Wicked Virus or something

[ZZman]

My sister in law said her computer was running slow and popping up warnings. I had seen this before and thought no big deal. Ran SUPERantispyware and it found a few things and deleted them. I ran Hijack this and for the first time I got a warning that said it was denied access to the Host file. It ran a scan and found about 8-10 obviously suspicious entries. I followed their directions on removing the host file entries in note pad and rebooting. This did not fix it as the entries will still there.

I installed Avira antivirus and it will not run a scan or configure. I tried Trendmicro Housecall online scan and it will not run either. I ran a Rootkit scan with Avira stand alone program and it booted me off my remote assistance program.

I am thinking something is buried deep in the system.

Any ideas?

 

[D.K.]

Can she do the scans in safe mode? The programs you are using tend to work better if in safe mode/without networking. One other program that you might try is called MalwareBytes. I used it for the first time recently, it worked on some things that Spybot Search and Destroy would not remove.


Dave

 

[Volvohead]

Run MWB and SAS in safe mode.

 

[Lurch]

Try to get and run these :

I also run Malwarebytes once a week or so - also free :

http://www.malwarebytes.org/

Spybot Search & Destroy (doesn't hurt), also free :

http://www.safer-networking.org/en/download/index.html

SpywareBlaster (free) and it runs with your browsers :

http://www.javacoolsoftware.com/spywareblaster.html

Windows Defender (free) :

http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

I got this info from http://speedguide.net forums.

Also, go to kaspersky.com and try to run their free AV scan.

 

[unDummy]

http://www.eset.com/onlinescan/

 

[ZZman]

Got thru 2 different rootkit scans and they were negative.

Thanks for Eset link. I will see if that will run.

 

[StevieC]

Originally Posted By: unDummy
http://www.eset.com/onlinescan/

+1

You can scan & clean from their website and it is one of very few that will do an active memory scan as well as just the hard drive.

You may have to do a scan/clean, reboot and do a couple more like this before it is truly gone. Don't give up after the first cleaning...

If it can't get rid of it then you are most likely looking at a reinstall of Windows because the virus is buried too deep.

Good Luck.

 

[ZZman]

Eset was able to scan and did find a host virus. After deleting it I ran a Hijack this scan and did not get the error message and the suspicious host file entries were gone. I also ran a Malwarebyte scan and it found alot of things SAS did not.

However I still can not get Avira to scan. But I finally was able to configure it.

Odd.

 

[Not the Autorx Frank]

Try to run scans again in safe mode.... You may unmask more...

 

[Volvohead]

You almost always need to run several ASW/AV different programs consecutively to clean an infected system. No single program can catch them all; every one has different target strengths.

NOD32, MWB and SAS are usually the 1-2-3 toolbox that I employ for infections, and I've yet to have one get past all three of them.

Once its clean, it's usually enough to run one AV and one or two ASWs real-time, maximum. Otherwise, the computer winds up spending a disproportionate amount of its resources policing itself instead of doing productive computing. There are guys on the ASW fora running 5 and 6 programs real-time, which is just nuts.

 

[punisher]

Originally Posted By: Volvohead


NOD32, MWB and SAS are usually the 1-2-3 toolbox that I employ for infections, and I've yet to have one get past all three of them.


If you can get them to start you have a fighting chance. I have tangled with a few lately that won't let you install MBAM or SAS, or let you run any online scan even in safe mode. Even with the programs already installed, you cannot start them up to do a scan. Truly annoying stuff out there.

 

[ZZman]

Well I was finally able to get Avast to install and run. It found nothing new. Another scan with Malwarebytes found a few more things.

I think I got it whipped.

 

[Lyondellic]

Just out of curiosity, what O/S does this computer use and was Windows Update configured to automatically install updates? Also, was an antivirus/antispyware program installed, with current definitions? My guess is that the computer uses Windows XP and that the answer to both questions is "No". It sounds like someone has been using P2P programs (i.e. Limewire) on this computer and/or looking at naughty stuff.

Ironically, I ended up installing a "Parental Control" program on my dad's computer because it would repeatedly get infected when he visited naughty sites. I got tired of having to clean up his computer every 2-3 months. The great part is that the program is transparent, so he has no idea what's preventing adult sites from loading. He can't complain either because I never told him that I knew he was frequenting adult sites.

 

[ZZman]

Windows XP.

Updated No. I actually found Auto updates off. I turned it back on and updated it.

She got this computer used and when WGA installed it said she had an invalid or counterfeit copy of Windows. Looks like it will stay that way.

P2P I am not sure about. Porn for her I would doubt but she could have been tricked into downloading something.

 

[Not the Autorx Frank]

Originally Posted By: punisher
Originally Posted By: Volvohead


NOD32, MWB and SAS are usually the 1-2-3 toolbox that I employ for infections, and I've yet to have one get past all three of them.


If you can get them to start you have a fighting chance. I have tangled with a few lately that won't let you install MBAM or SAS, or let you run any online scan even in safe mode. Even with the programs already installed, you cannot start them up to do a scan. Truly annoying stuff out there.


This is the sign of a rootkit. tough stuff...