Think I have a virus

vbimport

#1

Using windows vista. Task manager does not come up as an option when i use ctrl-alt-del, and using run and typing taskmgr doesn’t work either (I get a message saying it has been disabled by administrator, I have 1 account only on this laptop and i am the administrator).

Also the windows firewall has disabled itself (internet security and malware protection options are still ticked and running, just the firewall has been turned off) and cannot be turned back on (the off box is ticked and all options are greyed out and unclickable).

I have run full system scans with avg, avg-as and windows defender turning up nothing.


#2

try Super anti Spyware free version


#3

Bummer the free version doesn’t remove the problem.

Anyway, it showed me all kinds of nasties and I bought the program and removed all of them.

I can now access task manager absoloutely no worries, but I still cannot change any settings on the windows firewall and its set to ‘off’ now.


#4

http://www.microsoft.com/technet/security/secnews/articles/gothacked.mspx

[B]The only way to clean a compromised system is to flatten and rebuild.[/B] That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation


#5

Ok I guess that will be my next course of action.

However, the only thing not as it is normally is my firewall. I now have a real time protection program (paid for it so not some freeware thing) running 24/7 along with freeware avg + avg-as and windows defender. That given would I actually need to worry about it getting any worse?

Also I’ve run full anti-virus scans with all the programs I have, as well as running both avg programs in safe mode.

So long paragraph short: given what I have protecting the computer now I shouldn’t have to worry not having this firewall or should I?


#6

AV and Firewalls are not guarenteed to keep you problem free. They are a good start, but can not completely protect the user from new problems.

You may not need to reformat, fully compromised system refers to a root kit or other severe problem (which you may not have)

Do this and see if it helps.

  1. Turn off computer and boot into safe mode. To do this turn computer completely off, and then turn it back on and immediatly hit F8, once the boot menu appears select Safe mode with networking.

  2. Delete Temporary Internet Files, and Temp Folders (Not the end of the world if you do not do this)

  3. Install and run Ad-Aware and Spybot Search and Destroy. Many times one will install and the other will not (says admin privs needed). Anyway run those and remove everything they find.

  4. Turn Off or disable your AV. Different AV apps catch different problems. Install a 30 day trial of Kaspersky or NOD32. Do a full system Scan.

NOTE You may have to do 5 before step 4, if neither spybot or Adaware will install.

  1. Uninstall the trial AV app you installed. Update and run your AV app.

  2. If they (the AV apps) could not remove a problem, but reported the full name, go to Google and type <Insert Virus Name> removal tool.

Use this app, or outline of steps to manually remove the problem.
This will fix 99.9% of all problem virus related. Your problem (task manager missing) may not be virus related though.

So to fix any system files removed by the AV, or otherwise corrupted/Missing run Windows File Protection (Repair install not needed, unless you can not boot in to the OS)

  1. Go to start and in the RUN box type “sfc /scannow” without the quotes. This will replace all system files with the correct version if missing/corrupted.

NOTE You will need an OS installation disc for whatever OS you are running for SFC to fix problems it finds.


#7

I’ve had to fix someone’s malware inflicted PC with a similar problem, not being able to turn on/off the Windows firewall. Even after doing most of what bjd223 outlined with installing ad-aware, spybot, additional av program in Safe Mode, I could not fix this issue and ended up doing a repair install of XP (which, to my surprise, kept all data and programs intact - I did make a backup image first of course). That PC has been running fine again for 6 months or so now (IE6 and OE were still broken after the repair, but an update to IE7 fixed it and OE isn’t being used). Didn’t know about the Windows File Protection trick, thanks for that.


#8

Here’s how you can clean a computer (unless it has hundreds of viruses)

  1. Disable System Restore
  2. Grab Spybot Search 'n Destroy
  3. Install + Update
  4. Grab latest Kaspersky Anti-Virus Beta/Alpha (they work fine and removes viruses) at Betanews.com
  5. Install + Update
  6. Unplug Internet and rebook
  7. (Re)boot into safe boot
  8. Run Spybot and remove any spybots it may find
  9. Reboot
  10. Run Kaspersky scan, if it tells you it needs to boot remove a virus make sure to scan again to make sure its gone (may take a few reboots sometimes).
  11. Run Spybot again to confirm that everything is in order
  12. Connect computer to network/Internet again
    //Danne

#9

Ok when I have the time to go through that list all in one go I’ll be doing it.

One question though, since the firewall cannot be turned on I know there is still a virus here, but why on earth can’t avg/avg-as(both avg’s also done in safe mode)/STOPzilla (non-freeware version)/windows defender at least pick up the virus so I know what it is?


#10

Because its not in their database
//Danne


#11

I’ve scanned with the following so far:
Spybot
Adaware
Kaperspye
STOPzilla
AVG
AVG-AS

I still can’t activate my firewall. Aside from reformatting the computer what other options do I have?


#12

Hi :slight_smile:
Welcome onboard daedulus. :iagree: :clap:
Boot from your Vista disc & choose repair, not install.
You could if you wish, first try [B][U]AdvancedWindowsCarePersonal[/U][/B] , which is free.
Download & update. Then run.
This program may (or may not ) solve broken/missing/misplaced links etc. Apart from loads of other things.


#13

[quote=mciahel;2000117]http://www.microsoft.com/technet/security/secnews/articles/gothacked.mspx

Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation[/quote]
I agree with you mciahel, that is the only positive way of knowing it is gone for good.:iagree:


#14

You can go to www.geekstogo.com and post a Hijackthis log and they will help you remove the malware and help you fix whatever problems you have. Since you already installed avg antispy you should disable the shield and also on spybot -do not install teatimer or it will keep in the spyware. After you post a log they will tell you how to remove the spyware or malware. Good luck. This is a free service but be patient as alot of people need help.


#15

maybe having windows firewall turned off isn’t so bad after all :wink:

try installing zonealarm free firewall and see if it gets turned off as well


#16

[QUOTE=mciahel;2000117]http://www.microsoft.com/technet/security/secnews/articles/gothacked.mspx

Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation[/QUOTE]

I too would agree with this. :iagree:

Although I’d try BJ’s suggestion first, if only for curiosity’s sake. :wink: