Virus

[c50662]

Alright, not a very descriptive title, I know. Thing is, a few people have been using my computer and I logged on today only to get a bunch of blank IE pages, messages saying that the Internet is attacking me and that I need to download some $30,000 program to remove the Spyware/Trojan. What more, my anti-virus doesn't work for some reason either, neither does task manager.

I am downloading Ad-Aware right now, Spybot S&D won't open and I have ran HijackThis, perhaps someone knows whats going on? Thanks. (Also included a couple pictures if that'll help at all.)

 

[austincpdist]

ugh ugh ugh. ive seen this type before.

best bet --fresh install of the os. but if you wanna get technical, boot up in safe mode, and run some cleaners. check the Windows directories and delete some funky lookin *.dll files. have fun looking around for all of them. runscanner is also a good program.

 

[c50662]

Alright, I reformatted so the virus thing is fixed. But, when I formated I had to take out my video card and Ethernet card and now I can't boot up windows using the video card when I put it back in, it freezes on the splash screen. Anyone know how to fix that?

 

[Bobbye]

I don't know what to do about the cards, but I will pass this along>> I took a look at your hijackthis log and was pretty amazed to see so many infections! You anti-virus program wasn't doing any good- Kaspersky wasn't it? And neither were the spyware/adware programs. And possibly you weren't keeping them up to date and scanning with all of them.

And I advise you to put a stop to "a few people have been using my computer"- I didn't see any log before their use, but if the current log was an example of their use, you do not want them back on your computer!

For information about: Security Watch Special: Windows XP SP2 Security Center Spoofing Threat:
http://www.pcmag.com/article2/0,1759,1639276,00.asp

You should also make sure the Windows Messenger Service is Disabled. This is a legitimate Service for administrators to communicate with the other systems on the network, but it has been used unethically to trick the user into thinking it is a legitimate message:
Control Panel> Administrative Services> Services> right click on Messenger> Properties> change Startup mode to Disable and stop the Service

Additionally, I will pass along the the SP3 update is causing problems on AMD systems..

 

[c50662]

I was surprised to find it like that too. I always run a complete scan at the very least once a week, now theres an administrator account thats password protected and a limited one. I was using Kaspersky and for some reason when I found all this I tried to do a scan but it kept giving errors and it was set to update whenever it found a new one.

I disabled the Messenger Service right after I installed the OS.

Thanks for the info on SP3, I wasn't planning on updating to it since I'm quite happy with using SP2 and having all of my programs work right.

 

[Bobbye]

Glad to help. Keep 'those people' away or set up a Limited Account for them.