Very Irritating Virus

Status
Not open for further replies.
First let me state that I am not using my own computer because this virus, as a side effect, is keeping me from logging into the internet. Therefore downloading things will be a very...very...big problem.

Okay, my uncle switched out the router in our house, but when I tried to get onto the network through the wireless adapter (I'm the only wireless user in the house) it wouldn't connect right. So my uncle figured we could disable the network thing I was using and then reconfigure it or something (I'm not good with technology...most of what he says is greek to me).

Anyway, when we tried to disable it, it gave the message, "Cannot disable at this time." It said something about another person or something using it. My uncle said that meant there was something on my computer trying to send something through the internet connection which was keeping us from disabling it.

So we went through this whole ordeal trying to figure it all out. Basically what we found is this thing in the task manager that shouldn't be there. We tried to end the process, but it just came back as another nonsensical task. Random names like qualapa or bvaszk and things like that. We located it in the System32 folder and identified it as the renaming thing of evil. My uncle said there was some other program restarting and renaming it, but we don't have any idea how to fix this irritating problem.

If anyone can help me get rid of this evil little renaming virus, I would be very appreciative. Remember though, that I cannot access the internet on the infected computer...so anything I do will have to be through my harddrive...
 
Welcome to Techspot!
Since you admit to being new at his I'll start with a couple of things for you to try.
-Try to disable the network adapter in" Safe Mode" ( Start the computer and you steadily ckick f8 as soon as you see the Boot screen (Ram test) stop).
You will see a screen that asks what type of start up you want for Windows and you select "Safe Mode"(This takes longer to start)
You will see windows start , it just looks funny.
There you can disable the Adapter ,Test for Virus and run stuff like Search &Deystroy,Hijackthis and get this from Microsft. http://www.microsoft.com/downloads/...4ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=
I know you cannot download so you will have to copy these applications to a CD and use them in your sick machine.
You can do a search here ( Link for Search is at top of this page) for the items I mentioned and there are instructions also .
Just come back to this post to ask for any help on this issue.
Good luck
 
Viruses suck

Ah but my uncle had me uninstall the adaptor...so it's...not there anymore, although the nasty little virus, of course, still is...we were hoping to kill the virus then reinstall the adaptor afterwards...
 
The only thing I can think of, other than restore it, before the virus struck, is to download a trial version of Ewido. However, I can't remember if you download the program, to your computer, or an install program, which, if it was the case, you could copy to a CD and install on your uncle's computer. NOTE: Ewido only works on win2000 and winxp systems.

You can download a trial version of Ewido here: http://www.ewido.net/en/

Be sure you update it before using it, and when it finds a problem, be sure to select the check box to do the same action (clean) when it finds a problem, otherwise, you will have to click continue, to keep scanning with every problem it finds.
 
burn adaware (download from download.com) to a CD or get a thumbdrive and put it on there to transfer to infected computer. Run a full system scan from SAFE MODE (press F8 during boot until options appear).

During safe mode, if you know what the program is called in the system32 folder you should be able to delete it. Only if you're 100% sure though.

Another thing to do. In the system32 folder (can do this in Windows folder also) click View -> Details and then click View -> Arrange Icons By -> Type. Look at all the application type files. If they are named weird like "sdfg76sd8.exe" right click on it and select properties. There should be a versions tab, if not right the name of the file down (most likely that file should not be there). If there is a version tab check the company name. All legit companies sign there files. If the company name is like a comma "," or "$" then right that file down. This method is crude but it works.

Google those file names you wrote down. You will find out real quick if they are spyware or not. If they are then delete them.
 
Status
Not open for further replies.
Back