I need some help, my computer has been taken over

Discussion in 'Miscellaneous' started by bigdaddy, Apr 7, 2010.

  1. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    I think so but I'll try again.

    This thing is the antichrist.
     
  2. Pingfah

    Pingfah Admiral Admiral

    Joined:
    Feb 28, 2005
    Location:
    Pingfah
    Have you identified the process/es that are running when the xpantimalware thing pops up?

    You need to look at the process tree in the Task Manager and find out what it is by ending suspicious looking processes until the pop ups disappear, identify the .exe process and make a note of it, then i'd suggest booting into safe mode and running the malwarebytes software from there.

    Once that is done, before you boot back into normal mode, search the computer for any reference to that process, you may find left over bits and bobs in the C/Windows/Prefetch folder, and a search of the registry for the process name may reveal some left over keys that malwarebytes didn't pick up.

    You have to clean it out completely and utterly, just deleting things won't help, it won't be in any of the normal places like program files, probably not even in your local internet files, it's far more insidious than that.

    You need to be very methodical. In fact, if you just start deleting things you are likely to simply render your PC inoperable before you solve the problem.
     
  3. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    Malwarebytes scanned the computer, found 6 things and deleted them. For the time being the computer is running somewhat normally. I have a feeling that it isn't all gone though, because it is evil.

    Thanks everyone.

    I was only going to start deleting things if nothing else worked. If that fucked the computer up I would have just reinstalled Windows anyways.
     
  4. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    I don't think it's fully gone, the computer has been slower than normal.
     
  5. Australis

    Australis Writer Admiral

    Joined:
    Mar 12, 2005
    Fire up Task Manager, see what kind of CPU/RAM usage is going on, see if there's an odd process running, look up the process on teh interwebz. That's what I usually do as a prelim.
     
  6. Snaploud

    Snaploud Admiral Admiral

    Joined:
    Jul 5, 2001
    Location:
    Massachusetts, USA
  7. Docbrown777

    Docbrown777 Rear Admiral Rear Admiral

    Joined:
    Jun 23, 2001
    Location:
    One step ahead of the Heat
    Yeah that's good stuff. I run Malwarebytes and Security Essentials.

    A recent attack I had did the fake scan thing and then through the fake scan tried to tell me that Malwarebytes was a virus and "click yes to delete." Of course I said no. I downloaded Security Essentials which blocked the malware/virus from stopping me from using Malwarebytes. Ran Malwarebytes and was finally clean.

    These fake security things are becoming rather common. It's horrible stuff. You can get it from just clicking a link to an infected site. I got it once from going to a fake sports site a person linked to on another message board and the second time I got it by going to a site to illegally watch episodes of The Simpsons. They look like normal websites and then suddenly your computer starts going nuts!
     
  8. Mr. Laser Beam

    Mr. Laser Beam Fleet Admiral Admiral

    Joined:
    May 10, 2005
    Location:
    The visitor's bullpen
    bigdaddy, have you considered just doing a reformat and reinstall of the whole computer? Surely that would kill any viruses you may have, wouldn't it?
     
  9. Stiletto

    Stiletto Fleet Captain Fleet Captain

    Joined:
    Jan 10, 2002
    Go to Microsoft's site and find their program called "Process Explorer" (which they got from Sys Internals) http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx. Process Explorer is a better version of Task Manager. Start it up and scroll down to the bottom of the list, these are programs that are user run (in a sense). The programs should show where a file is running from and who the maker is. Ignore the Microsoft ones and any others that sound familiar, the ones with no Description need a closer look and are usually purple in color. Hover over a process and it will show you where the file is (usually something like c:\windows\skjlfdjlask.exe) and write down the path. Right-click the name of the program, and select "Kill Process", then go to the directory and find the file. Don't delete it yet, just rename it to skjlfdjlask.exe.OLD (or whatever, just incase it is a file that actually needs to be there) and restart the computer. If the virus/malware doesn't come back, run a virus/malware scanner (I LOVE Malwarebyte's) and it should get rid of it, or delete the file by hand.
     
  10. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    Thank you guys and gals so much! It seems the main problem is when I start it up, it now takes at least 15 minutes to run Firefox. The computer is 7 years old (I think) but I had Windows reinstalled and it has worked fine ever sense until now. I'm busy now, but I am using MS Security Essentials along with Malwarebytes.
     
  11. Australis

    Australis Writer Admiral

    Joined:
    Mar 12, 2005
    Which version of FF? Some versions were real memory hogs. From 3.0 on it's better.

    I'll have to give that Process Explorer a try, thanks, Stiletto.
     
  12. bigdaddy

    bigdaddy Vice Admiral Admiral

    Joined:
    Oct 19, 2007
    Location:
    Space Massachusetts
    It's 3.6 I think, I just updated it a few weeks ago.
     
  13. Non Sync

    Non Sync Captain Captain

    Joined:
    Aug 9, 2002
    Location:
    Mission Viejo, CA