Need some help with a continuing virus/spyware problem

Discussion in 'Computers' started by Luke_Y, Feb 4, 2005.

  1. Luke_Y

    Luke_Y Second Unit

    Joined:
    Aug 20, 2001
    Messages:
    424
    Likes Received:
    0
    Need some help with a continuing virus/spyware problem.

    OK where to start... Over the last month or so I have had reoccurring problems, every time I think I have it all cleaned up it comes back after a day or so. It starts with either a browser homepage hijack to "QuickMetaSearch.com", the instalation of a "Zero Catagory" (0CAT) tool bar on Internet Explorer, or an AVG warning that a virus was found.

    Most commonly the virus is " Prvdi1.exe " which AVG lists as "Trojan Horse Dropper.small.9.BV". Sometimes it is "dload.exe" "Downloader.small.bu" It is usualy first reported in C:docs&settingsuserlocalsettingstemp.

    AVG deletes it fine. When I go to the folder I also find StHP.exe, & 0cyp.exe So I delete those as well. I then go looking around and find a "STHomePage" folder and a "0CatYellowPages" folder in; C;ProgramFiles. I delete those folders. I go looking in C:WindowsSystem32 and sometimes find dload.exe or prvdi.exe there and delete those as well.

    I look in add remove programs and remove "0Cat Yellow Pages 1.0" and it says it was successfully removed, and then a browser window opens going to 0cat.com I quickly close it, but when I went back to cdocsandsettuserlocalsettemp there was a new file "A~NSISU_.exe... deleted that. Back in cprograms the ST Homepage folder was back as well...deleted that.

    OK so back in AddRemove programs I didn't recognize a program called LinksHelper 1.0 and tried to remove it. An error said it could not be found possibly already removed.

    Next I run HijackThis and have it fix everything I know should not be there. Here is the log with *** in front of the the things I fixed.

    Logfile of HijackThis v1.99.0
    Scan saved at 6:25:20 PM, on 2/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSSystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
    C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
    C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
    C:WINDOWSsystem32cisvc.exe
    C:WINDOWSSystem32gearsec.exe
    C:WINDOWSsystem32driversKodakCCS.exe
    C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe
    C:WINDOWSSystem32MsPMSPSv.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSBCMSMMSG.exe
    C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    C:WINDOWSSystem32DSentry.exe
    C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
    C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
    C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
    C:Program FilesiTunesiTunesHelper.exe
    C:Program FilesJavaj2re1.4.2_04binjusched.exe
    C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
    C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
    C:Program FilesiPodbiniPodService.exe
    C:WINDOWSsystem32cidaemon.exe
    C:WINDOWSsystem32cidaemon.exe
    C:Program FileshijackthisHijackThis.exe

    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
    ***R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://quickmetasearch.com/?said=acc0002_ho
    R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyServer = http://portal.uky.edu/proxy.pac:80
    R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = http://adobeols.ofoto.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
    ***O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:Program FilesSTHomePageSTHomePage2.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
    ***O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:Program FilesCAT YellowPagesSTIEbar2.dll
    ***O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:Program FilesCAT YellowPagesSTIEbar2.dll
    O4 - HKLM..Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
    O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
    O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
    O4 - HKLM..Run: [DwlClient] C:Program FilesCommon FilesDellEUSWSupport.exe
    O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
    O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
    O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
    O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04binjusched.exe
    O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
    O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
    O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    O8 - Extra context menu item: &Copy Location - C:WINDOWSWEBgraburl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
    ***O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:Program FilesCAT YellowPagesSTIEbar2.dll
    ***O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:Program FilesCAT YellowPagesSTIEbar2.dll
    O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
    O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
    O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
    O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
    O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:WINDOWSsystem32oline.dll
    O15 - Trusted Zone: *.bankone.com
    O15 - Trusted Zone: *.uky.edu
    O15 - Trusted Zone: *.weather.com
    O15 - Trusted Zone: *.windowsupdate.com
    O23 - Service: Adobe Active File Monitor - Unknown - C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown - C:WINDOWSSystem32Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:WINDOWSSYSTEM32ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
    O23 - Service: Gear Security Service - GEAR Software - C:WINDOWSSystem32gearsec.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
    O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
    O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:Program FilesIntelNCSSyncNetSvc.exe
    O23 - Service: Photoshop Elements Device Connect - Unknown - C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe


    I then ran SPYBOT, found and fixed "7Fasst" (Browser Hijacker).

    AdAware- nothing, CW Shredder- nothing, and an AVG full scan- nothing. So restart system and check my browser- OK no toolbar and MSN homepage. Run Hijack this and get a result I think is clean:


    Logfile of HijackThis v1.99.0
    Scan saved at 7:54:00 PM, on 2/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSSystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSBCMSMMSG.exe
    C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    C:WINDOWSSystem32DSentry.exe
    C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
    C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
    C:Program FilesCommon FilesDellEUSWSupport.exe
    C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
    C:Program FilesiTunesiTunesHelper.exe
    C:Program FilesJavaj2re1.4.2_04binjusched.exe
    C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
    C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
    C:Program FilesDellSupportAlertbinNotifyAlert.exe
    C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
    C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
    C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
    C:WINDOWSsystem32cisvc.exe
    C:WINDOWSSystem32gearsec.exe
    C:WINDOWSsystem32driversKodakCCS.exe
    C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe
    C:WINDOWSSystem32MsPMSPSv.exe
    C:Program FilesiPodbiniPodService.exe
    C:WINDOWSSystem32svchost.exe
    C:Program FileshijackthisHijackThis.exe
    C:WINDOWSsystem32wuauclt.exe

    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
    R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyServer = http://portal.uky.edu/proxy.pac:80
    R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = http://adobeols.ofoto.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
    O4 - HKLM..Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
    O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
    O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
    O4 - HKLM..Run: [DwlClient] C:Program FilesCommon FilesDellEUSWSupport.exe
    O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
    O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
    O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
    O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04binjusched.exe
    O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
    O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
    O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
    O8 - Extra context menu item: &Copy Location - C:WINDOWSWEBgraburl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
    O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
    O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
    O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
    O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
    O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:WINDOWSsystem32oline.dll
    O15 - Trusted Zone: *.bankone.com
    O15 - Trusted Zone: *.uky.edu
    O15 - Trusted Zone: *.weather.com
    O15 - Trusted Zone: *.windowsupdate.com
    O23 - Service: Adobe Active File Monitor - Unknown - C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown - C:WINDOWSSystem32Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:WINDOWSSYSTEM32ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
    O23 - Service: Gear Security Service - GEAR Software - C:WINDOWSSystem32gearsec.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
    O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
    O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:Program FilesIntelNCSSyncNetSvc.exe
    O23 - Service: Photoshop Elements Device Connect - Unknown - C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe


    I believe I know what everything there is so it looks OK. I go look in the folders that I have previously found the offending files and dont find them. Everything all cleaned up, or so I think for a few days or few hours. But then it's repeat the whole thing all over.

    A bit about my current settings; Windows update current, AVG current, and the previously mentioned tools current. Sometime after the first virus I turned System Restore off, disabled Java casheing, and went into internet options-security and set all Active x settings to disable or prompt and did the same for scripting, java is set to high safety.

    Someone please help,I cant kill this thing. [​IMG]
     
  2. Luke_Y

    Luke_Y Second Unit

    Joined:
    Aug 20, 2001
    Messages:
    424
    Likes Received:
    0
    Right after I posted I got another virus warning "access_now.exe" infected with "downloader.small.11.bu" in cdocsandsetuserlocalsettemp again.

    Where is the bastard hiding!
     
  3. DaveNel

    DaveNel Second Unit

    Joined:
    Oct 13, 2004
    Messages:
    447
    Likes Received:
    0
    Well if it in fact a trojan, How they work is the 2nd you turn on your PC they can jump from the HD straight to memory, When you shut down the PC they jump back to the HD:

    Here is a fix that may help, But no guarantees:

    After you run your spyware, Virus software, Adware software.

    Drop the power to your computer and do not shut down like

    Normal. After you do that, Open the case, remove the

    Battery from the motherboard, There is a Bios jumper on

    the board also, jumper that clear Bios jumper, turn the PC

    about 30 seconds to 1 minute. But dont let it start

    Windows or even start. Turn the PC off, put the battery

    back on the board, change the jumper back to where it was,

    restart the PC and rerun your antivirus software.

    That may and should remove the bugger from your PC
     
  4. Glenn Overholt

    Glenn Overholt Producer

    Joined:
    Mar 24, 1999
    Messages:
    4,203
    Likes Received:
    0
    Ouch! The thing I dislike most about XP is the number of files it puts in for the users.

    Have you tried doing a search? I'd get fuzzy and use the "*". You might also check for files created on or after a certain date too.

    If that doesn't work, I'd search in the registry.

    If it does take a couple of days before it returns, it might out there at a site you visit, and/or someone has your IP address targeted. When you get it, look at the date and time it was created, and then go into your history and compare.

    Good luck killing it!

    Glenn
     
  5. EricWilliam

    EricWilliam Agent

    Joined:
    Aug 31, 2004
    Messages:
    37
    Likes Received:
    0
    the only 100% sure fire method of getting rid of something like that is format c:..
     
  6. DaveNel

    DaveNel Second Unit

    Joined:
    Oct 13, 2004
    Messages:
    447
    Likes Received:
    0
    Yeah thats true for most cases, But it doesnt ever hurt to check everything out before you lose a lot of Data on a PC [​IMG]
     
  7. DaveNel

    DaveNel Second Unit

    Joined:
    Oct 13, 2004
    Messages:
    447
    Likes Received:
    0
    In fact here is proof, There was afriend of mine he got himself a virus last month every time he tried to get on line.. A 60 second countdown then it would shut off his PC, He formatted the PC, Then tried to get online it happened again 60 seconds after he got online his PC shut down..

    Whatever it was Nortons took it out but it wasnt easy (LOL)

    So formatting sometimes isnt the way to go, Because even if you format the virus can still be lurking somewhere and before you know it ( SURPRISE ) you are on candid camera [​IMG]

    But formatting is a last resort because it may and may not solve the problem..
     
  8. Christian Behrens

    Christian Behrens Supporting Actor

    Joined:
    Mar 2, 2000
    Messages:
    713
    Likes Received:
    0
    Location:
    SF Bay Area
    Real Name:
    Christian Behrens
    Time to use something else but IE...

    -Christian
     
  9. Joseph DeMartino

    Joseph DeMartino Lead Actor

    Joined:
    Jun 30, 1997
    Messages:
    8,311
    Likes Received:
    13
    Location:
    Florida
    Real Name:
    Joseph DeMartino


    Formatting C: doesn't work 100% of the time, either, as noted above. The format command does not wipe the master boot record and a memory-resident virus can hide in RAM during the format process and write itself back to disc in the MBR, or into the BIOS and come back on the next reboot. Some especially nasty and persistent viruses and Trojans will attack your anti-virus and anti-spyware programs. (I dealt with one the so thoroughly trashed Norton you couldn't even uninstall it - and the Norton CD wouldn't let you re-install it until you did. I had another that prevented Spybot from connecting to the internet to update its database once it was installed.)

    When I worked at a help desk call center for a Major PC Manufacturer a few years ago a lot of our customers got hit with a virus that could only be destroyed by FDISKing repeatedly with the MBR switch, yanking the power cord rather than doing a normal shutdown, and finally writing zeros to the entire drive surface before restoring the system to its original out of the box state with the recovery CDs.

    Regards,

    Joe
     
  10. Peter Kim

    Peter Kim Screenwriter

    Joined:
    Jun 18, 2001
    Messages:
    1,577
    Likes Received:
    0
    Joseph, I'm relatively new to the PC world, and also still using an iMac.

    How the hell does a system get infected by a virus so severely? And one that you've described as so seemingly indelible?

    I'm curious since I've owned my first pc for the past month, I haven't had any problems with viruses or spyware. I use Firefox exclusively and run Spybot/Adware tandem weekly. Plus I've got Norton automatically doing its thing and I'll manually run Tuneup Utilities occasionally.

    So I thought that given most pc users are security savvy enough to run this minimum cocktail of apps, I cannot imagine how anyone's system can be so thoroughly devastated.

    I'd appreciate if you could elaborate on some common scenarios so that I could shore up any weaknesses in my defense.
     
  11. DaveNel

    DaveNel Second Unit

    Joined:
    Oct 13, 2004
    Messages:
    447
    Likes Received:
    0
    Exactly, as I stated Joseph, Except I would try a few thing before I wiped out the Hard drive. as noted in 1 of my above post. But the trick is to make sure the virus cant go from memory back to the Hard drive, Then when you remove the battery, And jumper clear the Cmos and Bios, That kills the Virus as far as memory, Then with floppy disks from either norton or mcafee start up the PC with there Bootable anti-virus floppy disk. Then if that dont work, Then you know whats next,

    FDISK about 7 times completely, Then reformatting after the 7th one. and if that dont work comes the Low Level format that wipes it all out and you now have a clean drive you can eat prime rib off of [​IMG]
     
  12. DaveNel

    DaveNel Second Unit

    Joined:
    Oct 13, 2004
    Messages:
    447
    Likes Received:
    0
    Hello Peter...

    Well using Firefox was your first step from avoiding malicious programs and most known viruses are made for the PC, The Macs just dont happen that often.

    Now to get to the meat of your questions.

    Certain viruses are made by Kids, Companies, And whoever is board or greedy or mad at someone. Whatever the case may be there all still viruses, Alot of people still think a computer virus can make people sick That is a false statement. A virus is a program nothing more. When someone writes a virus program, They can do just about any thing and everything. They can make your screen act up, Do annoying things, Cause keyboard an mouse functions not to work properly. But Also they can cause your Hard drive to format itself on a certain hour, Date, Holiday. When new virus programs and patches and updates are made, Yes new viruses are also being created. Some are created by the makers of some antivirus programs so you will buy there programs to get rid of the virus. There is a variety of Viruses stealth, Trojan, some stay in resident memory, some stay on the hard drive, Some viruses dlete certain files, file types, like all the .DLL files .EXE files and such.
    what makes it so hard to kill some of these is they can alter the partitions of a hard drive, So even if you do FDISK in come cases it doesnt help. A virus can mess up your hard drive so much there is no help but to trash the drive and get a new one, Which has happened alot. But you may be able to Low level form at a drive, Meaning with that is it takes everything and removes all the partitions and everything when you do. Doing that gives a hard drive new life like it has come off the assembly line before factory settings and partitions are put on. Lets take the example above. He has a hard drive and say he has a virus on it. The computer is off and has a virus on it. Now when he turns his PC on, That virus can now go from the Hard drive to Memory. Very few virus protectors can do anything themselves. So when I said turn the computer off without shutting down when doing this the Virus is trapped in memory with no where to run... Its stuck.. So when you take the battery off the motherboard with the Computer off and jumper the Bios, Cmos area and turn the PC on. whayever wasnt a factory setting on that motherboard and the Bios, Is erased. You only need to turn the PC on for about 30 seconds and no more. I always unplug the Hard drives so the Virus cant smeak back to the Hard drive from memory.. After you do that turn the PC back off. Hook everything back up as normal, Then run a Good virus protector. After that redo IE if you have that after you run the virus protector..

    And thats just a start, There is more viruses, and malicious codes out there and soon its gonna be so bad you cant turn the PC on without something leaping out at ya.

    They wont be able to keep up with all the crap people are making as far as these viruses and such..

    Hope that helps [​IMG]
     
  13. DaveNel

    DaveNel Second Unit

    Joined:
    Oct 13, 2004
    Messages:
    447
    Likes Received:
    0
    Does this seem about right or did I miss anything. I dont wanna steer anyone in the wrong direction. Never hurts to add or correct [​IMG]
     
  14. eddieZEN

    eddieZEN Second Unit

    Joined:
    Nov 30, 2004
    Messages:
    411
    Likes Received:
    0
    I can't help you with your current problem, but here's my advice for future reference:

    1. Use Mozilla Firefox or any other alternative to Internet Explorer.

    2. Use a router, even if you don't have a home network---it provides a good first wall of defense.

    3. Never open email from unknown senders, or if you do never click on any links or attachments included.

    Ever since I started using Firefox a few months ago, I have never gotten a single virus, trojan or worm that I know of.
     
  15. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    Someone else may have suggested this, but if they did I missed it.

    Try booting into Safe Mode and running all your tools in there. Then reboot into normal Windows. This helps with lots of pesky viruses and spyware.
     
  16. DaveNel

    DaveNel Second Unit

    Joined:
    Oct 13, 2004
    Messages:
    447
    Likes Received:
    0
    Seth

    No I missed that, Good point.
     

Share This Page