Forum list
Full View

Home Theater

Entertainment & Streaming Content

Physical Media

Home Theater Equipment and Hardware

Other Diversions

Bargains and Classifieds

Home Theater Forum

Archives

Forum List What's new Dark Style Change width
What's new

Need some help with a continuing virus/spyware problem (1 Viewer)

Luke_Y

Luke_Y

Second Unit
Joined
Aug 20, 2001
Messages
424
Need some help with a continuing virus/spyware problem.

OK where to start... Over the last month or so I have had reoccurring problems, every time I think I have it all cleaned up it comes back after a day or so. It starts with either a browser homepage hijack to "QuickMetaSearch.com", the instalation of a "Zero Catagory" (0CAT) tool bar on Internet Explorer, or an AVG warning that a virus was found.

Most commonly the virus is " Prvdi1.exe " which AVG lists as "Trojan Horse Dropper.small.9.BV". Sometimes it is "dload.exe" "Downloader.small.bu" It is usualy first reported in C:docs&settingsuserlocalsettingstemp.

AVG deletes it fine. When I go to the folder I also find StHP.exe, & 0cyp.exe So I delete those as well. I then go looking around and find a "STHomePage" folder and a "0CatYellowPages" folder in; C;ProgramFiles. I delete those folders. I go looking in C:WindowsSystem32 and sometimes find dload.exe or prvdi.exe there and delete those as well.

I look in add remove programs and remove "0Cat Yellow Pages 1.0" and it says it was successfully removed, and then a browser window opens going to 0cat.com I quickly close it, but when I went back to cdocsandsettuserlocalsettemp there was a new file "A~NSISU_.exe... deleted that. Back in cprograms the ST Homepage folder was back as well...deleted that.

OK so back in AddRemove programs I didn't recognize a program called LinksHelper 1.0 and tried to remove it. An error said it could not be found possibly already removed.

Next I run HijackThis and have it fix everything I know should not be there. Here is the log with *** in front of the the things I fixed.

Logfile of HijackThis v1.99.0
Scan saved at 6:25:20 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32gearsec.exe
C:WINDOWSsystem32driversKodakCCS.exe
C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSBCMSMMSG.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSystem32DSentry.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesJavaj2re1.4.2_04binjusched.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32cidaemon.exe
C:Program FileshijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
***R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://quickmetasearch.com/?said=acc0002_ho
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyServer = http://portal.uky.edu/proxy.pac:80
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = http://adobeols.ofoto.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
***O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:Program FilesSTHomePageSTHomePage2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
***O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:Program FilesCAT YellowPagesSTIEbar2.dll
***O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:Program FilesCAT YellowPagesSTIEbar2.dll
O4 - HKLM..Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
O4 - HKLM..Run: [DwlClient] C:Program FilesCommon FilesDellEUSWSupport.exe
O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04binjusched.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: &Copy Location - C:WINDOWSWEBgraburl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
***O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:Program FilesCAT YellowPagesSTIEbar2.dll
***O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:Program FilesCAT YellowPagesSTIEbar2.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:WINDOWSsystem32oline.dll
O15 - Trusted Zone: *.bankone.com
O15 - Trusted Zone: *.uky.edu
O15 - Trusted Zone: *.weather.com
O15 - Trusted Zone: *.windowsupdate.com
O23 - Service: Adobe Active File Monitor - Unknown - C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:WINDOWSSYSTEM32ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Gear Security Service - GEAR Software - C:WINDOWSSystem32gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:Program FilesIntelNCSSyncNetSvc.exe
O23 - Service: Photoshop Elements Device Connect - Unknown - C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe


I then ran SPYBOT, found and fixed "7Fasst" (Browser Hijacker).

AdAware- nothing, CW Shredder- nothing, and an AVG full scan- nothing. So restart system and check my browser- OK no toolbar and MSN homepage. Run Hijack this and get a result I think is clean:


Logfile of HijackThis v1.99.0
Scan saved at 7:54:00 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSBCMSMMSG.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSystem32DSentry.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
C:Program FilesCommon FilesDellEUSWSupport.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesJavaj2re1.4.2_04binjusched.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Program FilesDellSupportAlertbinNotifyAlert.exe
C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32gearsec.exe
C:WINDOWSsystem32driversKodakCCS.exe
C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32svchost.exe
C:Program FileshijackthisHijackThis.exe
C:WINDOWSsystem32wuauclt.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyServer = http://portal.uky.edu/proxy.pac:80
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = http://adobeols.ofoto.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O4 - HKLM..Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
O4 - HKLM..Run: [DwlClient] C:Program FilesCommon FilesDellEUSWSupport.exe
O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04binjusched.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: &Copy Location - C:WINDOWSWEBgraburl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:WINDOWSsystem32webzone.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:WINDOWSsystem32oline.dll
O15 - Trusted Zone: *.bankone.com
O15 - Trusted Zone: *.uky.edu
O15 - Trusted Zone: *.weather.com
O15 - Trusted Zone: *.windowsupdate.com
O23 - Service: Adobe Active File Monitor - Unknown - C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:WINDOWSSYSTEM32ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Gear Security Service - GEAR Software - C:WINDOWSSystem32gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:Program FilesIntelNCSSyncNetSvc.exe
O23 - Service: Photoshop Elements Device Connect - Unknown - C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe


I believe I know what everything there is so it looks OK. I go look in the folders that I have previously found the offending files and dont find them. Everything all cleaned up, or so I think for a few days or few hours. But then it's repeat the whole thing all over.

A bit about my current settings; Windows update current, AVG current, and the previously mentioned tools current. Sometime after the first virus I turned System Restore off, disabled Java casheing, and went into internet options-security and set all Active x settings to disable or prompt and did the same for scripting, java is set to high safety.

Someone please help,I cant kill this thing. :frowning:
 
Luke_Y

Luke_Y

Second Unit
Joined
Aug 20, 2001
Messages
424
Right after I posted I got another virus warning "access_now.exe" infected with "downloader.small.11.bu" in cdocsandsetuserlocalsettemp again.

Where is the bastard hiding!
 
DaveNel

DaveNel

Second Unit
Joined
Oct 13, 2004
Messages
447
Well if it in fact a trojan, How they work is the 2nd you turn on your PC they can jump from the HD straight to memory, When you shut down the PC they jump back to the HD:

Here is a fix that may help, But no guarantees:

After you run your spyware, Virus software, Adware software.

Drop the power to your computer and do not shut down like

Normal. After you do that, Open the case, remove the

Battery from the motherboard, There is a Bios jumper on

the board also, jumper that clear Bios jumper, turn the PC

about 30 seconds to 1 minute. But dont let it start

Windows or even start. Turn the PC off, put the battery

back on the board, change the jumper back to where it was,

restart the PC and rerun your antivirus software.

That may and should remove the bugger from your PC
 
Glenn Overholt

Glenn Overholt

Senior HTF Member
Joined
Mar 24, 1999
Messages
4,201
Ouch! The thing I dislike most about XP is the number of files it puts in for the users.

Have you tried doing a search? I'd get fuzzy and use the "*". You might also check for files created on or after a certain date too.

If that doesn't work, I'd search in the registry.

If it does take a couple of days before it returns, it might out there at a site you visit, and/or someone has your IP address targeted. When you get it, look at the date and time it was created, and then go into your history and compare.

Good luck killing it!

Glenn
 
DaveNel

DaveNel

Second Unit
Joined
Oct 13, 2004
Messages
447
Yeah thats true for most cases, But it doesnt ever hurt to check everything out before you lose a lot of Data on a PC :)
 
DaveNel

DaveNel

Second Unit
Joined
Oct 13, 2004
Messages
447
In fact here is proof, There was afriend of mine he got himself a virus last month every time he tried to get on line.. A 60 second countdown then it would shut off his PC, He formatted the PC, Then tried to get online it happened again 60 seconds after he got online his PC shut down..

Whatever it was Nortons took it out but it wasnt easy (LOL)

So formatting sometimes isnt the way to go, Because even if you format the virus can still be lurking somewhere and before you know it ( SURPRISE ) you are on candid camera ;)

But formatting is a last resort because it may and may not solve the problem..
 
J

Joseph DeMartino

Senior HTF Member
Joined
Jun 30, 1997
Messages
8,311
Location
Florida
Real Name
Joseph DeMartino


Formatting C: doesn't work 100% of the time, either, as noted above. The format command does not wipe the master boot record and a memory-resident virus can hide in RAM during the format process and write itself back to disc in the MBR, or into the BIOS and come back on the next reboot. Some especially nasty and persistent viruses and Trojans will attack your anti-virus and anti-spyware programs. (I dealt with one the so thoroughly trashed Norton you couldn't even uninstall it - and the Norton CD wouldn't let you re-install it until you did. I had another that prevented Spybot from connecting to the internet to update its database once it was installed.)

When I worked at a help desk call center for a Major PC Manufacturer a few years ago a lot of our customers got hit with a virus that could only be destroyed by FDISKing repeatedly with the MBR switch, yanking the power cord rather than doing a normal shutdown, and finally writing zeros to the entire drive surface before restoring the system to its original out of the box state with the recovery CDs.

Regards,

Joe
 
Peter Kim

Peter Kim

Screenwriter
Joined
Jun 18, 2001
Messages
1,577
Joseph, I'm relatively new to the PC world, and also still using an iMac.

How the hell does a system get infected by a virus so severely? And one that you've described as so seemingly indelible?

I'm curious since I've owned my first pc for the past month, I haven't had any problems with viruses or spyware. I use Firefox exclusively and run Spybot/Adware tandem weekly. Plus I've got Norton automatically doing its thing and I'll manually run Tuneup Utilities occasionally.

So I thought that given most pc users are security savvy enough to run this minimum cocktail of apps, I cannot imagine how anyone's system can be so thoroughly devastated.

I'd appreciate if you could elaborate on some common scenarios so that I could shore up any weaknesses in my defense.
 
DaveNel

DaveNel

Second Unit
Joined
Oct 13, 2004
Messages
447
Exactly, as I stated Joseph, Except I would try a few thing before I wiped out the Hard drive. as noted in 1 of my above post. But the trick is to make sure the virus cant go from memory back to the Hard drive, Then when you remove the battery, And jumper clear the Cmos and Bios, That kills the Virus as far as memory, Then with floppy disks from either norton or mcafee start up the PC with there Bootable anti-virus floppy disk. Then if that dont work, Then you know whats next,

FDISK about 7 times completely, Then reformatting after the 7th one. and if that dont work comes the Low Level format that wipes it all out and you now have a clean drive you can eat prime rib off of :)
 
DaveNel

DaveNel

Second Unit
Joined
Oct 13, 2004
Messages
447
Hello Peter...

Well using Firefox was your first step from avoiding malicious programs and most known viruses are made for the PC, The Macs just dont happen that often.

Now to get to the meat of your questions.

Certain viruses are made by Kids, Companies, And whoever is board or greedy or mad at someone. Whatever the case may be there all still viruses, Alot of people still think a computer virus can make people sick That is a false statement. A virus is a program nothing more. When someone writes a virus program, They can do just about any thing and everything. They can make your screen act up, Do annoying things, Cause keyboard an mouse functions not to work properly. But Also they can cause your Hard drive to format itself on a certain hour, Date, Holiday. When new virus programs and patches and updates are made, Yes new viruses are also being created. Some are created by the makers of some antivirus programs so you will buy there programs to get rid of the virus. There is a variety of Viruses stealth, Trojan, some stay in resident memory, some stay on the hard drive, Some viruses dlete certain files, file types, like all the .DLL files .EXE files and such.
what makes it so hard to kill some of these is they can alter the partitions of a hard drive, So even if you do FDISK in come cases it doesnt help. A virus can mess up your hard drive so much there is no help but to trash the drive and get a new one, Which has happened alot. But you may be able to Low level form at a drive, Meaning with that is it takes everything and removes all the partitions and everything when you do. Doing that gives a hard drive new life like it has come off the assembly line before factory settings and partitions are put on. Lets take the example above. He has a hard drive and say he has a virus on it. The computer is off and has a virus on it. Now when he turns his PC on, That virus can now go from the Hard drive to Memory. Very few virus protectors can do anything themselves. So when I said turn the computer off without shutting down when doing this the Virus is trapped in memory with no where to run... Its stuck.. So when you take the battery off the motherboard with the Computer off and jumper the Bios, Cmos area and turn the PC on. whayever wasnt a factory setting on that motherboard and the Bios, Is erased. You only need to turn the PC on for about 30 seconds and no more. I always unplug the Hard drives so the Virus cant smeak back to the Hard drive from memory.. After you do that turn the PC back off. Hook everything back up as normal, Then run a Good virus protector. After that redo IE if you have that after you run the virus protector..

And thats just a start, There is more viruses, and malicious codes out there and soon its gonna be so bad you cant turn the PC on without something leaping out at ya.

They wont be able to keep up with all the crap people are making as far as these viruses and such..

Hope that helps ;)
 
DaveNel

DaveNel

Second Unit
Joined
Oct 13, 2004
Messages
447
Does this seem about right or did I miss anything. I dont wanna steer anyone in the wrong direction. Never hurts to add or correct :)
 
eddieZEN

eddieZEN

Second Unit
Joined
Nov 30, 2004
Messages
411
I can't help you with your current problem, but here's my advice for future reference:

1. Use Mozilla Firefox or any other alternative to Internet Explorer.

2. Use a router, even if you don't have a home network---it provides a good first wall of defense.

3. Never open email from unknown senders, or if you do never click on any links or attachments included.

Ever since I started using Firefox a few months ago, I have never gotten a single virus, trojan or worm that I know of.
 
SethH

SethH

Senior HTF Member
Joined
Dec 17, 2003
Messages
2,867
Someone else may have suggested this, but if they did I missed it.

Try booting into Safe Mode and running all your tools in there. Then reboot into normal Windows. This helps with lots of pesky viruses and spyware.
 
You must log in or register to reply here.

Similar threads

Jeff
Spyware driving me nuts!
Replies
2
Views
807
Rob Gillespie
Rob Gillespie

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Sign up for our newsletter

and receive essential news, curated deals, and much more







You will only receive emails from us. We will never sell or distribute your email address to third party companies at any time.

Latest posts

Members online

Total: 1,117 (members: 42, guests: 1,075)

Forum statistics

Threads
357,052
Messages
5,129,611
Members
144,285
Latest member
blitz
Recent bookmarks
0
Top