Polite & Friendly's

in

PC Virus help

StrandWed Jun 03, 2009 9:42 pm

So I was downloading a divx codec for windows media player, but accidentally installed a virus.

It installed a program that's called "WinPC defender" some fake virus protection program and ever since my desktop has been really inconsistent. It has the following symptoms...

- Random freezes, usually within 5 minutes of booting up
- Won't allow me to log into my user and windows xp welcome screen
- Pop ups about my computer being infected and I need to download "WinPC Defender"
- Closes internet explorer and Firefox immediately after opening it.
- Erased all my restore points
- ran spybot search and destroy, a program that was recommended to me, but is hidden, it says its running in my task list when i press ctrl + alt + del, but I can't see it or use it.

Any help is appreciated, thanks.
Quote Post

mr-tWed Jun 03, 2009 10:13 pm

try booting in safe mode and them running a anti-vius, anti-spyware, anti everything and see if that works

i also heard this was meant o be a good program but i never used it, so don't talk me word on it

Malwarebytes' Anti-Malware


apart from that google it you will probably find a solution there
Quote Post

BullittWed Jun 03, 2009 11:28 pm

Spybot spyware cleaner and Avast anti virus or  Malwarebytes.  All are free should fix you up.  What you have is a malware so Malwarebytes may be your best option. You maybe able run in windows to clean it up.  Otherwise yes run the cleaner in safe mode.

Also you can try to restore.
Go to Start...
Accessories
System Tools
System Restore
u can restore it when u install it....
it will be back as normal..
but... all program that u install after WinPC will be removed also.
Quote Post

StrandThu Jun 04, 2009 12:03 am

how do i run in safe mode on xp? and also i dont have any restore points
Quote Post

T_DurdenThu Jun 04, 2009 12:45 am

Use Malwarebytes, if it can't fix it, then you are pretty much out of luck...MY wife's lap top got some junk on it a couple months ago, and I was battling it constantly with malwareytes, spybot destroyer, ad-aware, but her win xp installation was so old  that everytime I cleaned it, it would come back a few days later, finally got to the point where it wouldnt let me into windows, so I just did a format and fresh install and the virus is gone and the system runs 100% faster with the fresh install!.
Quote Post

FreyThu Jun 04, 2009 1:10 am

I had a pretty brutal one that would close any type of antivirus program that I tried to run.  Open your task manager.  Check everything that is running.  That's how I found the virus.  I then had to search through my files for the program file.  Delete that.  I then was able to finally get my computer to run an antivirus.  I had cleaned the majority out while the antivirus got the rest.  The virus that I had also infected the screen saver and replaced the wallpaper with it's own.  Had to delete that whole screensaver file and got the wallpaper.  In the end I finally have a clean pc.  To run safemode I think you push f8 right after memory count at bootup then on the start up menu choose safe mode.
Quote Post

StrandThu Jun 04, 2009 1:16 pm

Yea, I'm just reformatting it I guess, easiest way, I was on it for 3 or 4 hours yesterday, but it freezes after 2 or 3 mins which isn't enough time to run a full scan.

Anyways I wont be on for while.
Quote Post

FreyThu Jun 04, 2009 1:34 pm

It sounds like you have the same one I had on my desktop.  I got that frikken thing from doing a recipe search of all things.  What a pain.
Quote Post

A3TripodThu Jun 04, 2009 2:05 pm

Did you already format it?
If not, I can walk you through cleaning it up on TS tonight if you want.  One of the aspects of my job is threat assessment and forensics.  Malware is no small part of that world.

Do you have no antivirus at all?  If you do have-was it undetected, or did it find it and unsuccessfully quarantine/clean/delete it?  Do you know what is the name of the virus.  Depending on the bug (they have different clot factors) it might be better to blow up your  PC and start over...other times, they can be removed with minimal casualties (file corruption) and reasonably high certainty that it won't rebuild itself.
Quote Post

tetThu Jun 04, 2009 2:06 pm

Protip:  Malwarebyte's Anti-malware and Ccleaner are excellent tools after you have been infected.  Mcafee, Norton, Avast, and AVG all = crap av protection.  Use NOD32 or Kaspersky.

Strand hit me up on xfire(tet0r) if you have any questions are want other suggestions.
Quote Post

A3TripodThu Jun 04, 2009 2:55 pm

tet0r wrote:

Protip:  Malwarebyte's Anti-malware and Ccleaner are excellent tools after you have been infected.  Mcafee, Norton, Avast, and AVG all = crap av protection.  Use NOD32 or Kaspersky.

Strand hit me up on xfire(tet0r) if you have any questions are want other suggestions.



Actually, they all share the same flaw, which is that they can only protect what they already know.  signature-based protection is a problem, as AV companies (all of them) are behind the curve.  Heuristic scanning (if it smells like a skunk it must be skunk) often is ineffective.  My suggestion is that any AV is better than NO AV, but they all only fill in one small gap in terms of information security.

There is a compelling Cloud-based AV project, offered by Panda (cloudantivirus.com).  You might give that a try.  Feedback seems positive thus far (was in Beta recently).

Here's a link that explains at a high level, their approach to cloudAV
http://blog.cloudantivirus.com/2009/04/29/new-protection-model-explained/
Quote Post

GruntThu Jun 04, 2009 3:56 pm

Nod32 is good.  I also think AVG is good.  If you are ever unsure of a file you can upload it to this website http://www.virustotal.com/ and if it will scan it with a bunch of different engines.  Obviously it is too late for that but put it in the memory banks for next time.

Blowing the system away is sometimes the fastest way to get back up again and as winblows goes, it will be back to running great again (for awhile anyway).  

I also like using hijackthis to keep the program from running when you boot up.  http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html  When I get desperate, I just uncheck everything that it finds, legit or not and go from there.  If you can get rid of the problem, sometimes you may have to reinstall any apps that run in the background like printer stuff, mouse software etc...but that is usually easier than trying to decipher all of the stuff it lists.  Even then, sometimes it cant stop the beast from running either.

Some of these little buggers will not go away when they are running and shutting them down triggers it to rename itself and it's related files; getting rid of it can be tricky.  I can't remember if it runs in safe mode, but usually it allows you to prevent the files from running, then when you do go into safe mode your av or other tools have a better chance of getting rid of it.  Sometimes it takes multiple tools to do the job.  I actually had one that I couldn't get rid of until I installed Symantec Antivirus (which I don't really love for home computers).  I was supprised that it was the one to get the job done.

To get into safe mode, press the F5 key after your computer boots up, after the memory check and drive detection, but if you can't see this stuff just start tapping the button.

Good luck!
Quote Post

A3TripodThu Jun 04, 2009 4:29 pm

Safemode - you have to press F8 before Windows loads.
Quote Post

StrandThu Jun 04, 2009 4:37 pm

Yea, I ran it in safe mode, but when I try and open spybot, malewarebytes, and symantec anit-virus, its running in the process lists but I can't operate the program. I also Can't go on internet explorer or mozilla firefox, it closes immediately after opening it. So i geuss I'm forced to reformat probably for the best.

As for backing up programs, is there any way I can back up programs like photoshop, and games without actually installing them again, just by putting all their files and connecting files on a new hard drive?
Quote Post

A3TripodThu Jun 04, 2009 4:53 pm

Doubtful.  Most installed applications leverage existing drivers, files, etc and have numerous registry entries to enable such.  It's been a long time since I've used an application (exlcuding things like utilities/tools) that was completely autonomous from the OS or other apps.  Of course, it may be worth your while to backup cfg, save, or files of that nature.  Be cautious that you only backup known good files.  I wouldn't try to save anything that I didn't get from a trusted source or I wasn't certain was clean.
Quote Post Goto page 12Next

Forums ©