I need some help, my computer has been taken over

Discussion in 'Miscellaneous' started by bigdaddy, Apr 7, 2010.

  1. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    Tuesday night at around 11pm my computer had this annoying "XP Antimalware 2010" thing pop up, it's obviously some type of virus, or adware so I tried to get rid of it. I think disabled AVG free virus checker because that hasn't been working since then too. After an hour of it being annoying I went to bed.

    I woke up today and I can't open anything but folders. Everytime I try I get this... "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item".

    So what the hell do I do? I have two accounts on the computer and it's only attacking the main one, the administration one, for now. Usually I only get adware things on the computer, those are easily found and deleted, but now I can't really do anything. Unless I plan on going folder to folder looking for it. I really don't want to reinstall Windows because I just did that like 6 months ago.

    Any help (besides saying "buy a Mac) would be great. :)
     
  2. farmkid

    farmkid Commodore Commodore

    Joined:
    Jun 1, 2005
    This is malware. It masquerades as a security program that "finds" infections on your computer and wants you to upgrade to its full paid version to remove them. It's really just holding your computer hostage. A quick Google search will find you instructions on how to remove it.
     
  3. Jadzia

    Jadzia on holiday Premium Member

    Joined:
    Apr 25, 2008
    Location:
    England
    I recently cleared a malware program off my computer. I noticed whenever I changed the date, it would try to access the internet, and I thought that was odd.

    None of my AV software detected any problems, but running Process Explorer, I could see a suspicious dll with random letters as its filename, that was running as a thread in explorer.exe. The dll was encrypted somehow, and refused to delete, even when the thread was terminated.

    (Process explorer is portable software that you can unzip to a usb stick and run it from there without installation.)

    I used a Live copy of Knoppix to boot my computer and access the hard drive that way. I deleted the suspicious dll as well as a couple of other files with the exact same date/time.

    Computer no longer tries to access the internet when I change the system date.
     
    Last edited: Apr 7, 2010
  4. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    Thank you both, I have been spending hours trying to figure something out, I have no clue where to start.
     
  5. Mr. B

    Mr. B Vice Admiral Admiral

    Joined:
    Dec 28, 2002
    Location:
    New Orleans
    How hard would it be for you to back everything up and just wipe the machine?
     
  6. propita

    propita Rear Admiral Rear Admiral

    Joined:
    Mar 9, 2001
    Location:
    fresno, ca, us
    A friend did just that on my other laptop. He had to go through each file as I had not backed them up--but that the backups themselves could've been infected anyway, so backups might've been pointless. DOZENS of viruses.

    He said McAfee (came with Comcast) recognized a number of the viruses but did nothing about them. Comcast has since switched to Norton.
     
  7. Pingfah

    Pingfah Fleet Admiral Admiral

    Joined:
    Feb 28, 2005
    Location:
    Pingfah
    Thats a nasty bugger you've got there, it'll be in your prefetch files and in your registry, you'll not be able to get rid of it manually unless you know exactly what you are looking for.

    If you can get programs to run on the other account you need a free piece of software called Malwarebytes.

    http://www.malwarebytes.org/mbam.php

    It really is extremely good at tracking these things down. Only problem is these XPantivirus 2010 and all the varients of which, which it sounds like you have, are specifically designed to prevent the program running. However, once it is installed, if you change the mbam.exe file to mbam.scr you shoud be able to run it.
     
  8. T'Baio

    T'Baio Admiral Admiral

    Joined:
    Oct 18, 2001
    Location:
    Ontario, Canada
    Buy a M...oh, forget it.
     
  9. Lindley

    Lindley Moderator with a Soul Moderator

    Joined:
    Nov 30, 2001
    Location:
    Bonney Lake, WA
    Yeah, a McDonalds isn't going to help with this one.
     
  10. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    That is scanning for things right now. I think I got my anti-virus to actually "vault" the evil files. It took a few tries to get it to install and run but it's going.

    I usually only get adware, which is real easy to get rid of, find the file through a scan and delete the folder titled "REHUygaUYH78954SDHGhgrhgs6". :lol: This one I'm like "What the fuck is going on?" It's sick.
     
  11. Pingfah

    Pingfah Fleet Admiral Admiral

    Joined:
    Feb 28, 2005
    Location:
    Pingfah
    OK, it may not be the end of your problems, as you need to be really thorough with these ones, they are so nasty.

    If it comes back let me know because i've had quite a bit of practice at removing this particular kind from various computers at work, and just when you think you've got it cracked, BAM, it's back :lol:
     
  12. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    Thanks for the warning. It really is something evil.
     
  13. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    It's winning...
     
  14. The Fatman

    The Fatman Captain Captain

    Joined:
    Sep 2, 2001
    Location:
    Buffalo, NY
    malwarebytes is good, I also recommend Microsoft Security Essentials, which is totally free and has an amazing detection/removal rate.
     
  15. Omnius

    Omnius Vice Admiral Admiral

    Joined:
    Apr 19, 2006
    Location:
    ::1
    Or just run Linux ;)
     
  16. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    Yes, run a program no one uses so no one bothers making viruses for it. :-p

    If someone would like to buy me a Mac I would gladly take it. ;)
     
  17. Australis

    Australis Writer Admiral

    Joined:
    Mar 12, 2005
    Spybot S&D is another good one for finding and killing viruses.
     
  18. TheGodBen

    TheGodBen Rear Admiral Rear Admiral

    Joined:
    Nov 30, 2008
    Location:
    Ireland
    Spybot used to be very good, but a few years ago when I worked in tech support it didn't seem to work on this type of malware (back then it was called XP Antivirus 2008/9) while Malwarebytes was excellent at getting rid of it. Maybe Spybot has improved since then, I don't know because once I stopped working there I stopped caring about viruses.

    Antivirus/Antimalware 20XX is a horribly annoying little program, I almost wish there was a hell just so that whoever wrote it would go there. I once had to deal with a guy who was infected by it, paid to install it, paid my company to get rid if it, got infected by it again, paid to install it again, then paid us to get rid of it again. All in the space of two weeks.
     
  19. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    The program keeps closing by itself after a few hours, really annoying. I'm trying MS Security Essentials. If that doesn't work I'm going to start deleting everything until I get the fucking bastard.
     
  20. farmkid

    farmkid Commodore Commodore

    Joined:
    Jun 1, 2005
    Did you follow the directions available at many sites that come up when you do a Google search for it? There are a few other things you have to do before you run Malwarebytes.