• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

I got a virus - Windows XP.

alfaniner

Penultimate Amazing
alfaniner
Joined
Aug 27, 2001
Messages
33,560
Location
Sorth Dakonsin
I had downloaded the latest version of Paltalk (I think - I may have gotten it from a spoof site instead). I may have clicked an ad link by mistake but had not accessed or downloaded anything other than the usual. The next day I had problems starting the computer -- apparently there has been something changed in the registry. I can't even start up Spybot Search & Destroy after reinstalling it. It wants to connect to the Internet right away but I don't want to allow that. McAfee scan catches and removes 4 items, but the next time I run it they are back, even on Safe Mode.

I've already had to reinstall XP on that computer 4 times so I'm pretty savvy. I just hate to have to go through it again. I've looked on the web but found nothing pertinent. Any suggestions?
 
I've already had to reinstall XP on that computer 4 times so I'm pretty savvy.
Click to expand...

Then it wont take you long to do it again.
It will be guaranteed to be effective in removing the problem, and wont involve many hours/days of hunting down elusive malware and probably failing to cure the problem.
Get your data off the drive to back up and then format it.
Problem solved.
 
Last edited:
you probably got hit by a rootkit or a "fake infection" adware virus. It probably also deactivated your taskmanager too.

The files keep showing up after being scanned and deleted because there are specific registry settings which creates those files again. With out knowing what particular virus you got hit with it's really difficult to find those registry entries, besides, regedit may be deactivated anyways.

The virus wants to access the internet to download more malware or fake warning popups to goad you into buying whatever spyware infested "anti-virus" software they are selling.

Try creating a new user account and deleating the old one. That worked for me once. It doesn't get rid of the virus but it allows you to regain control over your computer.

Otherwise the safest bet is to reinstall.

One thing I do is after I've set up a computer with all the software I usualy use. I ghost or make an bit copy of the hard drive and save it an ISO of the installation, so if I get hit, I just re-ghost my hard drive.

It's a bit better than re-installing from scratch.

Another thing you can do is install deepfreeze or some such software.
 
System Restore will often accidentally back up viruses so getting rid of them is impossible while restore is on. Turning off system restore and then running the AV software is you best bet to get rid of this virus short of reformatting.

Microsoft's guide.
 
Fortunately it's a "spare" computer, and I had all my important stuff backed up on an external drive (along with a picture of the system after my last completed good install -- who knows if that would work though). I know I had some Restore Points but those seem to have been deleted as well.

I'm going to try a few more things but I'm kind of resigned that I will have to reformat and reinstall...
 
Start by formatting your hard drive; then get a good Linux install disk...


Just kidding. I know someone will come along and try to push something like this on you! You could download Windows 7 and just start fresh...
 
I would try
www.superantispyware.com
www.malwarebytes.com

Can you start in SAFE mode? if you can choose safe mode with networking and then see if you can run the programs. You may have to install them in regular windows as XP has some interesting installer glitches in safe mode.

What files is McAfee removing?

It may be that would allow you to find out where the bugger is hiding. (The files may be linked to stuff that you can do.)

PS Look for .exe files in your systems folder
 
Last edited:
May I please add a question onto this topic, rather than start a very short new one? I was listening (CD version)to New Scientist of 13th June today and there was a long article about some 'configuration' virus from last year and how some very clever experts have managed to almost keep up with the malware or something. It was very interesting although I didn't understand it.

My short question is: How likely is it that my computer would be affected by it? I use it only for a few sites and e-mail and the only thing I've ever bought on line is my ticket for Tam London!
 
It is good to have a firewall. You can get a virus lots of different ways. Downloads of many sorts are a big one. Lots of freebie video players have them.

My in law don't have any antivirus, they get spyware but no viruses or super malware yet.
 
I had Zone Alarm running at the time, but that doesn't help if it's some exe program I ran by mistake. I still can't get either Spybot or Malwarebytes to start up on Normal. My next attempt will be to try it in safe mode. I'm only working on this every couple days or so.
 
Dancing David said:
It is good to have a firewall. You can get a virus lots of different ways. Downloads of many sorts are a big one. Lots of freebie video players have them.

My in law don't have any antivirus, they get spyware but no viruses or super malware yet.
Click to expand...

Thank you. I'm not sure if I have a firewall, but have Panda anti-virus. I do not download anything; on the odd occasion when I have, I've asked my computer teacher to do it for me.
 
If you find yourself really stuck, you can log your system processes with HijackThis and get help on one of the many HJT log forums.

Basic HJT etiquette:
1) Read all forum instructions before posting an HJT log! This makes it easier for people to help identify the problem. (examples here or here)

2) Only post to one help forum at a time. Posting to multiple forums will waste valuable volunteer time, and can confuse the people helping you if they see changes in your log without knowing where those changes came from. It's also considered very rude.

3) Dont make any changes using HJT without expert advice. HJT is a powerful diagnostic and repair tool, and fiddling around with it at random can trash your system in a hurry.
 
I agree use HijackThis and see if one of the windows geniuses on their forums can help you. And I suggest if you fix this or have to reinstall windows to run both Avast! and COMODO firewall at startup. With Comodo on you will never inadvertently install a program. Imagine UAC but a hundred times more annoying. But it's good for people who seem to attract viruses/trojans/etc.
 
alfaniner said:
I had Zone Alarm running at the time, but that doesn't help if it's some exe program I ran by mistake. I still can't get either Spybot or Malwarebytes to start up on Normal. My next attempt will be to try it in safe mode. I'm only working on this every couple days or so.
Click to expand...

Seriously, try superantispyware or malwayebytes, the quick scan is usally very effective.
 
Vim Razz said:
If you find yourself really stuck, you can log your system processes with HijackThis and get help on one of the many HJT log forums.

Basic HJT etiquette:
1) Read all forum instructions before posting an HJT log! This makes it easier for people to help identify the problem. (examples here or here)

2) Only post to one help forum at a time. Posting to multiple forums will waste valuable volunteer time, and can confuse the people helping you if they see changes in your log without knowing where those changes came from. It's also considered very rude.

3) Dont make any changes using HJT without expert advice. HJT is a powerful diagnostic and repair tool, and fiddling around with it at random can trash your system in a hurry.
Click to expand...

Sound advice. HJT is very cool, and the people seem really nice.
 
Dancing David said:
It is good to have a firewall. You can get a virus lots of different ways. Downloads of many sorts are a big one. Lots of freebie video players have them.

My in law don't have any antivirus, they get spyware but no viruses or super malware yet.
Click to expand...

Some advice for avoiding malware:

1. Don't use administrator accounts for everyday computing, especially for web surfing. I know this can be a pain sometimes, but this will stop a lot of driveby malware installs cold.

2. Read the license agreements before installing freeware. Unfortunately, a lot of "free" software comes bundled with malware. Usually, buried somewhere in all the painful legalese, there will be language stating that you agree to the bundled software being installed.

3. Use a secure browser. Firefox will not run executables from untrusted sites (Only Firefox's own site by default) even if . You have to download the executable and run it, and you will get a prompt before you can download it. This especially helps protect you from the sneaky bastards that put in javascript code that runs an installer even if you click "cancel". If you must use IE, turn off active-X.

4. Be very careful of attachments in email, especially spam, but also from trusted senders, as many viruses and worms will send copies of themselves to everyone in your address book. If you weren't expecting the attachment, or if the text of the email seems generic "Look at this neat video of naked women", don't open the attachment. Do not configure your email client to automatically open attachments (this setting should be labeled "Automatically trash my computer").
 
I can run the MS Malicious Software Removal tool, and it says it removes it (some kind of Trojan) but it always comes back, even when doing it in Safe Mode. It appears to be in globalsystem/systemroot but I never get enough details to hunt it down. I sure can't find it with any searches.
 
When you run MSRT, you can display what MS calls the little bugger. That should give you a handle on where it hangs out.
Have you tried malwarebytes or superantispyware (they usually but not always work.) If they will load in safe mode.

Any unusual processes running in the task manager? Or wierdies you don't remember in add/remove programs.

Which searching through can be a bite until you know your system. (Like all the crap tha Itunes uses mdsresponder.exe, etc...)
 
You must log in or register to reply here.

Back
Top Bottom