HELP needed desperately!! PC infected with virus

Discussion in 'Computers' started by MDniteStryKR, Jun 13, 2004.

  1. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    OK i seriously need some help here..my pc picked up this virus that disabled both my AVG and Norton anti-viruses so there's no way for me to scan or delete it..it disabled auto-protect and i can't enable it back..each time i open AVG or Norton it just closes after a few seconds..i last updated both anti-viruses on June 6..before shutting down my com i got a popup from Norton that System 32 was infected with a virus so i scanned the folder with both AVG and Norton but both found nothing..i thought it's a defect in the Norton update as i encountered another 'virus' earlier which was caused by some defect in the Norton update..all i remember the name of the virus starts with W32 but there are so many out there..i'm so lost now i need help desperately...
  2. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    I used Trend Micro's online scanner and found it's the Sasser.A virus..great just the info i needed 2 get the removal tool..found two of em - one by Microsoft the other by Symantec..i ran both as instructed but neither detected the virus..anyone has other removal tool?
  3. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    I got rid of the Sasser.A!! Phew!!
    i used a system clean thingy by Trend Micro..it also removed a BKDR_RBOT.C virus whatever it may be...
    if anyone needs it, it's here:

    but just when i thought i can watch france vs. england in peace, my Norton and AVG still ain't working and i'm stuck now..i've no idea what to do next..they're still the same..auto-protect is disabled (when i always keep em enabled) and i can enable it back and both anti-viruses just close few seconds after i open them..HELP!!
  4. lAbArynth

    lAbArynth Member

    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    Are you scanning within windows
    Make a Norton repair disk, boot into dos and do a scan
    When it detects the virus, run the fix tool
    It sound like it could be a "Blaster" variant
  5. Rich_b

    Rich_b Bass Cadet

    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Try downloading and running the Stinger tool. You can get it free from this website and it clears all sorts of nasties.

    http://vil.nai.com/vil/stinger/

    You might want to try re-installing Norton AV to see if that sorts the auto-protect problem.
  6. Zandro

    Zandro New Member

    Messages:
    3,844
    Likes Received:
    0
    Trophy Points:
    0
    MDniteStryKR!! If you are using any P2P networks, DON'T. You should also get a real firewall as soon as possible. With the quite constant flow of viruses you appear to be acquiring, it can only be a matter of time before you lose everything. Make backups of your essential documents and cease the utilisation of any P2P networks.
  7. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    Thanks lAbArynth, but how do i create a repair disk when Norton closes seconds after i open it?

    Thanks Zandro!! Yeah i use Kazaa and i did suspect it being the source of all the viruses i picked up..lucky thing u told me b4 it's too late
    now is it safe to even use my PC with the virus still there? where or how do i get the firewall?
  8. Zandro

    Zandro New Member

    Messages:
    3,844
    Likes Received:
    0
    Trophy Points:
    0
    Yeah, Kazaa is a deathtrap of viruses. I've found it not worth all the neat MP3s and free programs available, for about 0.2% of the files are hoaxes with deadly trojans and malicious viruses. Many viruses remain dormant for some time until either they become active at a certain time automatically, or if they are accessed by a computer user. I must say that you are not entirely safe with viruses that may still be on your computer. Even the usage of a hoard of tools may never be able to remove all viruses, but you should use them anyway to pick up as much of what may still be present as possible. Don't go buying software just because of my statement. There are plenty of freeware tools that are just as effective as the costly software you find in stores.

    As you find a virus with Norton or any other utility, remember the full name of it. Then search for it at Symantec Security Response (securityresponse.symantec.com) for a detailed description of what it is and how to completely remove it.

    For the firewall, this is the most basic start I can find. It is freeware software, which makes it nowhere as effective as a good hardware firewall, but it will do for your single computer.
    http://www.bluekestrel.com/firewall.htm
    Be sure to check out the Download section of this domain for a proper collection of security software links. If you feel it absolutely necessary, you should consider trying one or two of the programs.
    Last edited: Jun 15, 2004
  9. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    Uh-huh..thanks a lot!!
    sheesh..darn Kazaa..yeah i hate it when the files i download are corrupted :damn: lots of time wasted there....

    thanks for the info..i'll go check out the firewall..but does having a firewall protect my com from viruses downloaded through kazaa or are those viruses simply unavoidable?
  10. Zandro

    Zandro New Member

    Messages:
    3,844
    Likes Received:
    0
    Trophy Points:
    0
    The viruses and trojans are unavoidable if directly accessed (as most viruses require to become active) through downloading and double-clicking.

    Most viruses are actually conceived through the opening of e-mail attachments, so do not touch any files you do not know about. Many spam letters have the ability to disguise themselves as someone you know, so take extra precautionary steps, such as requesting a confirmation that the known individual has actually sent something to you that he/she wishes you to look in to.

    The firewall will prevent the ability for many trojans to transport unauthorised packets of data that may allow crackers (aka "hackers") to infiltrate your computer for the theft of whatever they wish to get their grubby hands on.

    Also, be sure that Norton Antivirus Auto-Protect is enabled at all times, if it is not already.
    Last edited: Jun 15, 2004
  11. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    Hmmm..thanks a lot, Zandro!!
    well i never open attachments from people i don't know and i know how to recognize forwarded attachments my friends send (of which i normally delete without even reading..oops!) so i think the culprit here is Kazaa which robbed 3 days of my break trying to get rid of those viruses..i downloaded lotsa stuff from kazaa recently since all of the files i downloaded were kinda distorted..

    neways i got rid of the worm that disabled both my anti-viruses..i logged into the guest account and ran AVG from there..ii was identified as Worm/Agobot.23.BS and deleted that darn thing..now both AVG and Norton are fully functional with auto-protect enabled :)

    now,i've got another problem..sigh..i keep getting popups from Norton that 4A.tmp is infected with Trojan.Bootconf..some time ago i had that trojan so i ran CoolWebShredder and it successfully removed it..i ran it again now but it can't detect the trojan..neither did AVG nor Trend Micro detect it when i scanned the folder..so i checked the folder to look for the file but the thing is there is no such file as 4A.tmp in the folder..that's really weird..so is there a trojan or not?? :confused:

    another thing, when i wanted to backup my registry i realised there's no Backup under System Tools (i use XPHomeEd OS)..under Help and Support it's stated that i can install from the CD but i looked under Progrms > Accessories and it wasn't there..is there any other way i can get it?

    Thanks again!
    :thumbsup:
  12. Zandro

    Zandro New Member

    Messages:
    3,844
    Likes Received:
    0
    Trophy Points:
    0
    Sounds like a naughty BHO object or other similar registry entry. Download HijackThis and click on the Scan button within the program. Save the log and link me up. I'll evaluate the log and help you decide which entries to delete, if any. Also, it would be a good idea to purge the temp file directories. Exit out of any active explorer windows, run Start > "cleanmgr", select your active operating system hard disk, check the Temporary Internet Files and Temporary Files boxes, and click OK.

    A manual way to back up the registry is this:
    1. Start > Run > "regedit"
    2. File > Export... > Save somewhere safe.

    I can't tell you any other way off hand. They got rid of scanreg in XP. The dingbats.
    Last edited: Jun 16, 2004
  13. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    Oooh sounds complicated but i'll do it..thanks a lot, Zandro!!
    :bow:

    well i'm using my laptop now so i'll do it tomorrow..kinda taking a break from cracking my head trying to figure how to fix things..whatever would i do without you ppl!!
  14. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    Alright, i've PMed u the log file..thanks again!!

    So how safe is it to keep worms quarantined?
    I've got this Gaobot and i used Symantec's tool to get rid of it but the tool didn't detect it as usual..the manual removal's kinda complicated so is it safe to just leave it quarantined?
  15. Zandro

    Zandro New Member

    Messages:
    3,844
    Likes Received:
    0
    Trophy Points:
    0
    Hmm.. You look clean on that end. From the assumption that you have faithfully executed all required steps as mentioned in http://securityresponse.symantec.co...pybot.worm.html (updated June 17), but you are still having conflictions, I feel that either you may have contracted a new variant (unlikely), or that you still have trojans calling for the redistribution of the worm. My absolute recommendation is that you completely remove KaZaA from your computer, including any files that you have downloaded from the program at the time you feel you were infected. With the threat that this worm send a user's personal information across a hidden IRC network channel, I'd think it not worth the risk. The decision is yours.

    Under quarantine, you should be able to safely remove the Gaobot executable from the "virus vault" of your anti-virus scanner. However, registry entries may still exist to retrieve the worm at boot-up, so I would do whatever it takes to remove it as soon as possible. What is the variant of your infection? Ali? Gen?
    Last edited: Jun 20, 2004
  16. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    It's a .gen
    Norton has it quarantined but i just wasn't sure if it is safe to delete
    geez Symantec's removal instruction's are soo complicated..if it's dangerous then i guess i'll just have 2 do it...soon
  17. Zandro

    Zandro New Member

    Messages:
    3,844
    Likes Received:
    0
    Trophy Points:
    0
    If it is under quarantine, it is safe to work around. Just don't restore the file.
  18. MDniteStryKR

    MDniteStryKR I'll come back to you when I'm dead! Staff Member Super Mod

    Messages:
    2,807
    Likes Received:
    5
    Trophy Points:
    38
    Ok..all doubts cleared and i have u to thank, Zandro!
    really appreciate ur time and advice. :thumbsup:

    Thanks again!
  19. Zandro

    Zandro New Member

    Messages:
    3,844
    Likes Received:
    0
    Trophy Points:
    0
    You are very welcome. :) Come back if you have any problems.

Share This Page