 sj |
||
|
||
Tech: Help! Serious PC Infection?
|
|
|
Subject: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 02:33 PM I was working on my main pc when it suddenly went to a green screen with a large square sign saying "YOUR SYSTEM IS INFECTED. System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use computer before all spyware removed" I did a full computer scan with my AVG (free) version protection programme and it showed files infected with Trojan Horse Back Door.Generic 12XLR and win32/cryptor, which means nothing to me! it then cleaned them and rebooted but said there was 4 that could not be healed. When it started up again it was back to the green background with a message "your computer is infected with Worm.Win32.NetSky.Type.Virus Security Risk 5. Perform a full system scan. Then the large square screen came up again. I am now very very nervous, so I've shut down and am just using the laptop, but all my stuff is really on the pc, personal, banking,etc so I am very worried. Is there any way I can clean it, or is it now useless, can someone please help, I am at my wits end. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: beeliner Date: 15 Jan 10 - 02:49 PM Proir to the green screen appearing, had you noticed any malfunction or irregularity in operation? It sounds like someone may be trying to sell you something, and possibly f***ing up your computer in order to do so. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Rasener Date: 15 Jan 10 - 02:50 PM See PM Don't do anything before reading that. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Bernard Date: 15 Jan 10 - 02:55 PM It's probably not too serious if you didn't accept the trojan's suggestion to allow it to infect your system... First, try starting up in Safe Mode (keep tapping the F8 key as soon as you switch on, until the menu appears) and try running AVG from there. If you cannot access Safe Mode (it asks for a non-existent Administrator password), then things are a bit more serious. If so, check out ComboFix on Bleeping Computer. If you can understand the instructions you'll be able to sort it, otherwise you need a local friendly face! |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 03:22 PM beeliner, funny you should say that, after a little while there was a message that said windows can sort it with the new 2010 programme and wanted $49.95. The trouble is I cannot get rid of the green screen and get back to normal. Now I'm completely confused. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: GUEST,padgett on lap top Date: 15 Jan 10 - 03:44 PM Yes you clicked on a Trojan, nasty little things and you can do to stop em ~ instantaneous and puport to be what they are definitely not Combo Fix as above I think if you can get on board with your pc Otherwise take to a pc shop and explain, there is web help for nothing too, be careful!! Ray |
|
Subject: RE: Tech: Help! Serious PC Infection? From: beeliner Date: 15 Jan 10 - 03:52 PM "beeliner, funny you should say that, after a little while there was a message that said windows can sort it with the new 2010 programme and wanted $49.95." Extortion! I had something similar once, I didn't bite and it went away by itself after a reboot. If that doesn't work, see a pro, s/he may also charge you fifty bucks, but will guarantee results. Succumbing to the blackmail will only bring more of the same. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Bill D Date: 15 Jan 10 - 04:27 PM If you are still able to use and download stuff at all...get Malwarebytes!! (just the free one will do) My wife had a bad one of that basic type several months ago. It took experts to get it to where we could even use it...but even they didn't clean out all traces...Malwarebytes did. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Bill D Date: 15 Jan 10 - 04:33 PM It 'can' lock up your computer to where you can do NOTHING except click on the trojan's link and buy their software...which, as you might guess, fails after a few weeks, and they demand you buy an 'update'. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Stilly River Sage Date: 15 Jan 10 - 04:34 PM We've talked about this before and it looks like the same answers are coming up. Bleeping Computer is a great, matter-of-fact site I use every so often. Do what you can to dredge it out, and there are a couple of programs or sites that can help kick it out. Otherwise, I wonder if system restore is still working, or if this trojan kicked out all of the backup points? SRS |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 04:55 PM I tried system restore but it said unable to comply infected file. Thanks for help, but it's not looking too good is it? Damn! |
|
Subject: RE: Tech: Help! Serious PC Infection? From: bobad Date: 15 Jan 10 - 05:06 PM If you are able to access the internet and download, you might want to try Microsoft Security Essentials. It's a free program from Microsoft which I have been using since I had some problems and got rid of all my AV and spyware programs. It has been keeping my computer clean and even found and removed a Trojan and other malware that my other "free" programs didn't recognize. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Stilly River Sage Date: 15 Jan 10 - 06:23 PM The key to getting this fixed is to have another computer where you can research the problem on the first one, and a thumb drive where you can download any of the remedies and move it over to the other. If you have to reboot to repair Windows at some point in this keep an eye out for the message (something like "F8 for BIOS") that will flicker across the screen from the ROM as it starts up. Mash that button as soon as you see it until the BIOS come up and you can, if you need to, set up a CD drive as the boot disk to get away from the infected C drive. See if you can scan or do repairs from Safe Mode, etc. There are still lots of options for getting this sucker cleaned up, but they take a little time and patience. Good luck. SRS |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Bert Date: 15 Jan 10 - 06:37 PM I had a similar infection recently and Spybot fixed it. It wouldn't run from the desktop though, I had to reboot and let it run from scratch. You might try downloading Spybot on your laptop, tranfering it to a CD and running it from the CD on your desktop. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: JohnInKansas Date: 15 Jan 10 - 06:44 PM The most common reason for an AV scan reporting that something couldn't be removed is just that a file cannot be deleted (or moved) if it's open when the deletion (or move to quarantine) is attempted. As Bernard sugggested, the simple response is to reboot to safe mode, excluding all the stuff in Startup from starting, and re-run the AV scan there. This usually will allow the AV to remove the remaining crud. Previous discussions of how to get a safe boot have shown that F8 during a startup usually works, but some machine makers us a different key (F1, F2, F4, etc) to redirect the startup. For WinXP, a more positive method is given in Microsoft Knowledge Base article KB 310353 - method 2. Along with being a more reliable method, on some computers this allows more selections of what starts and what doesn't in the particular safe mode you select. If you're running Vista (or Win7) you'll probably get a warning that the KB article only applies to WinXP, and may not work on your computer. So far as I've seen, it works in Vista although there may be some minor differences in screens you see. John |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 06:47 PM Hi SRS, I am at this moment sitting beside the infected machine with my laptop from which I just downloaded Malwarebytes onto a stick and have managed to load it onto the infected machine and now waiting while it does a full scan. I am still getting continual messages popping up trying to frighten me telling me how bad things are but if I click to download this "Internet Security 2010" it will solve all my problems, and as fast as I delete them they keep coming back.........meanwhile the scan is still going, I've got plenty of patience. I'm not too computer literate so I really don't understand the "CD drive as a boot disk" bit, but anywqay I will soldier on. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: John J Date: 15 Jan 10 - 06:56 PM I'm waiting for news with baited breath! JJ |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 07:02 PM John, thanks for that, I clicked on the link you gave, looked at method 2 and nearly died of a heart attack, it's way too complicated for me to attempt, but thanks anyway. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Joe G Date: 15 Jan 10 - 07:06 PM I'm hoping Malwarebytes will sort your problem as it is very good. However I was advised that Trojans apparently can still reinfect as you are cleaning them out. The advice to start in Safe Mode is good as I had to do that to rid myself of a couple of trojans. You may have to go into the registry manually to delete them but if you do be careful. If Malwarebytes doesn't solve your problem can I recommend the PC Advisor Helproom Forum who have taught me the little I know! Really helpful people there too. Good luck - its a shame there are people in the world who use a wonderful resource like the wb to spread evil & extortion but I suppose that is the way things are |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 07:11 PM JJ I think it may be a long wait. I'm now getting messages saying I'm being attacked do I want to block it and guess what, if I click block, it tries to take me to where I can purchase Internet Security 2010 which will solve all my problems.......... meanwhile the scan goes on. New message, system detected a potential hazard, click to download IDS Software (official intrusion detection system) |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Janie Date: 15 Jan 10 - 07:11 PM Hi wilbyhillbilly, The CNET link below addresses WIN32/cryptor and malbytes, as well as instructions if you are having to do as you are, and download malbytes from another computer. http://forums.cnet.com/5208-6132_102-0.html?threadID=330468 |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 07:14 PM I agree Joe, I'm still watching the malware scan which is merrily going ahead despite a continual popping up of numerous messages. Thanks for your help. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 07:24 PM Thanks Janie, that is most helpful, at least I know what to do now when the scan finishes :) |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Joe G Date: 15 Jan 10 - 07:41 PM Hang in there - hopefully you'll sort it! Just don't click on anything that looks dodgy! When you are sorted get yourself Superantispyware, Spybot & Spyware blaster to detect wat AVG doesn't & run regular scans with Malwarebytes. Alternatively as has been mentioned some people rate Windows Security Essentials Fingers crossed for you! |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 07:49 PM Well the malwarebyte scan finished, deleted or quarantined the infected files, some it sais it would do on the reboot, but, when it rebooted up came the big square warning, YOUR SYSTEM IS INFECTED. So I am back to square one, reckon I'll have to take it somewhere as nothing seems to work for me and it's now nearly 1.00am and I am getting a bit tired. Anyway thanks for all the advice 'catters, nice to know you are ouy there when needed. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: olddude Date: 15 Jan 10 - 08:53 PM www.onecare.com download the malicious software scanner from microsoft and run it it is free |
|
Subject: RE: Tech: Help! Serious PC Infection? From: bobad Date: 15 Jan 10 - 09:03 PM Try this: START / RUN / (type in mrt )/OK this is Microsoft Malicious Software Removal Tool, it removes most WIN32 bugs. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: wilbyhillbilly Date: 15 Jan 10 - 09:49 PM FANTASTIC!!! Bloody brilliant!!! Thank you,Thank you,Thank you. It's CLEAN, I did a full scan with Malwarebyte and it found and removed infected files as I said, but left me with the big square screen. So I tried another quick scan and it came up with "no malicious content found" but I STILL had that bloody screen. Then I tried system restore again and it let me in but after 6 attempts at different dates it wouldn't let me restore and left me with the big square screen. I then tried Microsoft Security Essentials and it found 4 more infected files and cleaned them and hey presto, no more big square screen and it all appears back to normal so far. I now have the Microsoft Essentials running 'cos "it worked for me". My grateful thanks to all who contributed and wow, what a learning curve. It's now nearly 3.00am but it was well worth it. Thanks again. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Bill D Date: 15 Jan 10 - 10:15 PM wow! Good show! "It takes two to Tango"! Now *I* know one more trick. |
|
Subject: RE: Tech: Help! Serious PC Infection? From: olddude Date: 15 Jan 10 - 10:19 PM that essentials from microsoft onecare works every time glad you nailed them dan |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Joe G Date: 16 Jan 10 - 10:59 AM Something from Microsoft that works - amazing! Well done - glad you are sorted! |
|
Subject: RE: Tech: Help! Serious PC Infection? From: Acorn4 Date: 16 Jan 10 - 03:10 PM Just out of interest as you've now solved the problem, I had a computer a few years ago that got the Netsky worm. In fact this is a series of worms that keeps cropping up so it would seem, not aided by the fact that some helpful soul made the code available to create it on the internet - the sorcerer's apprentice - in the end I got rid of it my finding out where it snuck its files, finding them and deleting them |
| Share Thread: |