A virus disabled my computer in about 5 minutes

Status
Not open for further replies.
Z

Zerothma

Posts: 23   +0
The Story: (there is a shorter version below if you want to skip to that)

I received some good reviews for a game in a gaming forum that was going a bit off topic. I went to go and download the game (Can't remember the name of it). The website I went to said "100% Spywear free" so I downloaded it. It downloaded really fast, so I thought maybe something was wrong when I went to run the program. My Norton box popped up and said it blocked an attacker. "Good" I thought. I went to delete the stupid "game" and when I clicked on it I selected delete, then a box appeared. I needed administrator rights, which I have. "CRAP" I thought, "this cannot be good." I clicked "OK" on the administrator rights box, and the program was gone. Not deleted, but gone. Norton persisted with telling me everything is ok, that box kept saying that attackers were blocked. Everything was fine for a few minutes, so I did some homework.
Suddenly my "start bar" at the bottom of my screen disappeared. Norton blocked, it reappeared. This happened maybe 4 or 5 times. I was annoyed but optimistic, so I got my Norton to start scanning. Then my paper I was writing disappeared without asking me if I wanted to save. I noticed the desktop icons were missing. This means that I was staring at a blank screen except for Norton. So I did the obvious-Ctrl-Alt-Delete, but the task manager was suddenly disabled and it gave me some box saying administrator, or something to that effect.
I used Norton to my advantage. I used it to talk to a technician for a few hours... He basically said "Give me $100 no guarentee I'll fix your computer." I tried to scan my whole computer. Before my computer was shut down by my unknowing brother, I had scanned something like 1,600,000 files with 22 viruses. I wrote down the name of the ONE AND ONLY VIRUS that showed on the list and could not be controlled, and another that appeared first of all the others (since Norton scans commonly infected files first). I found Backdoor.Tidserv (all I needed to do was reboot said Norton) and Hacktool.Rootkit which Norton couldn't deal with. The technician strained, "You are screwed without giving me $100". "No way, I said. I have a 300GB external hard drive and Norton Ghost. Also, my computer sucks, I could buy a better one for $400."
Later, me and my family went over what we wanted to keep with Norton Ghost. We got most of it I think. But I'd much rather just keep my computer and my money. So I need help. If someone could start me off so we can work through this, I'd be great full. I'm not so computer savvy so use small words (figure of speech) so I can understand.

The Extremely Short Version

-Cannot use Task Manager
-Desktop Icons are missing
-Start bar is completely gone
-Most windows that are opened get closed within 3 seconds (Except Norton and the internet)
-Use Newbie step by step terms to help me.
-Known problems: Hacktool.Rootkit & Backdoor.Tidserv

I'll tell you more details if/when you ask. Please help, I have an online college course and so does my brother. We need a computer and fast!

Oh, and I should note that I am at a library right now, but while I am here I got some stuff on my flashdrive. I got sysclean and aproposfix.exe I'll try those later tonight if that is even possible at this point.
 
Reboot in safemode and run virus scan

Reboot your computer and press F8 before or at first screen and boot into safe mode and choose administrator and then run your virus scan and let it clean out this bad boy.
Hope all goes well.
 
Update on My Computer...

Well, things are a bit better. 3 of the 4 major problems have been eliminated, but my computer still is crapped up. Now I can see my start bar, desktop icons, and things don't close out immediately. I still cannot access many things because I "do not" have administrator rights, as well as run programs. I was, however, able to run Anti Spyware and HijackThis. I'll post the information for you. Please remember, I'm under the clock here.

Thank you in advance.
 

Attachments

  • hijackthis.log
    12.7 KB · Views: 6
You need a good antivirus

If you are trying to run online without a good updated antivirus then you will be in trouble quickly. Go to avast.com and download their free home addition and after it loads it will reboot and scan your computer before windows loads up. Move all the viruses to the chest if you can. Delete them if you can't. Once you reboot fully and windows loads up set your antivirus to high and set auto updates to automatic.
Register it for free and get an activation code to give you full coverage from now on.
 
I have Norton 2007

I could always use another Antivirus I suppose. Especially since this could get rid of more viruses.
 
Update on my computer:

It seems to be doing much better now. I finally have administrator rights back. It seems I can do everything just fine. The next step is to connect to the internet I think. But I need to know, is it safe to do that? I'll post my updated HJT. I can stop all cookies too. Just tell me how it can be safe for me to reconnect please.

(Just as a side note, Avast found a virus in Symantec's folder.)
 
Can someone please review my HJT?

Posted ^^^ I need to get my computer fixed soon, and the only thing I can't do is go online. Can someone help me out here? I can't go online because it might be unsafe if I have a virus that brings more viruses when I plug in to the net.
 
Please run the Norton Removal Tool: https://www.techspot.com/vb/topic100496.html#2
You can also use this program: http://service1.symantec.com/SUPPOR...56ede00518d9d?OpenDocument&seg=ag&lg=en&ct=us

Norton is still on your system and running

I notice that you have Norton Ghost for Windows running :
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
Although Norton Ghost is excellent (actually I use it, but the Dos Bootup part only) it does not need to running with every startup. You can turn off un-needed startups with this tool: http://www.mlin.net/StartupCPL.shtml

InetCntrl is related to Bsafe Online Internet Content Filter
If you do not require this, please remove it
This program also comes with PopupKil, which again is not needed

'inetcntrl0007' may be required by BSafe Online Filter for your connection to function
You may need to contact your ISP to confirm if you can remove it or not, if you can I have quoted the steps here:
A damaged .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.
Please download LSPFix from here.
Run the LSPFix.exe that you have just finished downloading.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of inetcntrl0007.dll
Select every instance of inetcntrl0007.dll and move each one to the Remove box by clicking the >> button.
When you are done click Finish>>.
Click to expand...

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
Click to expand...
Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.


CLEAR & RESET SYSTEM RESTORE'S CACHE
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Please note: Due to sooo many Symantec (Norton) entries, it was difficult (it took time!) to read the entire log
 
Do you think it is safe for me to go back on the internet now?

I got rid of Norton with that thing you gave me. I got Comodo and used it's scan. I found like 4 viruses and I'm not sure if Comodo could get rid of them. One was something like AdminCntrl and another was a rootkit. I have 3 firewalls up: Bsafe, Comodo, and.... I can't seem to remember the name of the other one. But if I do connect to the internet I can get Zone Alarm too.
 
Agree and disagree with Kimsland.

You only need one firewall and one anti-virus. Additional firewalls are redundant and you gain nothing by having more than one. For anti-virus, having more than one will slow your computer down and,r eally, most AV are very good or outstanding. it's anti-spyware that you need more than one because there are many different types of spyware.

You can go back onto the Internet but stay away from high risk activities such as filesharing and illicit sites.

Best,
-- Andy
 
Alright, well. Thank you very much. IS there any one antivirus and firewall you suggest having up? I've probably already loaded them on my computer at this point. Then what should I do with the rest of them? Just uninstall them? I have them on my flashdrive if I ever need them again.
 
My business serves the home market, so for msot I recommend AVG. It's free and does a good job. If it's someone who runs a home business that uses the Internet or someone whose heavy into the Internet, then I recommend a paid anti-virus. Kaspersky or NOD32 are excellent. As for firewalls, well, most home users have routers which usually have a hardware firewall included.

-- Andy
 
Enable Task manager
Copy and paste the following in Notepad and save as TskMgr.reg.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=dword:00000000
Click to expand...

Double click the reg file and click yes.

_______________________________________________________

Retraction

You seem to have already fixed this problem. Please ignore if yes.
 
Game Over

Well, I have truly screwed up this time. Let me just give you the summary. I did most of the scans on my user, not the administrator, so only my user was virus free (I don't really get it, but... that's how it was). I didn't feel like wasting another week+ just to clean off the rest of the computer and I still couldn't get on the internet. No matter what I tried I could not use the internet. My computer recognized the connection, My Xbox 360 could go on Live. My wifi was up and running, but my computer wouldn't let me do anything. So I gave up. I got my windows CD and decided to install windows. Well APPARENTLY there are CORRUPT files so I couldn't repair windows (wtf?). So I got my neighbors CD and installed windows. Now I have 30 days to register windows (as expected) but until I've registered I cannot log on (not expected, last time I did this I had the freedom to do whatever I wanted until 30 days was up. In this case I can do nothing until 30 days are up and then when time runs out I still can do nothing). So now I can do nothing. Screw you Microsoft.
 
Amazed!

Thank you. I love how I get rewarded when I get angry. One question though, when I can no longer reset the activation trial, can I just reload windows and redo this whole process? If that is the case, all I have to do is use my (very portable) 300 GB external hard drive for everything.
 
Only my account is free of viruses, as far as I can tell, or truly harmful viruses I should say. Every other account on my computer says "Virus Alert!" in the corner. Should I rerun all my antivirus stuff on the administrator? I think that's the next step here. But I can't connect to the internet at all. My computer recognizes a connection but will not send/receive data. Should I contact my ISP? I think they may have blocked me out (but oddly not my wifi, just my computer) probably because I may have been sending viruses out to people against my will, or something to that effect.
 
Oh, yes if we were only working from your original account last week, and that was not an Administrator account; then yes you will need to start from the start of this thread

Also I missed the last reply last week, relating to can you continue with activation over and over
Only if you format, and re-install Windows clean ;)
Which does not sound like a bad idea :)
 
Ok, well I did about half the work on safe mode administrator. I have administrator rights on my account but I suppose that doesn't count as far as the virus scanning goes. So what I'll do is scan on safe mode admin until all the users no longer say "Virus Alert!" and then contact my ISP. If my ISP can fix my internet problems I'll update my antivirus/spywear stuff, and from there I should be good to go. If I have any more problems, I'll get back to you. Thank you!
 
Also try this excellent tool, in Safe mode

75415740545070046c3ec0.gif
Run Smitfraudfix
  • Download Smitfraudfix by S!ri from HERE
  • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
  • Double-click SmitfraudFix.exe
  • Select 2 and hit Enter to delete infected files.
  • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
  • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
 
Here's my update:
I've run just about everything I've been given this far. After running Avast a few days ago, I noticed there were some (all) infections Avast could not remove. I wrote down what they were and where they were and tracked them all down and deleted all but one (called dna.exe located in the hidden RECYCLE trash cans and the base of the C drive). Upon doing this, I visited the other users. Strangely, 4 out of 6 users resembled mine, seemingly virus free. Upon visiting my brother's and the visitor user, they still had early signs and symptoms of viruses. I ran a couple programs to fix my brother's user, now it is fine. How did my antivirus programs get 4 users and almost completely miss 2? Now I'm paranoid again.

Also, I contacted my ISP and asked them why my internet was not working. Of course, they said the problem was on my end. They said something about the internet not working because I reinstalled Windows and now I need some sort of driver. I've dealt with drivers in the past, such as the dreaded sound driver, and graphic driver. I have no clue about internet drivers though. Any help here would be great.

Finally, I have a mostly updated HJT. As of this point in time I know my computer still has viruses on the visitor. This HJT was taken before fixing my brother's user. So it may not be worth taking a look at.
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
539
Mark Fuller
M
losdavos
Malware removal help, please and thank you!
Replies
1
Views
824
losdavos
losdavos
D
Being spyed on
Replies
1
Views
40
Nelson28
N

Latest posts

Back