyware/malware preliminary removal instructions. I will try to get back when and if I fix this issue. Hopefully I will see you guys soon!
  25. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    [​IMG] Run Smitfraudfix
    • Download Smitfraudfix by S!ri from HERE
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt



    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


    Afterwards attach rapport.txt and a fresh Hijackthis log

    But instead of replying here, you will need to create a New Thread just for you
    You can learn how to create a new thread by clicking here: How to post a New Thread
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.