I got a really nasty computer virus for Christmas
#21
Registered User
Join Date: Oct 2008
Location: Long Island
Posts: 27
Likes: 0
Received 0 Likes
on
0 Posts
If your PC is back to a working state, copy 'My Documents' / 'Documents and Settings' to a USB drive (your IE favorites, pix, music, etc. are in there). Use your restore disks to give yourself a fresh OS and invest in Norton Internet Security 2010. It's the best against viruses, malware, spyware and pretty much any threat. It'll catch and quarantine viruses like you have/had before it takes over your machine. The 'free' antivirus and spyware protection out there - Spybot, AVG, etc. - are limited. Going forward, you'll have no issues if you run Norton IS 2010...
Hope this helps...
Hope this helps...
#22
Registered User
Join Date: Jul 2008
Location: North Texas
Posts: 52
Likes: 0
Received 0 Likes
on
0 Posts
This is why I quit using windows but unfortunately running it is sometimes a necessary evil. That being said anytime you're surfing the Internet and a window pops up similar to what 92 Toy posted above it's some kind of malwire, virus, etc. They pop up a window making you think you have every virus in existence and you naturally click on it cuz you don't want a virus. When you click "Remove" or whatever they say you actually "execute" the malware, virus, whatever. After that you're screwed. They are next to impossible to get rid of without drastic measures such as reinstalling, formatting, so forth.
A free open source virus scanner is http://www.clamwin.com.
In the past I always used and had success with AdAware. (http://www.lavasoft.com/products/ad_aware_free.php)
There was something else similar to Ad-Aware but I can't remember what it's called now. It's been a couple of years since I used windows at home. I would almost say it should be mandatory to download and only use Firefox (http://www.mozilla.com/en-US/) but now I'm showing my anti-microsoft bias.
Final thoughts: If you have McAfee, Norton, or ClamAV installed and anything else pops up saying you have a virus don't click on it.
A free open source virus scanner is http://www.clamwin.com.
In the past I always used and had success with AdAware. (http://www.lavasoft.com/products/ad_aware_free.php)
There was something else similar to Ad-Aware but I can't remember what it's called now. It's been a couple of years since I used windows at home. I would almost say it should be mandatory to download and only use Firefox (http://www.mozilla.com/en-US/) but now I'm showing my anti-microsoft bias.
Final thoughts: If you have McAfee, Norton, or ClamAV installed and anything else pops up saying you have a virus don't click on it.
Last edited by m1ashooter; 01-20-2010 at 01:28 PM. Reason: Update
#24
Contributing Member
Thread Starter
Hey guys......I've been following this thread, a little, sounds like Mt Goat has a clue what he's doing, whereas I have zero clue. I'm the kind of ignoramous that just wants the computer to wrk when I want it to and that's about it.
Anyhoo..I found the link to the demon that infected my desktop PC and figured I'd paste the picture of what mine looked like (not mine, but it's a screenshot from a website talking about it).
Sounds like similar crap to mine....
Anyhoo..I found the link to the demon that infected my desktop PC and figured I'd paste the picture of what mine looked like (not mine, but it's a screenshot from a website talking about it).
Sounds like similar crap to mine....
This thing kept on countering every move to get rid of it, almost like it was learning from my efforts to stop it. At first I found the way around its task manager disable. By going to Hkey_current_user\software\microsoft\windows\curre ntversion\policies\system and looking for a file called "Disable Task Mgr" then right click> delete. That would (at first) give me back use of the Task manager. But after a reboot it would disable it again. Then after a few times of disabling it and it coming back it wouldn't let me do it.
All the pros are talking about how hard this (TDL3 rootkit) is to get rid of, one guy called it the "stealthiest rootkit in the wild".
Last edited by mt_goat; 01-20-2010 at 02:03 PM.
#25
YotaTech Milestone-Two Millionth Post
Yeah, I had talked to an I.T. geek I know from some YOTATECH site and he said that was a bad one.
Basically my computer powers up and shuts off and just keeps doing that over and over.
Thank goodness we still have a laptop, but with everybody wnting to be on the computer at the same time and my dang YOTATECH addiction, it makes it interesting.
I'm hoping that the "geek" can take care of my mess because I am a complete idiot when it comes to this stuff...and getting the oil pan off my truck....I suck.
Basically my computer powers up and shuts off and just keeps doing that over and over.
Thank goodness we still have a laptop, but with everybody wnting to be on the computer at the same time and my dang YOTATECH addiction, it makes it interesting.
I'm hoping that the "geek" can take care of my mess because I am a complete idiot when it comes to this stuff...and getting the oil pan off my truck....I suck.
#26
Contributing Member
Thread Starter
#27
Contributing Member
Thread Starter
Another interesting quote from this link: http://www.prevx.com/blog/139/Tdss-r...s-the-net.html
This infection is bringing all together the best of MBR rootkit, the best of Rustock.C and the experience of old Tdss variants. Result is an infection that is quickly spreading on the net and it is undetected by almost every security software and 3rd party anti rootkit software.
#28
Registered User
Join Date: Oct 2008
Location: Long Island
Posts: 27
Likes: 0
Received 0 Likes
on
0 Posts
An IDE has two rows of pins and is about 2+ inches wide. A SATA is much smaller and looks somewhat like a USB type connector. It is one or the other. You'd have to pull the hard drive to find out, or reboot, hit F2 and go into the BIOS. That should tell you what type of drive you have...
#29
Contributing Member
Thread Starter
An IDE has two rows of pins and is about 2+ inches wide. A SATA is much smaller and looks somewhat like a USB type connector. It is one or the other. You'd have to pull the hard drive to find out, or reboot, hit F2 and go into the BIOS. That should tell you what type of drive you have...
#31
Registered User
Yessirre that would be correct. I agree with the other folks here as well about Symantec (Norton) I use it we use it at work it just uses more resources than most.
But now that we know you have a SATA drive. Grab another one, open the case on yours swap drives, toss in the Windows CD and your off and a runnin.
After you get everything reinstalled and (this part is im-po-tint ) and have an Anti-virus installed you then can plug in the old drive via usb and copy all your documents over.
.
But now that we know you have a SATA drive. Grab another one, open the case on yours swap drives, toss in the Windows CD and your off and a runnin.
After you get everything reinstalled and (this part is im-po-tint ) and have an Anti-virus installed you then can plug in the old drive via usb and copy all your documents over.
.
#33
Contributing Member
Thread Starter
Well another day goes by and no sign of trouble, dare I say this thing is gone? The PC is running great, as fast as ever! I really think that Hitman Pro worked (knock on wood).
#35
Glad it is fixed.
You may have read a thread here from me about the DOS attacks we have been having here.
It was narrowed down to infected computers that were instructed to specifically attack this site.
It brought the server to a stand still a month back.
Many do not even know their PCs have been turned into zombies to do the malware masters bidding.
You may have read a thread here from me about the DOS attacks we have been having here.
It was narrowed down to infected computers that were instructed to specifically attack this site.
It brought the server to a stand still a month back.
Many do not even know their PCs have been turned into zombies to do the malware masters bidding.
#37
Contributing Member
Thread Starter
Glad it is fixed.
You may have read a thread here from me about the DOS attacks we have been having here.
It was narrowed down to infected computers that were instructed to specifically attack this site.
It brought the server to a stand still a month back.
Many do not even know their PCs have been turned into zombies to do the malware masters bidding.
You may have read a thread here from me about the DOS attacks we have been having here.
It was narrowed down to infected computers that were instructed to specifically attack this site.
It brought the server to a stand still a month back.
Many do not even know their PCs have been turned into zombies to do the malware masters bidding.
#38
Contributing Member
Thread Starter
Another day goes by and all is good! Some things I'm doing different now:
I surf the web logged on as a user with limited use (no administrative privledge)
I keep all the security settings on high, yes there are some sacrafices in that, but I'm getting used to it. The worst thing is I have to manually put in [Quote]s and smilies and stuff and click to redirect back to pages.
I use passwords to log on or switch users.
I use spybot everyday and immunized everything.
Microsoft has released a new patch for IE (yesterday) and I got that installed.
I'm very careful about giving permissions for access to programs and what links I click on.
Making sure auto updates is running for McAfee, my subcription is paid for on this or I'd try Norton. Plus I'm not conviced Norton would have stopped this attact either. As of 1/20/10 it was not listed as one of the programs that could fix or even detect this TDL3 rootkit.
I surf the web logged on as a user with limited use (no administrative privledge)
I keep all the security settings on high, yes there are some sacrafices in that, but I'm getting used to it. The worst thing is I have to manually put in [Quote]s and smilies and stuff and click to redirect back to pages.
I use passwords to log on or switch users.
I use spybot everyday and immunized everything.
Microsoft has released a new patch for IE (yesterday) and I got that installed.
I'm very careful about giving permissions for access to programs and what links I click on.
Making sure auto updates is running for McAfee, my subcription is paid for on this or I'd try Norton. Plus I'm not conviced Norton would have stopped this attact either. As of 1/20/10 it was not listed as one of the programs that could fix or even detect this TDL3 rootkit.
Last edited by mt_goat; 01-22-2010 at 07:01 AM.
#40
Contributing Member
Thread Starter
I have used it some, the problem is I have a large catalog of saved favorites (from many hours of research) and when transfered to Firefox or Google Chrome the whole thing got reordered to alphabetical. Yes, I know it could all be reordered with "organize favorites" command but it would take a long long time. I do like Firefox though.