Ok, I'm REALLY baffled now

RPGC Assistance Forums Technical Support Forum
#4

Good lord, my problems were even worse than I believed!

The thing with Windows Explorer turned out to be a virus- a second run of Spybot found and eliminated it. But then, later, my computer CRASHED! And Windows just wouldn’t turn on!

Fortunately, I was able to start it up on Safe Mode. That way it works fine (hell, it works BETTER than usual- if it had sound I might keep using Safe Mode all the time!) but when I reverted to normal mode, Google Chrome started opening page after after page and I couldn’t stop it! Apparently this is another, new virus, and I’ve tried everything I can, running all my antispyware and even doing a System Restore. It STILL happened! I was forced to remove Chrome from my system. Now I’m getting a window asking for it, which cannot be closed, but if I ignore it I can continue using my computer (as sluggishly as usual).

I’m now using Firefox again, despite even the latest version freezing and closing down on me occasionally. I guess I’m going to have to go back to Internet Explorer. -_- Not to mention that I’m not happy at still having that virus in my PC. Has anybody heard about it, or how it can be removed?

#5

Hmm…if you can, get Malwarebytes. It helps supplement Spybot in getting things it won’t pick up. (Remember, these generally just get rid of Spyware; not an alternative to virus scanning.)
Also, if you don’t have a Virus Scanner, pick up a free one like Avira or AVG, and run a full scan.
As per your particular virus, there could literally be thousands of viruses that do this very thing. Very hard to get specific about it.

#6

Ok, I installed Malwarebytes, and it found over 200 (!!!) infected files (assuming the program isn’t lying to impress people) and cleaned out all but about 3 of them, which it said had to be “deleted on reboot”. I assumed that meant I had to restart the computer, but after that the annoying window still opens. -_- Do I have to start the machine on Debugging Mode and remove those files myself?

#7

Try running the scanners on Safe Mode. If it’s still not working after that, then you can attempt to get rid of the files yourself.

#8

Ok, I ran Malwarebytes while on Safe Mode (and did a deep-system scan) and it found 20 more infections, and removed all except one: something called “gootkit” which (I googled it up) seems to be the latest in Trojans. At least I know exactly where it is so now I can delete it by hand- though I’ve never done that before and I’m worried I might harm my computer. I’ll see if a friend of mine who knows more about that than I can help. In any case thanks for the advice Ultra. :slight_smile:

#9

Update: I downloaded a program called UnHackMe! and used it to remove the registry virus, since I was worried about doing it myself.

I really like this program; it lets you choose what to delete, to keep (presumably inert) file copies in case you delete something important, and even checks online to verify if a suspicious file is a virus or not. Considering the only file it verified as bad was the one I already knew was the Trojan, I guess it did its job. :slight_smile: Though only time will tell of course. It’s only the 30-day trial, but I’m thinking of keeping it.

Let’s hope that’s the end of my virus problems; I was REALLY worried for a while there.

#10

ARRRGH. So much for it being over. No sooner do I open the system in regular mode that I get a multitude of self-opening Windows Explorer boxes (remember that the whole thing started with WE problems?) Why is this still happening? Is the virus invisible to both programs I downloaded or is someone re-infecting my machine? (I read that the purpose of some of these trojans is to steal passwords.) I’ll change my password this time just in case.

#11

Wildredo Martinez needs a new computer. Isn’t is always breaking?

#12

Oh yeah, if I could afford it I would have dropped this old thing LONG ago. Maybe if I get that study grant money I applied for I’ll be able to buy one.

PS. I’ve run both antimalware programs and they SWEAR the virus is gone but I keep getting the multiple-window thing. Maybe I should update my Windows Explorer?

#13

How exactly does one go about updating Windows Explorer

#14

Maybe he meant just updating windows in general?

#15

Zero: Yeah, that. But it’s academic now… MY PC HAS LOST ALL INTERNET CONTACT! : bowser:. (I’m posting this from a friend’s PC.) Also, I can’t close the firewall and all System Restore points were erased. I guess I got hacked REAL bad. I’m working with some friends on the matter but nothing’s worked yet; we tried bypassing the Ethernet card but the computer won’t accept the modem’s program, nor will it load the Ethernet drivers a friend brought on a pen drive. I have no idea if this is a software or hardware problem… or both. -_- Any suggestions? (Besides “buy a new computer” thank you.) I’m serious, folks, if I can’t fix this, this is it for Martinez’ online presence.

#16

You can easily run Windows in “safe mode” and have sound, you just have to start the services manually. Also, I’d avoid Firefox. That browser sucks.

#17

As i said on another thread, my computer problems are mostly fixed after a through reformatting. However… I fear the virus might STILL be in my PC.

Why? Because I can’t access my firewall; it’s turned off, and I can’t reopen it to start it up again. Also, my sound card isn’t working, in fact Media Player says it doesn’t even detect it anymore!

The only thing saved over from my older format were my Document files and music files (and I didn’t even intend to save the music, but my friend Frank assumed I would.) I think the virus, or a copy, might have been hiding in there.
Anyway, we did a full scan with AVAST and it doesn’t find anything, however a screen saying “Avast has blocked a DCOM exploit” keeps popping up.

So, what do I do now?

  • Should I run some other program to find the virus (all the ones I had downloaded were also erased in the reinstallation. Even this copy of AVAST is new.)

  • I suspect the sound card browsers might have been erased or corrupted. Should I reinstall them (and how do I find out WHICH ones I need?)

(Unrelated: Looks at Kasey’s new avatar… Geez, you’re already posting mocking pictures of your child online? You’re a baaaad girl!) :hahaha;

#18

be very careful what you are downloading, the programs could only compound the situation. alot of the malware removers, etc contain hidden stuff themselves.
that program unhackme is one I have never heard of . . . which doesn’t mean much. I have learned over the years that the so called removal tools actually plant back door trojans and other hidden toys on your system.
doing a system restore is unhelpful in this situation because some vicious infection just loooooooooooooooooove to hide in the restore files, hence why up until i install win 7 I always disabled the system restore.
ultimately it may come down to you having to do a low level format on your hard drive (option might be in your computer’s base system setup), I suggest getting the drive tools from the hard drive manufacturer and doing the low level format that way and then trying to reinstall your OS

#19

For the DCOM thing, read this: http://www.killertechtips.com/2010/01/14/avast-network-shield-blocked-dcom-exploit/
For the sound card, make sure to update/reinstall drivers for it. If you wiped everything, you won’t have nothing for it. As for finding what it is…no clue.

As far as the firewall goes, what firewall do you use exactly? Best recommendation I can offer for a firewall is ZoneAlarm.

#20

Thanks for the tips, folks. I tried reinstalling the Sound Card driver but it didn’t work. Might be that, since my PC is such an old model, the update did not fit, I got that warning from the download site. We’ve decided, to be 100% sure that the virus is dead, to reinstall AGAIN tomorrow, this time leaving the music files out. As I said, I’m only going to listen to Youtube music from now on anyway.

Dunno what you mean by “low level reformat” tho. Oh well Frank should know.

PS: The affected firewall is the Windows Firewall.

#21

there is a program available from the manufacturer’s website for the hard drive in your machine.
For example: for a maxtor hard drive you would download MaxBlast http://www.seagate.com/ww/v/index.jsp?locale=en-US&name=MaxBlast_5&vgnextoid=7add8b9c4a8ff010VgnVCM100000dd04090aRCRD
the low level format done on your hard drive isn’t something normal people woiuld hear of since it virually cleans your hard drive down to the core, effectively wiping out all traces of programming on the hard drive.
and that is something the authorities don’t actually want in case they want to investigate you.

#22

OK, we had to postpone the re-reformatting for a few days (Frank is busy) so I tried to find my sound card drivers and download them to see if that fixed it, but after spending all day online and downloading a lot of stuff, I’m still soundless. :frowning: I tried using programs like DriverDetective that look for and install the drivers for you, but wouldn’t you know, you have to pay for the full features (and I do not own a credit card.) Sigh I guess I’ll have to wait until we reformat again. (Btw, that low-level thing sounds risky… if things get THAT bad, I’d rather just get a new harddrive.)

The only upside so far is that I finally found out the manufacturer of my machine (Asus). That may help in getting the right drivers (though the ones I got from their website didn’t help so far.)

#23

not risky at all, I’ve done it many times when I had viruses or spy ware I could not get rid of.
if you take your machine to a computer tech, he/she might do the same thing just to make sure the infection is gone.

Downside is that usually the program for the low level format is put onto a floppy or A:\ drive disk. But I guess now a days you can put them on a usb stick provided your computer allows for a usb boot up.