Computer Virus

[icehog3]

Had a strange bug on my computer when I tried to log onto the internet tonight.

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore, restoring my computer to yesterday's settings.

Just a heads-up in case this is going around, got through all my virus protection and firewalls.

[Whee]

Quote:

Originally Posted by icehog3

Had a strange bug on my computer when I tried to log onto the internet tonight.

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore, restoring my computer to yesterday's settings.

Just a heads-up in case this is going around, got through all my virus protection and firewalls.

Apparently affected your spell-check in your title too..

My daughter had the same problem, but no clean restore point. Will have to reformat to completely remove it. Sounds like Conficker...

http://www.pcworld.com/article/16210...ml?tk=rss_news

This virus has become active recently after freakin everyone out on 4/1.

[icehog3]

Quote:

Originally Posted by illinoishoosier

Apparently affected your spell-check in your title too..

My daughter had the same problem, but no clean restore point. Will have to reformat to completely remove it. Sounds like Conficker...

http://www.pcworld.com/article/16210...ml?tk=rss_news

This virus has become active recently after freakin everyone out on 4/1.

Based on the article, should I restore my computer to a much earlier date? Makes it sound like the bug might have been there for a coupel weeks and just gone off today...

[Whee]

Quote:

Originally Posted by icehog3

Based on the article, should I restore my computer to a much earlier date? Makes it sound like the bug might have been there for a coupel weeks and just gone off today...

I'd run a scan. I used the McAfee and the F-protect mentioned in the article. If you can, you could turn off your restore temporarily, just to make sure you don;t recreate it and see what happens.

My daughters PC got sick a week before the first, so I think she just picked up a stubborn virus.

You are right, though, it may have lain dormant until recently.

Where are the real nerds at when you need them? Is there a Star Trek marathon on SciFi tonight...

[icehog3]

Quote:

Originally Posted by illinoishoosier

I'd run a scan. I used the McAfee and the F-protect mentioned in the article. If you can, you could turn off your restore temporarily, just to make sure you don;t recreate it and see what happens.

My daughters PC got sick a week before the first, so I think she just picked up a stubborn virus.

You are right, though, it may have lain dormant until recently.

Where are the real nerds at when you need them? Is there a Star Trek marathon on SciFi tonight...

I am so computer un-savvy.

[Whee]

Quote:

Originally Posted by icehog3

I am so computer un-savvy.

Stop clicking on the "free cigar ****" links and you'll be ok.

My daughter picked it up through a games site. Had to be embedded in one of her games she downloaded.

Quote:

Originally Posted by icehog3

Had a strange bug on my computer when I tried to log onto the internet tonight.

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore, restoring my computer to yesterday's settings.

Just a heads-up in case this is going around, got through all my virus protection and firewalls.

Grandpa had the same thing. I ended up having to dig it out through a reg search. it sucked. freaking programs. I wonder how many people just buy the program

[MedicCook]

I am convinced that these viruses are made by Norton & Co. just to sell more of their product.

[TheRiddick]

Quote:

Originally Posted by MedicCook

I am convinced that these viruses are made by Norton & Co. just to sell more of their product.

A bunch of us, old IT guys, think this may be true. Don't forget, Norton was not much back in the day, all of a sudden a "virus" thing made it huge. As is, Norton is as much a virus as anything out there, it makes any PC crawl and it is next to impossible to root it out. I once spent a full day hacking through the registry and still didn't wipe it out completely. Same for McAfee, BTW.

[Genetic Defect]

[Whee]

Well you're a "Fist Fightin' Son of a Gun" aren't you? All I got left is Little Miss Dangerous.

buy a Mac... all your virus problems will be gone

[Savor the Stick]

Quote:

Originally Posted by icehog3

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore

I had the same thing happen to mine. I hate these v's

[SeanGAR]

Ran a scan on a student's computer yesterday. She had around a dozen viri/trojans and around 60 spyware program instances (bunch of different ones) including this fake antivirus thing. Had to do some manual registry edits as well as dos boot antivirus scans and spybot. Quite a royal mess. Now I need to convince her to install Linux.

[RGD.]

It's not the Conficker virus. It's either Antivirus 2009 or some variation of it. Restore very rarely works on these things.

Go here - and get the latest greatest and run the free version it.

Malwarebytes

A month or so ago I had it real bad and took two weeks working with the guy that developed that and with the Eset team. In the past I have just done a format - don't have the time now so I was determined to clean it. There is a previous post I made on it somewhere.

Here is one of my logs from when I had it - it will give you some of the file names to look for and delete:

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sekuseva.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{ecb252fd-1b0f-4695-abbd-8a4930662488} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ecb252fd-1b0f-4695-abbd-8a4930662488} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyappf (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm87154a51 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\javomanene (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sekuseva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sekuseva.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sekuseva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SysWOW64\wilelazi.dll (Trojan.BHO.H) -> Delete on reboot.
c:\WINDOWS\SysWOW64\sekuseva.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\awtsqoNg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLedcD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnKbcBS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnoopN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlJcAr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyxXPfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyApPF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lamahazi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Also on edit: When a window pops up - don't click to stop it. Go to your processes and stop the iexplore32 process.




Ron

[rack04]

A couple years ago I came to the realization that Antivirus software is not something that I needed. As long as you don't open email attachments from people you don't know and don't download programs from unknown sources I think you should be OK. I've been clean and sober for 2 years.

[poker]

Malwarebytes and AVG AV is what I use.

[icehog3]

Quote:

Originally Posted by butterB

buy a Mac... all your virus problems will be gone

Next computer.

Quote:

Originally Posted by RGD.

It's not the Conficker virus. It's either Antivirus 2009 or some variation of it. Restore very rarely works on these things.

Go here - and get the latest greatest and run the free version it.

Malwarebytes

Ron

Thanks Ron.

[icehog3]

Ron, I looked at the website but was not sure which download was the right one, can you guide me?

i use f-secure its very good it scans file on your pc on its own just i case u forget to scan it