The Trek BBS

The Trek BBS (http://www.trekbbs.com/index.php)
-   Miscellaneous (http://www.trekbbs.com/forumdisplay.php?f=19)
-   -   I need some help, my computer has been taken over (http://www.trekbbs.com/showthread.php?t=118450)

bigdaddy April 7 2010 04:46 PM

I need some help, my computer has been taken over
 
Tuesday night at around 11pm my computer had this annoying "XP Antimalware 2010" thing pop up, it's obviously some type of virus, or adware so I tried to get rid of it. I think disabled AVG free virus checker because that hasn't been working since then too. After an hour of it being annoying I went to bed.

I woke up today and I can't open anything but folders. Everytime I try I get this... "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item".

So what the hell do I do? I have two accounts on the computer and it's only attacking the main one, the administration one, for now. Usually I only get adware things on the computer, those are easily found and deleted, but now I can't really do anything. Unless I plan on going folder to folder looking for it. I really don't want to reinstall Windows because I just did that like 6 months ago.

Any help (besides saying "buy a Mac) would be great. :)

farmkid April 7 2010 05:03 PM

Re: I need some help, my computer has been taken over
 
This is malware. It masquerades as a security program that "finds" infections on your computer and wants you to upgrade to its full paid version to remove them. It's really just holding your computer hostage. A quick Google search will find you instructions on how to remove it.

Jadzia April 7 2010 05:23 PM

Re: I need some help, my computer has been taken over
 
I recently cleared a malware program off my computer. I noticed whenever I changed the date, it would try to access the internet, and I thought that was odd.

None of my AV software detected any problems, but running Process Explorer, I could see a suspicious dll with random letters as its filename, that was running as a thread in explorer.exe. The dll was encrypted somehow, and refused to delete, even when the thread was terminated.

(Process explorer is portable software that you can unzip to a usb stick and run it from there without installation.)

I used a Live copy of Knoppix to boot my computer and access the hard drive that way. I deleted the suspicious dll as well as a couple of other files with the exact same date/time.

Computer no longer tries to access the internet when I change the system date.

bigdaddy April 7 2010 05:37 PM

Re: I need some help, my computer has been taken over
 
Thank you both, I have been spending hours trying to figure something out, I have no clue where to start.

Mr. B April 7 2010 06:27 PM

Re: I need some help, my computer has been taken over
 
How hard would it be for you to back everything up and just wipe the machine?

propita April 7 2010 06:30 PM

Re: I need some help, my computer has been taken over
 
A friend did just that on my other laptop. He had to go through each file as I had not backed them up--but that the backups themselves could've been infected anyway, so backups might've been pointless. DOZENS of viruses.

He said McAfee (came with Comcast) recognized a number of the viruses but did nothing about them. Comcast has since switched to Norton.

Pingfah April 7 2010 08:41 PM

Re: I need some help, my computer has been taken over
 
Thats a nasty bugger you've got there, it'll be in your prefetch files and in your registry, you'll not be able to get rid of it manually unless you know exactly what you are looking for.

If you can get programs to run on the other account you need a free piece of software called Malwarebytes.

http://www.malwarebytes.org/mbam.php

It really is extremely good at tracking these things down. Only problem is these XPantivirus 2010 and all the varients of which, which it sounds like you have, are specifically designed to prevent the program running. However, once it is installed, if you change the mbam.exe file to mbam.scr you shoud be able to run it.

T'Baio April 7 2010 08:57 PM

Re: I need some help, my computer has been taken over
 
Buy a M...oh, forget it.

Lindley April 7 2010 09:28 PM

Re: I need some help, my computer has been taken over
 
Yeah, a McDonalds isn't going to help with this one.

bigdaddy April 7 2010 10:02 PM

Re: I need some help, my computer has been taken over
 
Quote:

Pingfah wrote: (Post 3979029)
Thats a nasty bugger you've got there, it'll be in your prefetch files and in your registry, you'll not be able to get rid of it manually unless you know exactly what you are looking for.

If you can get programs to run on the other account you need a free piece of software called Malwarebytes.

http://www.malwarebytes.org/mbam.php

It really is extremely good at tracking these things down. Only problem is these XPantivirus 2010 and all the varients of which, which it sounds like you have, are specifically designed to prevent the program running. However, once it is installed, if you change the mbam.exe file to mbam.scr you shoud be able to run it.

That is scanning for things right now. I think I got my anti-virus to actually "vault" the evil files. It took a few tries to get it to install and run but it's going.

I usually only get adware, which is real easy to get rid of, find the file through a scan and delete the folder titled "REHUygaUYH78954SDHGhgrhgs6". :lol: This one I'm like "What the fuck is going on?" It's sick.

Pingfah April 7 2010 10:15 PM

Re: I need some help, my computer has been taken over
 
OK, it may not be the end of your problems, as you need to be really thorough with these ones, they are so nasty.

If it comes back let me know because i've had quite a bit of practice at removing this particular kind from various computers at work, and just when you think you've got it cracked, BAM, it's back :lol:

bigdaddy April 7 2010 10:30 PM

Re: I need some help, my computer has been taken over
 
Thanks for the warning. It really is something evil.

bigdaddy April 7 2010 10:48 PM

Re: I need some help, my computer has been taken over
 
It's winning...

The Fatman April 7 2010 11:32 PM

Re: I need some help, my computer has been taken over
 
malwarebytes is good, I also recommend Microsoft Security Essentials, which is totally free and has an amazing detection/removal rate.

Omnius April 7 2010 11:52 PM

Re: I need some help, my computer has been taken over
 
Quote:

T'Baio wrote: (Post 3979088)
Buy a M...oh, forget it.

Or just run Linux ;)


All times are GMT +1. The time now is 04:06 AM.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
FireFox 2+ or Internet Explorer 7+ highly recommended.