|
Posted by Kayman on August 28, 2007, 3:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> wrote in message
>>I have a HP Compaq nx7010 running Windows XP Home Edition SP2. I was
>>browsing
>> the web searching for a medicine properties and I guess it was when the
>> virus
>> entered my computer. It has been almost 2 weeks now. The virus was
>> (or is) a Trojan, it appeared as a yellow triangle with "!" sign in the
>> middle resembling windows alerts; alerting me of potential spyware
>> action.
>> Minutes later a pop-up appeared and if I click on it (which I did by
>> mistake,
>> was chatting and hit the enter key when it poped-up) it will re-direct me
>> to
>> a home page which I never used. I also got my homepage changed (hijacked)
>> to
>> google.
>> I had tried various anti-virus softwares (Norton, AVG, McAfee) and it
>> didn't
>> detect the Trojan nor it avoided its entrance. Now I have Avast.
>> I have tried many things to kill the virus and work normally but I have
>> not
>> been successful. I downloaded SPYNOMORE (by that time I was aware of the
>> Trojan and its big power), I had to re-start my computer and then all got
>> worse.
>> When I started in Safe Mode, I was not able to see the Control Panel icon
>> anymore.
>> I tried to uninstall the SPYNOMORE but it didn't let me do it since I was
>> working in Safe Mode. Finally I downloaded SPYBOT SEARCH&DESTROY, and run
>> it.
>> It found many undesirable files and removed them. Same
>> thing with SPYWARE TERMINATOR, it found many problems and claimed it had
>> solved them.
>> But it did not. The system was still working slow with the same pop ups
>> and
>> yellow triangle when I tried to start
>> in Normal Mode and the Control Panel was no-where.
>> Just to check, I tried to Run-- regedit, but it says that it has been
>> disabled by my administrator. Also it has appeared a few times a popup
>> indicating that I have "restrictions" in this computer.
>> Same with Task Manager and many other things too!!
>> Another "intersting" thing that I noticed was when I was re-starting the
>> computer in Safe Mode, I saw that the lines read Partition2, and this
>> computer (hard drive) is not partitioned!
>>
>> I read many similar problems on the internet on various forums with many
>> people suggesting many methods of removal...but i dont want to try
>> something
>> myself and worsen my system's condition.
>> I get error message saying "Contact your system administrator or
>> technical
>> support group for further
>> assistance"
>> And that is what I am doing, asking for HELP from microsoft's technical
>> support. I think I have made the most before posting this here, so if
>> anyone
>> with knowledge about this problem can help me, I will be very happy.
>> Thank you so much in advance.
>>
>> Akshay Hari
>>
>
> The retail version of Norton can play havoc with your OS. Uninstall it
> using Norton's own uninstall tool
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
>
> The same applies to the retail version of McAfee. Go to:
> http://ts.mcafeehelp.com/displaydoc.asp?frames=1&docid=131208&CategoryId=66251
> for further guidance.
>
> If this doesn't work use this:
> http://www.revouninstaller.com/
>
> While Norton's removal tool usually gets the job done, you may also want
> to go to:
> http://www.snapfiles.com/get/winsockxpfix.html
> and download a copy of winsockxpfix just in case. Rarely, the removal of
> NIS breaks the networking components in XP to the point where internet
> access is impossible. This little utility will fix it back up.
>
>
> For non-viral malware...
> Please download, install and update the following software:
>
> Ad-Aware - Free
> http://www.lavasoftusa.com/products/ad_aware_free.php
> http://www.download.com/3000-2144-10045910.html
>
> Spybot Search & Destroy - Free
> http://www.safer-networking.org/en/download/index.html
>
> SuperAntispyware - Free
> http://www.superantispyware.com/superantispywarefreevspro.html
>
> After the software is updated, I suggest scanning the system in Safe Mode.
>
> How do you boot to Safe Mode?
> By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
> Alternatively:
> Click onto Start==>Run, type "msconfig" (without quotation marks), click
> OK. Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click
> Restart. To go back to Normal Mode, you must access the System
> Configuration utility again and click the General tab then click/check the
> radio button 'Normal Startup'- load all device drivers and services'.
>
> For viral malware:
> Download David H. Lipman's MULTI_AV.EXE from the URL:
> http://www.pctipp.ch/downloads/dl/35905.asp
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
> go through your FireWall to allow it to download the needed AV vendor
> related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
> Normal Mode. This way all the components can be downloaded from each AV
> vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
> Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
> or you can download the files and perform a scan in Normal Mode. Once you
> have downloaded the files needed for each scanner you want to use, you
> should reboot the PC into Safe Mode [F8 key during boot] and re-run the
> menu again and choose which scanner you want to run in Safe Mode.
> It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
> comprehensive PDF help file.
> http://www.ik-cs.com/multi-av.htm
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
> For your consideration:
> Ensure that you OS is current/updated/patched.
> http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
>
> Ensure that *all* software on your pc is current/updated.
>
> Practice Safe-Hex
> http://www.claymania.com/safe-hex.html
>
> Read this also:
> So How Did I Get Infected Anyway?
> http://www.wilderssecurity.com/showthread.php?t=27971
>
> Good luck and stay safe :)
>
Valuable advice from an expert; Be guided accordingly!
Question:
"Is it advisable to turn off System Restore while cleaning the OS using
AV/A-S, and if so, when do you turn it off and then on?
Also is it was recommended to delete all restore point during this
procedure?"
Answer:
"I used to be convinced that one should dump the System restore cache PRIOR
to cleaning a system. However after many discussions and based upon
personal tests and experience, I have come to the conclusion that this
should be done AFTER a system is cleaned.
Here's the problem. Most malware are binary files that the System Restore
cache will create a backup of in restore points. When one gets infected,
copies of the infector are now stored in the System Restore cache. If you
clean the system then restore to a prior Restore Point that contains
infectors, the OS become re-infected.
If you clean a PC and don't expect to restore to a previous Restore Point
then eventually the infected files will cache-out. In that situation, one
does NOT need to dump the System Restore cache.
If you dump the System Restore cache PRIOR to cleaning the system, you will
also remove a fall back point. That is, if during the cleanup the system
becomes unstable, you will not be able to restore the system from a previous
Restore Point. If you did restore the system
back to that state, you can clean the system differently such that the
system won't become unstable and/or unusable. Thus an infected Restore
Point is better than no Restore Point at all.
Later, when the system is cleaned and verified to be stable, you can then
dump the System Restore cache, reboot the PC and then re-enable the system
Restore cache and subsequently manually create an initial Restore Point.
Thus it is better the dump the cache AFTER and not BEFORE the system has
been cleaned of malware."
Dave H. Lipman
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
| 
XML site map