Georgia4Runner

I am in the dorms at Indiana University. I have a new Dell Latitude 610 with XP Home SP2. The XP Firewall is turned off, but the Virus Protection is on.

Anyways, yesterday I was logged in AOL Instant Messenger and I got a message from one of my "buddies". It was a clickable link that read "PicsDude.my-net-space.net/show.php"
YT MEMBERS: DO NOT CLICK ON THIS LINK!!!
So when I, like a moron, clicked on the link, weird stuf happened, like a download in the lower left corner of the screen. I realized what was happening and held down the power button on my laptop before it finished loading.

Symantec Anti-Virus was freaking out and Ad-Watch SE recorded blocking several tracking cookies. But when I just restarted my computer, a message from "Freeware.com"" or something like that popped up, and two XP error messages popped up. I will give more details later. Thank you and please help me!

4-RUNNIN' FREAK

Scan with this... see what happens. It's free.http://www.pandasoftware.com/actives...an/ascan_1.asp

Georgia4Runner

Thanks for the link, but it wants me to remove my Symantec Anti-Virus before the Panda software could be installed. Incompatability, I guess? Anyways, I called the Indiana University Tech Office and a rep told me to do the Trend Micro free virus scan.

He told me that Lavasoft finds some malicious stuff, but also has the potential to delete some important, non-malicous stuff as well.

My Lavasoft Ad-Watch SE has just posted 2211 instances of "Registry Modification Detected", each modification within seconds of the next.

What do I do? I can reinstall XP, but its a PITA and I have a bunch of programs that I'm not sure how to back up. Not to mention that I have already had to reinstall XP once since I got the Laptop two months ago.

Thanks all, especially 4Runnin Freak!

Localmotion

try to find the virus name, type it in to google, and you will see a way to "kill" the virus via microsoft.

Georgia4Runner

Thats a great idea! My problem doing that is I have no clue of what the virus name is. Currently Windows is in Safe Mode, so I went to www.trendmicro.com and did the free virus check. It scanned my C drive and found no viruses or trojans. What do I do now? Thanks for the replys!

4-RUNNIN' FREAK

Sorry, forgot about that it asks you there. I know you have to get rid of Nortons if you buy it.

Between Panda and AOL spyware, I have over 230 unique instances blocked on my PC since I had it for about a month now.

Never knew there was so much crap on the net.

Georgia4Runner

Thats crazy! I'm sure I have you beat with some of the sites I go to, lol...

Here is what I see restarting my computer. Symantec AntiVirus shows 2 instances:
THE FIRST:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Hacktool.Rootkit
File: C:\Documents and Settings\Denton Gupton\msdirectx.sys
Location: Quarantine
Computer: DENTONSLAPTOP
User: Denton Gupton
Action taken: Quarantine succeeded : Access denied
Date found: Tuesday, October 18, 2005 2:08:45 PM

THE SECOND:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan Horse
File: C:\xz.bat
Location: Quarantine
Computer: DENTONSLAPTOP
User: Denton Gupton
Action taken: Quarantine succeeded : Access denied
Date found: Tuesday, October 18, 2005 2:08:47 PM

So does this notification show what the virus name is? What actions do I need to take now? Thank you so much!

Churnd

Those two lines tell you the virus name and where the file it's infecting is located.

But according to Symantec, it's been quarantined, so you're ok.

Georgia4Runner

YES! Thanks Churnd, excellent news! I was hoping I wouldn't have to reinstall XP for the second time in a month!

Thanks for the help everyone!

Churnd

It's still a good idea to take extra precautions. Check out my PC HOWTO sticky for some ideas.

green91runner

What I would do if I were you, go into safe mode, navigate to those folder and delete those 2 files. (safe mode just ensures nothing is running in the background) They aren't system files, so you're free to destroy em. Also, because of the tracking cookies and freeware pop-ups, I would follow some of the spyware removal and computer cleaning steps in pc tips, to ensure no nasty surprises are left behind, which could leave the door open for another virus.

doink

that was going around here too i think.

my friend used this i think...http://jayloden.com/VirusClean.htm

DH6twinotter

Same thing happened to me. One of my Roommates downloaded AOL (not AIM), and the next morning I had a bunch of Ad-aware threats and a few Trojans. 91 total and I was only able to delete like 19 I think.

I tried the Panda site again, but nothing happens when I click on the HUGE green button. :cry:

DH6twinotter

Oh, my Window's Media Player won't work either

jimbo74

this comment isnt actually directed at you but for all....

there is a lot of crap on the net, even sites liek htis that you wnat to see there are peopel that post crap all the time.....


sure a lot of you here don't like me or care what i have to say... please read the line in my signature...... thank you and have a nice day......

dwh91102

I run spybot search & destory, adaware se, and microsoft antispyware. They will all find something the other doesn't. As for antivirus I run AVG, and if I was you I'd keep that firewall on........
And for someone else lighten up a bit Mr Postmaster general.

TDiddy

Have another

DH6twinotter

I'm getting a pup (what's a pup?) called Adware-POP, Adware Qoolaid, and Adware-surfsidekick.dll. Also getting Adclicker-BA.dll, Adware Casclient.dr, and Downloader-DC Trojans.

Any ideas/suggestions? I think this is from my roommate downloading AOL on it, but not sure.

Thanks.
Daniel