TechSpot

Serious Virus on My Hands

By nothing123
Aug 28, 2008
  1. Hi everyone,

    This is going to sound a little urgent but bear with me. About a day ago, a virus completely took over my computer. Here are the symptoms:

    - Changes desktop background every time I restart computer and log on to Windows to "Warning! Spyware detected on your computer! Install antivirus or spyware remover to clean your computer". I am unable to change it by simply right-clicking the desktop because they have removed the tab with that option. I can go to a picture and set is as the background but again, it will get change upon the next time I start Windows.
    - Upon logging into Windows, a pop-up is there asking me to agree to some AntiVirus program installation. In my task manager, when I end the process called tmp59.tmp.exe (I think), the pop-up goes away.
    - When I try to conduct a Google search, all the 'hit' links redirect me to some unrelated site which usually have to do with spyware.
    - I can't load G-mail and several other sites properly.
    - I tried running an Ad-Aware scan but get an error. However, with the Internet disabled it works. The scan did not correct the problem unfortunately.
    - My computer periodically freezes; it's basically unusable.
    - It also occasionally freezes up at the log-in screen to Windows (after I put in my password).

    Now, I hope this is all one virus because all this together started occurring at the same time.

    I've attached a HJT log I ran when the problems first started occurring. I hate to sound selfish, but I really need my computer back within the next couple days. I have a major standardized test coming up very soon.

    Thanks so much for any help.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    In order to clean your system, you need to run the current version of HijackThis and the additional programs suggested. You have run an old version and do not have logs for the additional programs. See this:

    New malware cleaning instructions from TechSpot: [B]http://www.techspot.com/vb/post645589-1.html[/B]

    The above will point you to the correct version. You must also run SuperAntispyware. The games you have on your system produce an abundance of Tracking Cookies. Once the scans are completed and the logs are attached, you will be assisted.
     
  3. InsaneVr6

    InsaneVr6 TS Enthusiast Posts: 221

    The only way that you are going to be able to rid this problem of yours for good is to do a system wipe. I suggest you backup the files you NEED to a CD or Flash Drive. Dont backup any system files because you dont know which ones are infected, same for programs. Once that is done you must reinstall your OS with the disk that came with your computer. When your OS is reinstalled your virus problem will be gone. (be sure to hit format to NTFS filesystem. NOT format to NTFS filesystem QUICK. Doin it quick will not rid you of your problem.
     
  4. nothing123

    nothing123 TS Rookie Topic Starter

    Oh boy, that's not good. At any rate, I'm currently performing the Superantispyware scan and have downloaded the updated HJT and will post the corresponding logs when I'm done. If it shows definitively that I need to reinstall the OS, then I will do so.
     
  5. nothing123

    nothing123 TS Rookie Topic Starter

    Here are the logs. Hopefully there's some good news. Thank you guys very much for the help, much appreciated.
     
  6. nothing123

    nothing123 TS Rookie Topic Starter

    A little update, last time I restarted my computer, the desktop background did not change so that's a good sign. However, the other problems are still persistent. Any advice?
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're going to have to follow the full cleaning instructions here:
    http://www.techspot.com/vb/post645589-1.html

    Have SuperAntispyware remove ALL of those Tracking Cookies! I can tell anyone who has a lot of games on their system just by looking at the Tracking Cookies.

    Open IE> Internet Options> Privacy tab> Advanced> check to Accept first party Cookies, BLOCK third party Cookies.

    Your Java is way behind. Download tot he current version, v6u7 here:
    http://www.java.com/en/download/manual.jsp

    Go into the Control Panel> Add/Remove Programs and uninstall ALL earlier versions of Java.

    DO NOT use System Restore. The restore points are infected. When the cleaning is finished, you will drop off the old restore points.

    The go and run scans with all the recommended programs and attach the logs for review. You have numerous entries needing removal.
     
  8. nothing123

    nothing123 TS Rookie Topic Starter

    I have followed your instructions and have some good news to report! The changing desktop background seems to have disappeared for good. There is no longer a pop-up when I restart Windows asking me to install the antivirus software. My google searches are working again and the sites that previously did not load are loading fine now. I've attached the corresponding logs for you to view. This is great news and I'd like to thank you so much for your help so far.

    P.S. how do I remove old system restore points...?
     
  9. InsaneVr6

    InsaneVr6 TS Enthusiast Posts: 221

    To delete the system restore points you will have to:

    Go to start, right click My Computer, click Properties, then click 'System Restore'
    Check the 'Turn off system restore' or 'Turn off system restore on all drives'
    Now click apply and it should give you a message "blahblah all points will be deleted"

    Doing this will delete all existing restore points so click Yes and then OK


    If you want you will then need to enable the system restore again since your virus problem is gone. To do this, you have to go to:
    Start
    Right click My Computer>then Properties
    Click the 'System Restore' tab
    Uncheck 'turn off system restore' or 'turn off system restore on all drives'
    Click Apply, and then OK

    You are good to go.
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Clear system restore points

    • Clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you note what mbam had handled in the log? Bo wonder the system it setter. We can clean up a few things though- they're not malware, but most are being loaded either from Startup or the Registry when you boot. That means you'll 'carry' them around:

    Reopen HijackThis and check the following:
    Check Fix and reboot into Safe Mode:

    Make sure the following Services are set to Manual. They do not need to be on Automatic:
    Open the following programs and uncheck the auto-update function:
    Go to Start> Run> type in 'msconfig' without the quotes>enter> Selective Startup> Startup tab> UNCHECK everything except the antivirus program, firewall, touchpad if laptop and the network processes> OK> Reboot into Normal Mode.
    Close the nag message that comes up after checking 'don't show this message again'. Stay in Selective Startup.

    What you did above does not mean you can't use the programs or apps. When you need them, call them up- don't drag them around just because they are on Startup. I think this will show you increased speed.

    You need to control the Tracking Cookies. As long as you have the games, you're going to keep getting them-unless you change this setting:
    Open IE> Internet Options> Privacy tab> Advanced> Check 'accept first party Cookies' and check 'BLOCK' for third party. Check 'allow per session'> Apply> OK.

    Let me know how it goes.
     
  12. nothing123

    nothing123 TS Rookie Topic Starter

    Unfortunately, I did not know I was supposed to note something about the mbam log so I don't have that. I fixed everything you said to check but had some problems with the further instructions. How do I change the three Services you listed from automatic to manual? The two .exe programs also did not do anything when I opened them. I have made the Cookie changes to my IE but I am curious as to what you mean by 'games'. I don't think I have played any type of computer game in over a couple years.

    Anyways, looking forward to your reply!
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Start-->Run--> Services.msc

    Also games
    I think that refers to PartyPoker (in your log)
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Games,:
    After you access the Services, scroll down to each of three Services and right click> Properties> the Startup box should be changed to Manual. You can stop the Service also. It will start when or if needed.

    The Tracking Cookies were reflected in the SuperAntispyware logs. The first log had almost 150 and the second log, only 3. I notice those with the games on their systems appears to get numerous Tracking Cookies. Of the games above, Party Poker is the most likely to drop the most-and consistently.

    What are you referring to here:
     
  15. nothing123

    nothing123 TS Rookie Topic Starter

    Should I fix these then?

    Done, thank you.

    I was talking about the two items in Program Files.

    Also, when I went into msconfig and sorted the programs on startup, I think I disabled the arrow key functions on my laptop touchpad (i.e. not the movement of the mouse but the scrolling of pages up and down). Do you happen to know which process this is?
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The Dell touchpad process should show as "Apoint". That needs to be left checked. To check the settings:
    Control Panel> Mouse> Touchpad tab> adjust the settings for your own touch> Gestures tab> CHECK 'use scroll function'> Apply> OK.

    Remove all the game entries. And you may find this: C:\Program Files\PartyGaming\PartyPoker which needs to be uninstalled.

    Control Panel> Java> Update tab> UNCHECK 'check for update automatically'> Say Yes to confirm> Real Player> Update tab> UNCHECK for updates automatically'> say Yes to confirm> Apply> OK

    This may sound like extra work for you and in a way it is. But it will result in improved performance and that is something we all want!
     
  17. nothing123

    nothing123 TS Rookie Topic Starter

    Hi all,

    I got everything fixed that I needed and wanted to thank all of you again for all your help, very much appreciated. I'll definitely be recommending and coming back to this site in the future but hopefully not too soon!

    Thanks again.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. It's like the TV repair person or the plumber- their help is needed, but you don't want to 'need' them often!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...