So I obviously have some sort of virus or trojan, but whenever I try to visit a website to download a virus scanning program, it keeps my browser from connecting. I finally got one to work, but whenever it's within the last 5% of the installation process, I get a blue screen, and my system restarts. My roommate is currently downloading and installing a virus program to her USB drive...hopefully that will work since it'll be running from the drive rather than the hard drive. Nevermind. She just scanned her own computer, but she has to fucking register it before it'll remove anything. Fuck computers. I fucking swear, I never go anywhere "unusual", I don't know why this bullshit always happens to me. Anybody got any ideas that wouldn't involve me reformatting my computer and spending the next week getting everything back?
Use Safe Mode. Use a commandline scanner if at all possible (Avast can do this). Perhaps consult with somebody in installing and using VNC or Radmin and letting them try things. You should have your roomie download things like Adaware, Spybot S&D, HijackThis! and such and run it. If you post a HijackThis log here, I can try to help you out.
Install a second copy of Windows on the hdd and scan from there. You obviously won't be able to scan from the infected install but you'll need access to the hdd. Easiest method in my opinion is just a second install.
Yay, AIM doesn't open now. Fuck my life. I've run adaware like 3 times and it isn't finding anything. We downloaded another scanner on her computer called "Cyberdefender" or something, but it's apparently not working properly (she's testing them before I take any risks with my computer).
Back up your files Wipe the harddrive Install windows (or another OS) If you use windows, use AVG anti-virus for well, anti-virus. AVG has never failed me, I suggest it.
I use Avast! Antivirus, it's free, and I can tell people my computer is defended by pirates. If that kind of thing isn't an option, you can always get a Linux Live CD or make a Bart PE disk to get all your files off, if it just dies. And Spybot: Search and Destroy has surpassed AdAware in my opinion.
I have a similar problem, but as of so far, my leagues of anti-everything software that my paranoid father installed has kept it from doing anything noticeable. My problem is thus - what could it be doing if I don't notice? But my guess? A bug implanted on my system to make me download and buy some Windows Product. It makes a large as hell bland yellow window on my screen with a bunch of text saying that there is a virus in my computer, and I should get a recommended program. Well, any interaction with this window auto-installs windows Antivirus software, which bogs my computer down, tells me my computer is a piece of crap, that I have over 30 highly rated viruses in my computer, and - the best part - won't get rid of it unless I fork over $60 bucks. So yeah. Adaware. It doesn't get rid of that pesky window, but it does get rid of pesky viruses.
Boot into safe mode and Scan with AVG. Also, if you really have to reformat, then when you delete your partition, make your C:/ really small, and partition the rest of the HDD to its own drive, so you can install all you need and want to keep on the second partition, so if you have to format C:/, all your stuff on that second partition will be safe. But for now, AVG and Spybot Search and Destroy in Safe Mode. Use Spybot's ability to stop programs at start up and have it so that Spybot denies all access to alter your system registry until you allow it.
Use Spybot Search & Destroy, and use Spyware Blaster to defend your system. And I second what the others said about AVG Antivirus. Its a wonderful program as well.
Spybot S&D is full of shit. It takes like 45 minutes to an hour to scan my entire system, and it'll fix every problem I have EXCEPT for the trojans, because "they're in use" or some fucking bullshit. I tried to see if it would've been any better running straight from my computer rather than a USB drive, but the program won't even fucking scan for problems in that case. It says I'm missing these files that I've downloaded and reinstalled several times just to make it fucking work. I'm fucking sick of fighting with this computer. I spent all night, and all morning bullshitting around. I've used the Spybot bullshit 6 or 7 times now, and it still won't fix that fucking trojan. Any other bright ideas? I don't know how a system recovery works, as I've never had to do one before. Where do I locate it? And what does it do? Unless that shit can just take me 3 or 4 days back in time, it'd be fucking useless. I guess I just realized I should be safe mode or whatever, but I don't know how to do that. I haven't used safe mode since I was about 12, and back then it did it on its own when my computer would get fucked up enough.
AS I RECALL. When turning the computer ON from a cold boot or reboot, repeatedly mash the F8 key. Eventually, you should see a menu with options including the much beloved "Safe Mode" If I recall correctly though, there should also be an option for System Restore. If you do that and select a restore point a week or so back, then all the windows system files which have been modified since then (registry inculded) will be rolled back to their previous setting. This does NOT delete the virus files, but may prevent the virus from running on boot, in which case you simply use an anit-virus or anti-spyware program to remove the now-disable virus. Also safe mode.
Thanks guys, I'm calming down. A little. I'm in safe mode now, running Spybot and Adaware. Though this is the 2nd or 3rd time I've run Spybot in safe mode. The first time it refused to get rid of half the trojans, and the second time the program just quit on itself after the scan. Hopefully third time's the charm, but I'm going to download all these other ones you guys are talking about. Hopefully they'll prove a little more useful. By the way, it's got to the point that when I restart in normal mode, it tells me the computer will shut down in a certain amount of time due to some system32 file suddenly being forced to quit. Will getting rid of the trojans fix that? Also, Spybot keeps telling me I should restart my computer and then restart the scan. I did it a few times, which is why I've had to sit through it all so many times. I just started hitting no. Is that normal for Spybot? Oh, I'm using an HP laptop with XP pro. The OS isn't the same one that came with the computer (and that disc is missing), and all my drivers were downloaded, since all the discs I had magically disappeared. Of course, in safe mode those trojans are still blocking web sites where I can download anti-virus programs. I have no idea how Spybot slipped through that, but McAfee, Avast, and a bunch of others I've tried just don't work. The browser can't connect to them. EDIT #40: Sorry, but yeah, it's looking like third time's the charm. Everything Spybot just picked up (which was like 6 trojans) was taken care of. I'm running the scan again just in case, and downloading AVG. Ugh, one more. What does this mean? "Removal may require to manually close the file handles of the core.cahce.dsk and core.sys residing in the folder \windows\system32\drivers\." See, two of trojans it got rid of kinda came back. And got deleted again. Gonna try to restart now.
You could TRY Windows Live OneCare. It picks up just about everything. If it's doesn't work now....... I dunno what to tell you. But I would recommended it whenever this whole mess blows over. It's a nice program: firewall, virus scanner, spyware sweeper, and a backup manager all rolled in to one. With that little thing, my computer's been infection free for..... about a year now. Whenever something does get to your system, it doesn't have the chance to do anything serious if anything at all. The program puts a little window right in front of your face and tells you what it's found and you can clean it just like that.
Anti-virus and anti-spyware programs do not work once your computer gets pwned. (They may have worked before, but modern spyware authors have figured out how to exploit Windows in ways that prevent them from working anymore.) The only way to really get rid of an infection is to back up your data, wipe the system, and reinstall everything.
The thing is, when your computer is being raped as hard as it is now, you just cant sit there and let your programs do the work for you, because they wont. The main reason why I love Spybot not only for its ability to own certain trojans and stuff, but the control it gives you over your computer when it comes to programs and apps accessing files in your computer. You need to basically put it in advanced mode so that it starts annoying the shit out of you with pop ups saying, "Program X is trying to change this value; Old Value ; New Value" And you use this information to determine if you should allow/deny the change once/for good. More or less, this is something for people who actually know more than the average computer person, because the values can range from home page address to registry edits (Which are sometimes hard to understand) but with this ability, you gain more power over your computer. A random pop up saying Program A is trying to change something, if you don't know what Program A is, you can deny the change once/for good. If you do, then its up to your better judgement to give it permission or not. Also, another wonderous thing about Spyboy, is that when you scan something, it gives you information on that one particular thing. So if you find a cookie. Spybot will tell you where its located, thusly, you can manually go through explorer and track it down to delete it yourself. Same thing with registry edits. You can open up regedit, go through the registry and simply find that value in the registry and delete it, and if it pops back up, look at the registry information and any files/dlls/exes that are associated with it. End the process of whatever is associted with that file/dll/exes, delete that file/dll/exe, and delete the registry value. Because most of the time, when it comes to malicious programs that are physically on your HDD, they're made in 3 files. EXE which is the actual program, DLL which runs the program, and the Registry, which keeps both the EXE and DLL on your computer. You get rid of the wrong one, and they respawn. Delete the registry, and the DLL/EXE makes it again. Try and delete the DLL, you cant because its in use. If not, the registry remakes it. EXE, always in use, so you cant delete it. When it comes to malicious software, you really have to actually use more than what you have. that's the reason why I like AVG and Spybot because they give me information on what they can/can't delete thusly, If I have to, I take care of it myself. Wow. I just made a wall of Text.