Computer infection, need advice

Soldato
Joined
27 Sep 2004
Posts
13,749
Location
.
This is my GFs computer. I have a mac so I'm not brilliantly equipped to deal with any of these issues, unfortunately.

She was on a random website which streams American TV shows before their available anywhere(dodgy, I know). Then all of a sudden porn pop-ups, AVG alert and Windows Security start jumping up saying programs are running or something similar.

She can't open any folders, applications, browser, nothing and the internet is not connecting. Whenever she clicks on anything the alert pops up saying there's a malicious program running, every time it's a different .exe.

I tried doing a system restore but it wont let me access it. I tried opening the task manager to end the processes running in the background but it wont let me. I booted it in safe mode but then there's still no connectivity and she doesn't have any anti-spyware/virus software other than AVG which isn't clearing anything.

Any advice?

Sorry for my rather vague description, I'll get the laptop off her tonight and post up something more detailed. The operating system is Windows 7.


:)
 
bootup in safe mode (when you turn your computer on, press F8 repeatedly at the bios logo)

run programs like malwarebytes and avira, they will sort out a lot of things :)
 
I had the same thing 2 days ago, i booted in safemode.

Run "MSCONFIG" stopped all suspect process's from starting. Uninstalled AVG as it appeared it had infected that.

Downloaded Avast on seperate PC, then usb sticked it accross.

Run full Avast Scan found 19 infections and 4 horses.

Reboot once all deleted, works fine.
 
Download NOD32 [via a different machine] and use that. It is fully featured for 30 days, so more than enough time to use it.

I rate NOD32 much higher than Avast or AVG. If you want a free AV I would suggest Avira or MSE.
 
The computer has been infected by a fake anti-virus program and malwarebytes anti-malware is the best this to get shot of it (and I suggest you get shot of AVG as well as it is just a placebo acting as a anti-virus program).

Edit: I should mention that NO anti-virus program can fully detect these fake programs as they change on a daily basis and no anti-virus program can keep up with the changes.
 
Right, thank you all for the help and software suggestions, all viruses are now clear.

However, now the computer wont connect to the internet. The network is connecting absolutely fine, instant messenger etc but none of the browsers work and there's zero joy connecting to anything else?

Thanks.
 
If it's XP use the WinSock fix and also check the hosts file. Also check for unwanted proxy settings.

Good site for dealing with malware is remove-malware.com.
 
You might well need to reregister the internet explorer .dlls

To fix this problem yourself, re-register the Internet Explorer .dll files. To do this, follow these steps:
Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type the following lines, and then press ENTER after each line:
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll
Click OK when you receive the message that DllRegisterServer in FileName succeeded.
Type exit.


It also might be worthwhile after you do this booting into safe mode and running malwarebytes one last time to make sure all is gone, after you've turned off system restore that is.
Then reboot as normal and turn system restore back on.
 
The computer has been infected by a fake anti-virus program and malwarebytes anti-malware is the best this to get shot of it (and I suggest you get shot of AVG as well as it is just a placebo acting as a anti-virus program).

Edit: I should mention that NO anti-virus program can fully detect these fake programs as they change on a daily basis and no anti-virus program can keep up with the changes.

typical.
 
In Internet Explorer:

* Click Tools then select Internet Options
* Click on the connections tab and click the Lan Settings button at bottom
* Uncheck Use a Proxy server for your lan...
* Make sure to check Automatically detect settings

If you haven't already.
 
I've seen this problem many times. your computer is still infected (if the proxy setting thing doesn't work).

You need to download and run combofix.

And finally run superantispyware just in case, to pick any lef overs from malwarebytes and combofix.
 
It is normally the proxy settings in my experience, took me a good few hours the first time I came across it to find a post by someone else about it.
 
In Internet Explorer:

* Click Tools then select Internet Options
* Click on the connections tab and click the Lan Settings button at bottom
* Uncheck Use a Proxy server for your lan...
* Make sure to check Automatically detect settings

If you haven't already.

This worked. Thank you very much. :)

Thanks all for the advice and software suggestions, worked a treat.
 
You may have cleaned up... but these viruses and rootkits tend to be pretty persistent.. and your GF's machine has been opened up to pretty much anything - who is to say that you have got all the bad stuff off ?

I would NEVER trust a computer that has been repaired, cleaned or otherwise messed with to remove a virus for anything more than browsing as if I were in an internet cafe.

No banking, shopping, email or social networking - unless you want to risk identity theft.

A rebuild is the only way of being sure. And then once rebuilt... and before exposing the computer to any risk - then ghost the drive (so that the next time this happens... and it WILL... then it is much faster to recover).

I have been there.

Deag
 
Back
Top Bottom