|
Welcome to the Australian Ford Forums forum. You are currently viewing our boards as a guest which gives you limited access to view most discussions and inserts advertising. By joining our free community you will have access to post topics, communicate privately with other members, respond to polls, upload content and access many other special features without post based advertising banners. Registration is simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. Please Note: All new registrations go through a manual approval queue to keep spammers out. This is checked twice each day so there will be a delay before your registration is activated. |
|
The Bar For non Automotive Related Chat |
|
Thread Tools | Display Modes |
|
06-11-2007, 10:13 PM | #1 | ||
www.TUFFCARPARTS.com
Join Date: Feb 2006
Posts: 5,221
|
Hi All,
Hoping for some help please! A couple of days ago got a random message box pop up saying I had a worm/virus. Normally I don't click these (but have never had any on this computer, and it looked very authentic!) So I clicked ok to whatever it said, and now internet explorer just keeps trying to connect to a heap of random anti-virus sites, and it does this continuously if I leave the computer going. I'm also getting constant windows style popups warning of infections, security risks and so on, and my computer is now running extremely slow. 3 icons for antivirus/malware/spyware cleaners have appeared on my desktop, and although I have tried deleting, they reinstall themselves within about 20 minutes of running. I have also found that my windows task manager (ctrl, alt, del) has been disabled (says, disabled by your system administrator). Obviously there's something not good going on, but I have run AVG and CA antivirus twice each, and neither has picked anything up. I have disabled internet explorer (now using firefox) so at least when internet explorer opens, it can't actually connect to the websites it's trying to access. Would really appreciate any advice anyone has to offer! Thanks, Justin.
__________________
http://i1233.photobucket.com/albums/...psc203b7b1.jpg |
||
06-11-2007, 10:28 PM | #2 | ||
FF.Com.Au Hardcore
Join Date: Feb 2007
Location: Cattai, Sydney
Posts: 7,701
|
if you cant find the actual files for the virus which would most probably be in your program files.. re format.. because if you do business on your computer with banking etc if may steal your numbers etc and send them somewhere ie saudi arabia etc and they will steal your account/money etc.. so disconnect it from the next at all times and look around for oddly named files in the program files. delete them if you can, if not you will need to format the computer(which is a )
__________________
1992 EBII Fairmont Ghia 4.0l <---Click for the Gallery! Insta@mooneye_ghia White on bright red smoothies with thick whitewalls. Cruising around to some rockabilly |
||
06-11-2007, 10:58 PM | #3 | |||
Regular Member
Join Date: Apr 2006
Location: Eastern Melb.
Posts: 346
|
Quote:
Why my anti virus started going crazy over it I have no idea, it never did it again, and it was the only file identified by the anti virus too
__________________
FG Mk II XR6T Best Toy Ever! FG Mk II XR6T Lightning Strike, 6 Speed Auto,, Dark Tint Awesome toy for Grown Ups! |
|||
06-11-2007, 10:30 PM | #4 | ||
MY21.5 Mustang GT
Join Date: Dec 2004
Location: Shoalhaven, NSW
Posts: 2,450
|
It sounds more like spyware/adware rather than a virus.
Try running Spybot...it should pik it up and get rid of it. EDIT: although, it does sound like a virus that has disabled Task manager.
__________________
2021 Mustang GT in Rapid Red | XDA-Developers Assistant Admin
|
||
06-11-2007, 10:45 PM | #5 | ||
FF.Com.Au Hardcore
Join Date: Feb 2006
Location: Toowoomba
Posts: 2,634
|
spybot...such a champ program...picked up what avg didnt
__________________
1628 Escort Project Thread 67.3 RWHP - Paramount Performance Dyno DJ Automotive Tuned with proper jets http://fordforums.com.au/showthread....4&page=1&pp=25 |
||
06-11-2007, 10:52 PM | #6 | ||
FF.Com.Au Hardcore
Join Date: Apr 2007
Location: Townsville
Posts: 1,167
|
This happened to someone I know same thing trojan got on the computer and then popups for anti virus sites asking for $60 to download antivirus to fix it not reputable
virus sites like norton or macafee etc . The money was paid but it didnt fix the virus try going to norton and find if there is any examples of what is happening to your comnputer on there usually they have information on how to fix your registry and remove the virus and in the past I have downloaded virus removal tools from them . A lot of porn sites bring up those warnings about viruses and then download trojan horses which point you in the direction of fake expensive antivirus sites |
||
06-11-2007, 11:00 PM | #7 | ||
let it burn
Join Date: Feb 2006
Location: QUEENSLANDER!!!!!
Posts: 2,866
|
Download
- spybot & - AdAware SE Also get CClean to go through your registry. All are free programs. CClean also has a fuction for deleting files with a nice algorithm overwrite to actually delete their traces. They cant be found by tech savvy people. |
||
06-11-2007, 11:12 PM | #8 | ||
FF.Com.Au Hardcore
Join Date: Mar 2007
Location: sydney.nsw.au
Posts: 6,119
|
mate, the fact that task manager is gone is a bad bad bad thing.
honestly blow away the OS. its not worth having traces of whatever is on there at the moment hanging around. had the same on my missus pc thanks to her brother. just backed up what was needed in safe mode to a USB key and then formatted. 1hr re format beats hours of d1cking around and then being paranoid any day
__________________
flickr |
||
06-11-2007, 11:43 PM | #9 | ||
SZII in Silhouette
Join Date: Jul 2005
Location: Darwin NT
Posts: 600
|
Been there, done that.....
The one I got was called Spy Sherrif - or something similar - VERY nasty piece of work.......apparently the way it works is to instal its own viruses and then detect it and offer to remove it after you have paid your money. These viruses go to work on your computer as well and disable the task manager and usually the virus protection. After numerous attempts by the guru's at work after which it would just reinstall itself, we ended up doing the re-format. No fun at all!! If you can find out what the program is called, you can run a search in Google on how to remove it but it is fairly complex and not always successful. Good luck......
__________________
. . Strangers have the best candy....... |
||
06-11-2007, 11:57 PM | #10 | ||
www.TUFFCARPARTS.com
Join Date: Feb 2006
Posts: 5,221
|
Thanks for all the advice guys very much appreciated.
Running spybot and cclean now. Have been searching through program files, and did find one component of it (just somehow changed my wallpaper to an active link to one of these websites.) so I've deleted that part in my windows files, but the other problems are still occurring. I think it's best that I don't connect to the internet until I get this sorted, but I'll check this thread at work in the morning. I would love to reformat, but I have absolutely no idea on how to do it! I think that it definitely should be done though, so was going to take the laptop to a computer place in the next few days to get it done. Thanks, Justin.
__________________
http://i1233.photobucket.com/albums/...psc203b7b1.jpg |
||
07-11-2007, 12:02 AM | #11 | |||
let it burn
Join Date: Feb 2006
Location: QUEENSLANDER!!!!!
Posts: 2,866
|
Quote:
|
|||
07-11-2007, 12:10 AM | #12 | |||
www.TUFFCARPARTS.com
Join Date: Feb 2006
Posts: 5,221
|
Quote:
__________________
http://i1233.photobucket.com/albums/...psc203b7b1.jpg |
|||
07-11-2007, 07:39 AM | #13 | |||
FF.Com.Au Hardcore
Join Date: Mar 2007
Location: sydney.nsw.au
Posts: 6,119
|
Quote:
Boot up in safe mode and just transfer any files u want to keep to either another computer or portable hard drive. restart put in windows xp (assuming you're running xp) and press a key to boot to cd (you'll see that instruction). then follow the prompts to install a NEW (not repair) version of windows. 1hr later.. done! you have a brand new system
__________________
flickr |
|||
07-11-2007, 12:26 AM | #14 | ||
playing in my big shed
Join Date: Sep 2005
Location: miriam vale , qld
Posts: 3,302
|
i had the same thing happen last week with the pop ups warning of a virus or something.
i use AVG anti virus free edition and this is the first time i have had any of these bugs get through. i also run SPYBOT and ADAWARE every month or so just to be sure. i gave both of these a run and have`nt had any more issues.
__________________
`75 XB FAIRMONT sedan . mushroom beige, injected 351, toploader, 9inch `10 FG XR50 Turbo ute. Nitro blue, 6 sp Auto, Leather trim. `04 BA RTV tray back, Red, V8 auto, `04 BA XR6 Turbo sedan. Blueprint. auto, Leather trim. `03 BA XLS ute . Acid Rush, factory lpg, auto, `48 TEA20 Grey Ferguson, `62 Willys 6-230 , 4x4 light truck `04 Yamaha TTR 250 |
||
07-11-2007, 12:47 AM | #15 | |||
let it burn
Join Date: Feb 2006
Location: QUEENSLANDER!!!!!
Posts: 2,866
|
Quote:
spybot and AdAawre are designed for that, they dont pick up virus' or trojans. Its why you run all 3. |
|||
07-11-2007, 08:06 AM | #18 | ||
MY21.5 Mustang GT
Join Date: Dec 2004
Location: Shoalhaven, NSW
Posts: 2,450
|
I'd also just back up anything you want kept, then format and reinstall.
I always point people to this guide for doing a format/reinstall of XP: http://web.mit.edu/ist/products/winx...ll-format.html It has screenshots etc to help make it very easy to understand. EDIT: Restore points can also store the virus...so I wouldn't do that.
__________________
2021 Mustang GT in Rapid Red | XDA-Developers Assistant Admin
|
||
08-11-2007, 01:03 PM | #19 | |||
www.TUFFCARPARTS.com
Join Date: Feb 2006
Posts: 5,221
|
Thanks for all the advice, very much appreciated!
Spybot did pickup and remove part of it, then I ran adaware, which successfully removed all of it, or so I thought! All was good for about 15 minutes, but it promptly reinstalled itself! Oh, and adaware now doesn't pick it up! - great work on the virus designers behalf. I might give housecall a try, but obviously either way reformat must be done. Quote:
Hopefully borrowing a friends harddrive, and will backup and reformat in the next day or so. Does anyone know where I'll find the backup file for Microsoft Outlook (email) - my wife uses this for work, and cannot afford to lose all of the emails! Thanks, Justin.
__________________
http://i1233.photobucket.com/albums/...psc203b7b1.jpg |
|||
07-11-2007, 09:03 AM | #20 | ||
Back where I belong
Join Date: Jan 2005
Location: Mexico - Victoria
Posts: 947
|
Run a program called Housecall by Trendmicro, its one of the best on the net thats free, it could take up to a couple of hours to run...
http://housecall.trendmicro.com/ if this doesnt pick it up and or remove it then you would be looking at a re format...
__________________
Regards Craig |
||
07-11-2007, 10:06 AM | #21 | ||
FF.Com.Au Hardcore
Join Date: Dec 2004
Location: South Australia
Posts: 3,173
|
Don't use system restore.. in fact disable it. Viruses love hiding in there..
|
||
08-11-2007, 01:06 PM | #22 | ||
PM me if you want
Join Date: Dec 2004
Location: Pk Ranger Modding - QLD 👍
Posts: 7,498
|
download smitfraud as well, that will be the main thing you infected yourself with.
__________________
Owner of first ever car to retrofit BA SSS - the EA2BA Send me a PM if you want to know anything 2010 Ford Ranger PK High Rider (Auto) - 2011 Ford Fiesta (Auto)
|
||
08-11-2007, 01:32 PM | #23 | |||
www.TUFFCARPARTS.com
Join Date: Feb 2006
Posts: 5,221
|
Quote:
__________________
http://i1233.photobucket.com/albums/...psc203b7b1.jpg |
|||
08-11-2007, 09:13 PM | #24 | ||||
www.TUFFCARPARTS.com
Join Date: Feb 2006
Posts: 5,221
|
Fixed!!! A huge thanks to everyone for all the advice, VERY much appreciated!
Quote:
Quote:
__________________
http://i1233.photobucket.com/albums/...psc203b7b1.jpg |
||||
08-11-2007, 01:25 PM | #25 | |||
FF.Com.Au Hardcore
Join Date: Mar 2007
Location: sydney.nsw.au
Posts: 6,119
|
Quote:
then go my computer > C: > documents and settings > (username that she logs on with > local settings > application data > microsoft > outlook and then its the .pst file
__________________
flickr |
|||
08-11-2007, 01:30 PM | #26 | |||
www.TUFFCARPARTS.com
Join Date: Feb 2006
Posts: 5,221
|
Quote:
__________________
http://i1233.photobucket.com/albums/...psc203b7b1.jpg |
|||
08-11-2007, 01:37 PM | #27 | |||||
XR & FPV Owner
Join Date: Apr 2005
Location: On the Dark Side of The Moon
Posts: 2,355
|
Quote:
__________________
2005 BF GT (6sp manual - Build #183) 2015 SZ MkII Territory Titanium 2016.75 LZ Focus Sport Quote:
Quote:
|
|||||
08-11-2007, 02:03 PM | #28 | |||
FF.Com.Au Hardcore
Join Date: Mar 2007
Location: sydney.nsw.au
Posts: 6,119
|
Quote:
can copy them too if you like
__________________
flickr |
|||
08-11-2007, 01:32 PM | #29 | ||
FF.Com.Au Hardcore
Join Date: Mar 2007
Location: sydney.nsw.au
Posts: 6,119
|
no worries mate.
once u get your computer up and running again, to restore all the emails you set up the account thru outlook, then simply navagiate to that folder and drop in the back up .pst and ull see all the emails come back as normal.
__________________
flickr |
||
08-11-2007, 06:55 PM | #30 | ||
Starter Motor
Join Date: Nov 2007
Location: Port Lincoln
Posts: 1
|
Hey man, scary ... had exactly the same problem happen 2 days ago!!!!! Been on and off the phone to microsoft trying various solutions and finally got to the bottom of it. It was a "Trojan" malicious program and after downloading 3 different security and clean up programs I was finally put on to one that worked, dont know how to give you a link for it but it is called SmitfraudFix and you should be able to find a free download ( unless someone else has a link...). Once installed you need to reboot your computer in "SAFE MODE" - just tap F8 whilst it is rebooting, and then select safe mode from the menu. Open SmitfraudFix and select #2 from the menu.When asked if you want to clean registry answer YES. If 'wininet.dll' is infected ( it will tell you ) click YES to replace with clean version. when program is finished simply reboot in normal mode and you should be all sweet.
By the way if you can tell me how to create/copy a link I can give you the exact program I used. Good Luck. P.M. me If I can help anymore. |
||
Thread Tools | |
Display Modes | |
|