1. Sign-up to become a member, and most of the ads you see will disappear. It only takes 30 seconds to sign up, so join the discussion today!
    Dismiss Notice

My computer is sick.......and it's my fault. :^(

Discussion in 'Computers' started by LanceJ, Mar 25, 2004.

  1. LanceJ

    LanceJ Producer

    Joined:
    Oct 26, 2002
    Messages:
    3,168
    Likes Received:
    1
    Trophy Points:
    0
    Our computer caught a virus and it's me who put it there. :b :b :b And it's really messing with it badly--this isn't some cutesy virus sending out dirty jokes to everyone in our address books.

    If anybody can help me with this problem we would appreciate it--I'm unemployed and most companies don't use paper job applications anymore and won't accept paper resumes either so I absolutely need this computer to work right.

    Computer: Compaq Presario 5000, about 2 years old. Celeron processor (633mHz). Windows Millenium Edition O.S. Dial-up connection.

    How the virus was installed: About three weeks ago we received an email from "[email protected]'sISP.net" (I'm paranoid now about revealing who our actual ISP really is). It looked totally legit. The email said one of our accounts had a large amount of outgoing emails with viruses attached. (Here comes the extremely boneheaded-on-my-part section :b ) It then said we could utilize the ISP's free virus cleaning software by clicking on the attachment. And a password to activate it was also included. So, yours truly clicked on the attachment, a Windows file program popped up with an icon for this tool displayed (right-clicking on it revealed a 12kb program). I clicked on it, Winzip turned on, I unzipped the file using the five digit password, and it started working. All that happened was the two indicators for the modem/server started lighting up (meaning our computer and the ISP's server were communicating with each other, a very handy feature provided by our ISP). This went on for about 15 minutes, then just stopped. I was confused that no dialog box popped up that said something like "scan in progress" or "scan complete". Even the file icon itself just had a weird nonsense name to it, something like "xldqlts". But our ISP is one of those $10/month companies (despite this, much more reliable than AOL or MSN!!!) and I thought this was their way of saving money. And there were a couple of spelling mistakes also ("amount" was spelled with two m's) and the overall grammar of the email was kind of weird. But I was still under the impression this was all legit & I thought the writer was just in a hurry.

    It gets worse folks [​IMG] Computer was really acting weird after this, so I downloaded the latest McAfee virus cures, let it scan the computer & it found nothing. Soooooo, last Sunday we get another email from the same place repeating the warning about outgoing viruses, & again with free cleaning tool. This time the password used a .jpg(?) graphic to display the numbers instead of actual text just like those secure websites use. Again, very legit looking.

    And yes, I used the "tool" again [​IMG] [​IMG] [​IMG] , it did the same thing and the computer basically went apeshit. It became so bad, almost useless really, we finally did a system restore on Wednesday. But guess what? The only date available to restore it to looked like the same date (Feb.29) that the first virus was activated! We didn't have any choice and went ahead & did the system restore. The restore worked properly and we lost some stuff as warned by the program but the computer is still acting as badly as before.

    What the virus is doing: For at least 15 minutes after startup, the hardrive buzzes incessantly & this means launching any program takes MUCH longer, about 3-4 times longer. It's like the processor chip is stuck in a loop. But much worse: it is preventing us from accessing the McAfee virus scanner--it even removed the tray icon! Modem only connects about half the time now. And when it does connect, many times it DISconnects after just 30 seconds. And programs themselves are being messed with--various Internet Explorer features have disappeared (& sometimes reappeared). For example, audible "button click" sound after hitting hyperlinks stopped working one day after installing IE 6; Netscape 6.2's "configuration file" was "corrupted" (something about string literals?) and no longer remembered home page or other personalized info. Microsoft Word: my resume's font style was changed; Shut down/start up is affected too--just now after hitting the "on" button, Windows almost immediately came on within @5 seconds, wallpaper was visible and opening theme sound played--this normally takes around 20-30 seconds. Then when I used the Start Menu to restart the computer, it started correctly this time but then displayed the "incorrect shut down" box and started checking the hardrive for errors! I hit cancel and it finally proceeded to finish opening Windows (displaying program & tray icons, etc). And now the tool tray button for Realplayer8 has disappeared [​IMG] .

    Our last resort is to use the Compaq "Quick Restore" CD-ROM 2-disc set. But we have a lot of info on the computer we would rather not lose.

    Does anybody have ANY suggestions as to ridding our computer of this virus? This would be very much appreciated.

    Thank you,
    LanceJ
     
  2. Gabriel_Lam

    Gabriel_Lam Screenwriter

    Joined:
    Mar 7, 2002
    Messages:
    1,402
    Likes Received:
    0
    Trophy Points:
    0
  3. Rob Gillespie

    Rob Gillespie Producer

    Joined:
    Aug 17, 1998
    Messages:
    3,632
    Likes Received:
    5
    Trophy Points:
    0
    Copy any of your own files you can salvage onto another PC (virus check them on the other PC).

    Wipe and reinstall the infected system.

    Get a decent AV application and keep it up to date every day.

    Stop opening attachments unless you absolutely know what they are.

    Keep off-machine backups.

    [​IMG]

    That's what I would do. I just wouldn't take any chances with a machine in that state.
     
  4. Cees Alons

    Cees Alons Moderator
    Moderator

    Joined:
    Jul 31, 1997
    Messages:
    19,475
    Likes Received:
    340
    Trophy Points:
    9,110
    Real Name:
    Cees Alons
    If you do have access to another computer, this is what I would do:

    Move the disk of your infected computer to another clean one.

    First: realize what the drive letter of your disk on that computer will be (something like "D:") and make sure that no program will automatically startup from that disk at system startup. Preferably the other computer shouldn't have a drive like that in the first place.

    Take out your "infected" hard disk. Install it as a secondary disk on that other computer (don't forget to put the 'Slave' jumper in, the positions are usually given on a label on the disk itself). Remember the original position of that jumper.

    Now start the other computer. You will have a "D:" disk or something. Remember that it may be loaded with virus copies for all you know, so DON'T START ANY PROGRAM FROM THAT DISK.

    Run anti-virus software to your heart's content. Copy your data files to a CD or floppy, or whatever you fancy. Don't forget your e-mail files. They may be located in the Documents and Settings part, or else a propriety folder of your e-mail client. Don't bother to copy your installed programs - you cannot trust them anymore - only the data you want to keep.

    If you still have the original OS distribution disks of your own operating system (preferably as well as those of your installed other software), now clean format your disk when you're sure you have copied everything you want. Make sure you format the proper disk: not the system disk (or any other) of the PC you lent.

    Shut down the system, take your empty disk out, put the Master/Slave/CS jumper in the original position on it and put it back in your PC. When you start up, make sure (if necessary by entering BIOS-setup) that you can boot from the OS distribution medium.

    Install the OS again. When you have established internet access, load MS-updates as necessary. Install the virus software and get the latest data-file updates of it. Run it and run it on the media containing your data copies. Install your originally installed programs from their original distribution media. Install possible updates.

    Set your e-mail client NOT to open any mail 'automatically" (e.g. disable the preview pane of Outlook Express).

    Run your virus program. Now copy your data files back, run virus scans again. Open your e-mail client, and if you had restored your mail files, totally delete (include: the Deleted Items folder) all your dubious mails, any of them.

    You're set.

    Check your various prgrams and the data you put back. If all's OK, MAKE BACKUPS OF YOUR DATA FILES ON A CLEAN MEDIUM and continue to do that on a regular basis. If you do, next time it may be a simpler job.


    Cees
     
  5. LanceJ

    LanceJ Producer

    Joined:
    Oct 26, 2002
    Messages:
    3,168
    Likes Received:
    1
    Trophy Points:
    0
    Thanks Cees and everybody else--I'll have to carefully consider what to do because this isn't my computer.

    Unfortunately, I don't have the skills to dissasemble the computer to physically move the hardrive around (and the only other computer we own is a laptop).

    Here's two more questions if you don't mind--I won't hold anyone responsible for anything so go ahead and give me your best guesses:

    1) Can viruses infect other parts of the computer, besides the hardrive? Because it would be a major bummer if we reformatted the hardrive with the restore discs & the virus was hiding somewhere else, ready to reinfect everything again.

    I'm sure the following incident is also virus-related but I figured it wouldn't hurt to provide as much info as possible about this virus in case someone else out there encounters it.

    2) Last night I had a Windows dialog box pop up tersely stating "SYSTEM RESOURCES ARE DANGEROUSLY LOW" and offered to shut down certain programs.......except they were (I think) actual operating system programs, and not IE, media players, etc. This is the second time this has happened since being infected, but before that, this had never happened before. All I had going was two IE windows (the HTF forum and a sports forum) and Realplayer8 which wasn't even streaming anything at the time. That box appeared as soon as I a clicked on a Realplayer link on cduniverse.com and then tried to minimise it. I went through about four of those warning boxes with various weird looking programs listed on them and eventually the computer completely locked up and I had to reach under the desk and literally pull the plug & then plug it back it in to restart it. And of course the incorrect shut down box appeared and it took almost 15 minutes(!) for it to check the hardrive--while this procedure was taking place the hardrive sounded like it was on amphetamines.

    And without trying to start an argument, are Apples inherently less susceptible to viruses or is it that the people that send viruses just hate Microsoft? Because all we do with our computers is use the Internet, write emails, use a scanner about once a month and use Word for letters and resumes. No gaming, no Photoshop stuff, no audio-related activities.

    Thanks again. [​IMG]

    LJ
     
  6. Gabriel_Lam

    Gabriel_Lam Screenwriter

    Joined:
    Mar 7, 2002
    Messages:
    1,402
    Likes Received:
    0
    Trophy Points:
    0
    1. It can infect other writable disks, like floppies. It cannot infect burned CD's though.

    2. It's because apple owns 4% of the marketshare. If your goal was to screw as many computers as possible, writing apple OS viruses is a waste of your time.
     
  7. Cees Alons

    Cees Alons Moderator
    Moderator

    Joined:
    Jul 31, 1997
    Messages:
    19,475
    Likes Received:
    340
    Trophy Points:
    9,110
    Real Name:
    Cees Alons
    Lance,

    You cannot infect a burned CD indeed, but of course you can copy a virus along with other files WHEN you burn the CD.

    Also, it's obvious that you need a cleaned system urgently.

    Most of what I said can also be done from your PC as long as it's operating. And of course, you have to be even more careful, because you WILL be starting programs from your infected disk. You will need to rely more heavily (even) on your virus scanning software to check, double-check and check again.

    If you can burn CD's, great, because you can copy your data in less operations. If you don't, I do hope you have another medium that can hold all your sensitive data, even if you need more, say, floppies to do it.

    When you can boot from the distribution CD of your OS, you can finally format the infected system disk, after booting to the CD system. The end-result will be the same as in the operation I described.


    Good luck,


    Cees
     
  8. LanceJ

    LanceJ Producer

    Joined:
    Oct 26, 2002
    Messages:
    3,168
    Likes Received:
    1
    Trophy Points:
    0
    Well, I tried that free online scanner (thanks Gabriel for that link) and it found three viruses:

    * "PE BAGLE"
    * "WORM NETSKY"
    * "WORM BAGLE"

    Total number of files infected: 6,282 (is that a lot?)

    About half were "cleanable" and the others I would have to delete.

    Unfortunately, when I hit the "clean" command, a box popped up and said it couldn't be cleaned because that particular file was in use. Hit "O.K." and another identical box (but with a slightly different file name listed) said that one also couldn't be cleaned for the same reason. I repeated this almost thirty times with the same result. I gave up.

    Repeated scan (another 25 minutes)--this time I first hit the "delete" option for those files that couldn't be cleaned......and that same dang box as described above popped up--it just went back to the beginning of that list of cleanable files!!!! It looks like I would have had to hit the "O.K." button almost three thousand times just to get to the files I could delete.

    I gave up after doing this for almost two hours.

    Does it sound like that virus was messing with THIS virus scanner too? [​IMG]

    LJ
     
  9. Diallo B

    Diallo B Screenwriter

    Joined:
    Dec 18, 2002
    Messages:
    1,076
    Likes Received:
    1
    Trophy Points:
    0
    i am not familiar with the viruses that you have stated infected the computer in question. however, with over 6,000 infected files if it were my computer i would simply have to re-install the operating system. there is no way i would spend days trouble shooting how to get rid of those infected files unless there was some !CRUCIAL! information on the hard drive.

    this is one of the many reasons i keep my OS on its own partition and make a ghost image of it every so often. so the second something goes wrong all i have to do is boot my ghost image and i will be back up and running in ten minutes. !BUT! even with 6,000+ viruses it would still be worth it to me to re-install the OS instead of spending hours/days trouble shooting.

    i just did that this morning. for whatever reason my computer kept crashing whenever i tried to encode any avi to mpeg-2. instead of trouble shooting i just booted my last ghost image and in 10 minutes i was happily encoding again.

    i know that is not your computer so you may not be able to just start over. good luck with your task.
     
  10. LanceJ

    LanceJ Producer

    Joined:
    Oct 26, 2002
    Messages:
    3,168
    Likes Received:
    1
    Trophy Points:
    0
    Thanks Diallo.

    Just a clarification: when I said I gave up after two hours, I meant that after doing all the procedures I have just described, I gave up. Not that I hit that "O.K." button for two hours. I'm not THAT obsessed with cleaning this virus. [​IMG]

    BTW: do viruses ever have time limits programmed into them? I.e. do they just hang around & pester you for X amount of days/weeks & then time out?

    LJ
     
  11. Glenn Overholt

    Glenn Overholt Producer

    Joined:
    Mar 24, 1999
    Messages:
    4,203
    Likes Received:
    0
    Trophy Points:
    0
    Yep, 6,000 sounds like a lot to me too. If you can't reinstall then try this. Get the names of the files that are in use and then do a 3-finger salute. If they are in use they should be listed, so just stop the programs and try it again.

    A slightly harder solution would be to reboot into DOS, find them and delete or move them to another location. However, you may end up with a system that won't boot up at all after that.

    Are all of the infected files part of the OS, or are they part of other programs and files too? Just curious.

    Glenn
     
  12. Diallo B

    Diallo B Screenwriter

    Joined:
    Dec 18, 2002
    Messages:
    1,076
    Likes Received:
    1
    Trophy Points:
    0
    some viruses do have time limits. but that is often a hollywood thing. most viruses simply continue to infect your system forever. with 6000 infected files and 3-4 viruses on the system that computer has been infected for a while.
     
  13. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
    You need to boot your system from something other than the built-in harddrive.

    Floppy disks, a bootable cd-rom, whatever. Then you need antivirus software, also on media that isn't infected - a cd or floppy.

    These disks you have to get from an outside source, not create yourself on the infected computer, obviously.

    That way, the viruses on the harddrive will never manage to establish control over the operating system and you have a sporting chance of removing them.

    If that isn't doable, you may have to face facts and do a complete system reinstall/reformat using the discs you have. Personally, I'd recommend you do that anyway, after copying your most critical files off the computer somehow. Be aware that anything you copy out from that plague infested computer may be infected and absolutely has to be scanned with an up-to-date virus scanner before you do anything with it.

    If you ever do get out of this without a complete system reformat... I sincerely hope you (and anybody else reading this) has learned that you NEVER EVER UNDER ANY CIRCUMSTANCES open file attachments unless you are 101% sure you know what you are doing, have antivirus software running and updated that very same day, and have checked the Microsoft Windows update for bugfixes also that same day.

    This, of course, is for attachments you are expecting and have reason to get. Unsolicited attachments should be treated as accidents waiting to happen and deleted unopened.

    For the majority of people, being 101% sure isn't enough, because nobody is quite so sure of him- or herself as someone who isn't so very knowledgeable about stuff... the more you learn, the less accomplished you feel. [​IMG]
     
  14. Robt_Moore

    Robt_Moore Stunt Coordinator

    Joined:
    Feb 27, 2002
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    10
    Lance:

    I've had great luck with this anti-virus program:
    AVG anti-virus guard--look for the free edition.
    http://www.grisoft.com/us/us_index.php

    It will let you make an emergency disk, like was mentioned above. It has free updates, has a very easy interface, and does'nt seem to slow down your computer like some antivirus software does.

    Bob
     
  15. LanceJ

    LanceJ Producer

    Joined:
    Oct 26, 2002
    Messages:
    3,168
    Likes Received:
    1
    Trophy Points:
    0
    Thanks Kimmo.

    I found a detailed description of that "PE BAGLE" virus our computer has; the description exactly fits what I saw in those emails we received and what our computer is doing now, including screwing up our McAfee scanner:

    PE BAGLE details at Trend Micro

    And it looks like it does time out......almost two years from now. [​IMG]

    LJ
     
  16. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
    Yup, looks like you have at least two or three separate critters in there. The filtering mailserver I set up at work has caught hundreds of these a day lately, mostly it's a huge flood of Netsky variants with assorted Bagle variants popping up from time to time. The occasional Swen and other "older" critters also gets filtered out daily.

    Still, this should be a learning experience for you at least. [​IMG]

    Just get a bootable floppy or cd and clean out the system and see what you have left when the dust settles. Like I said, a reformat and reinstall from CD's followed by immediate visits to windows update, a software firewall company of your choice (I suggest Sygate) and an Antivirus vendor (I like Norton myself) and you should have a sporting chance of staying bug-free for a while.
     

Share This Page