Results 1 to 23 of 23
  1. #1
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Angry Need virus help
    Hi all,

    Hubby, unbeknownst to me, has had no virus protection on his XP machine. A couple of days ago some emails he sent bounced back with virus flags on them. Hubby says his computer's been running slow for a few weeks.

    Today he buys a copy of Norton Antivirus (no lectures please) and tries to install it. Error message appears that he isn't logged in as admin and therefore can't pass correct permissions to Norton so it can't install. He hollers for me to come fix it...of course.

    I follow the instructions to modify permissions in REGEDIT and discover three very weird things:

    1. There are two copies of his username, one with full permissions and one without
    2. There are two copies of some other username which escapes me for the moment, one with full permissions and one without
    3. When I try to change the permissions to "full" on one of the usernames it won't take the change

    If I knew what virus was on his PC I'd try to remove it, but I don't have a clue. Can anyone take an educated guess which it is?

    Should I delete the duplicated usernames and try REGEDIT again?

    : sobbing :

    Please help. We never argue but this is threatening to become a BIG argument.

  2. #2
    Prince of Content Vinny O'Hare's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,126
    Rhea
    It sounds to me like some trojan virus I had once. It assumes a new identity and makes that one the admin. I wouldnt edit the registery until i knew for certain what it was.

  3. #3
    Newbie
    Join Date
    March 13th, 2005
    Location
    SC
    Posts
    9
    Go to mcafee.com, at the top you'll see a menu with 'virus information' on it. Scroll over that and click on virus removal tools. When you arrive at the next page, you'll see a list of viruses. Click the link that says Get Virus Removal Tool Now, which is free to download btw. Its called stinger. You should be able to d/l and run that on your pc to clear it up. Even though there are several viruses listed, the tool is the same for all of them, and it will kill trojans and worms as well.

    It has worked for me in the past. Probably worth a shot.

  4. #4
    Prince of Content Vinny O'Hare's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,126
    Yeah have you tried a free online scanner. housecall is another one that might work or at least let you know what you are trying to fight

  5. #5
    Prince of Content Vinny O'Hare's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,126
    Last edited by nyfalcon; March 13th, 2005 at 09:04 PM. Reason: edit url

  6. #6
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Thanks all. I'll give these a whirl tomorrow morning after hubby's left for work. He's beating himself up for not having installed virus protection so we're kind of avoiding talking about the problem. I'm hoping to have it fixed before he gets home from work.

    In the meantime I tried MS's malware removal tool and it didn't find any viruses on his machine.

    I also want to look at my own registry keys to see what normal sets look like so I have something to compare to hubby's funky sets.

    So if we can't identify the virus we can't find instructions to remove it. In that case, is our only option to reinstall the OS? If anyone can think of any more resources I'd appreciate it a lot.

  7. #7
    Newbie
    Join Date
    March 13th, 2005
    Location
    SC
    Posts
    9
    The stinger shouldn't have any trouble detecting and removing the virus for you. That being the case, I don't think you'll have to go as far as re-installing the OS. In fact, I installed it on a friend's pc and wiped over 100 viruses on a single computer. Talk about poor performance, you couldn't do anything with it hardly. You couldn't even shut the computer off. Also, it is very important to turn off your system restore function for XP before running it. Otherwise, it'll put the virus files right back on your system. It's a fairly quick d/l and extremely simple to use.

  8. #8
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    wow that housecall.trendmicro one found 58 on my laptop I must admit most of them were in the adawaresafe qurantine folder so I deleted them any way. Thanks for the tip.

    BTW Does anybody know if AdawareSafe is a good program please?
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  9. #9
    Newbie
    Join Date
    March 8th, 2005
    Posts
    13
    I've never heard of it Gordon. Is it a spyware/adware tool? If so, those were not designed to find normal virii. For spyware I recommend MS anti-spyware (free, a beta release), Lavasoft AdAware (free) and SpyBot Search & Destroy (free). Yep all three at the same time. Not one of them will find all spyware plagues.

    About the virus on hubbies PC, some virii are known to disable the known anti-virus software (like Norton). And some do indeed make it virtually impossible to install software like Norton when they are already settled on your PC. I suggest you try the online scanners (there are more, Symantec used to have one and Panda has one as well). Then, if things are cleared, try and install Norton again. Also it might help if you boot the PC in 'safe mode'. That might temporarily disable the virus giving you an opportunity to install Norton.

    I haven't tried that stinger tool, but it sounds good to me.

    Rolf

    Edit: is Adawaresafe a paid version of Lavasoft AdAware perhaps? I don't think so though.

  10. #10
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Thumbs down
    It sure is getting easier to get a bundled, or drive-by install, of both backdoor viruses and adware as "infestation" is the name of the S/W affiliate game. Lax policing of BHO's, coupled with the operators turning a blind eye to sleezebag infestation partnerships, assures evermore victims of the Adwhore browser spammers.

    Pushing Microsoft's Anti-Spyware program is the safest bet for affiliates as it doesn't target network cookies by default. It will tag some Adware bundled viruses, but like most, will have trouble removing them unless run from the SAFE MODE with XP auto-restore disabled. Last 6 of 8 Spyware/Adware exorcisims I performed had bundled computer viruses specifically written to disable Windows Updates plus, Norton, Ad-Aware -SpyBot updates or installs. Some whacked Zonealarm too often disabling broadband ISP Winsock access to the internet.

    Theory by the Adwhores and info scrappers is if they can't monitize this victim ...just trash their system, where only a Triple XXX dialer or crappy AOL access account remains. Microsoft's package does get some viruses targeting their scan and update but it doesn't block hidden installs on a clean system with a good anti-virus and firewall in place. It's Heaven to see Norton and MS Anti-Virus taking turns whacking the BHO perps and viruses scrambling for a hole when the long cleaning process takes a turn for the better. Amazing that the infestation partners then stuff the regulars like IGive, E2Give, eBates, Gator, 180Solutions through the last Windows holes before giving up the Ghost....ROLMAO.

    SpywareBlaster 3.3 completes the arsenal as it does prevent most Adware/Spyware infestations, offers a good system registry backup/restore, blocks BHO infestation partner sites. JUST WARN and beg your sites visitors to uncheck and remove Bfast -CJ and Lynksynergy blocking or no commissions will occur. Nice list of sleezebag affiliate sites who prey upon shoppers getting fees for installing crapware is included to block them at the HOST file level. Click before surfing with IE or Netscape/Firefox.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  11. #11
    ABW Ambassador Packy's Avatar
    Join Date
    January 18th, 2005
    Location
    Syracuse
    Posts
    4,205
    Rhea,

    I don't know if you fixed it yet but when my kids comp had several viruses I used a few different programs to clean it up. One was the one Falcon mention housecall.trendmicro and another good one that found a bunch of stuff was from Panda which is at http://www.pandasoftware.com/actives..._principal.htm

    It's a good free online scan. I don't think it removed the spyware and a couple of the viruses but if you save the log file it was pretty easy to go through and find the files to delete. RoadRunner suggested using at least 3 different virus scanners which seemed to do the trick. You might want to turn off the system restore until you know the comp is clean. Something that always worried me in case I deleted something important but their comp was at the point of having to do a complete reinstall if it didn't work anyways so I wasn't too worried. Good Luck

  12. #12
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Okay, Packy I'm embarrassed. How do you turn off system restore?

    I'm running TrendMicro on hubby's computer right now. He's very lucky I love him so much coz otherwise I'd be tempted to scream at him for being so cavalier with his computer's safety. (Counting to ten. Again.)

  13. #13
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    If you are on XP: Start --> Programs --> Accessories --> System Tools --> System Restore --> System Restore Settings --> Tick the box to turn it off on the first dialogue screen.

    Just remember to turn it back on once you have the computer lined out.

  14. #14
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    Just a word of advice that might speed it up a bit for you Rhea

    When the Housecall.trendmicro program has finished its run it gives you a list of the infected files and the directorsy it is in, don't look for them individually, sometimes you will find 5 or 6 files all the same name but in different folders just use your computers file search app. and when they all come up delete them all in one go. You will have to do a new search for each different file name but I found it faster than searching for four five or even six different folders for the same file name.
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  15. #15
    Newbie
    Join Date
    March 8th, 2005
    Posts
    13
    I was also thinking that perhaps it might help if you hit CTRL ALT DEL and go to the running processes. You mentioned that multiple user accounts had been created. Just go and see which processes are ran by which users. Then kill the processes that are ran by the users that might have been created by the virii. If that works, you could try and install Norton again. Who knows, it might work?

    Rolf

  16. #16
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Guess what?

    Housecall found NOTHING. I'm more confused than ever. MS didn't find anything wrong and TM didn't find anything wrong. What the heck is going on?

    I'm going to try PandaSoft next.

    Kellie, thanks for the info about turning off system restore.

    Rolf, When I saw in REGEDIT that there were two pair of identical userids with different permissions I looked at the apps/processes list and only saw hubby's userid. It's not possible to determine which of his two userid's I was looking at however (the one with admin permissions or the one without admin permissions).

    Thinking out loud...what if there is no virus on hubby's PC? What if the emails that bounced with virus flags were in error? What else could possibly be causing hubby's PC to be so darn slow? Is there something he might have done accidentally to cause dupes in userids? Perhaps when he installed some software it messed up REGEDIT somehow?

  17. #17
    Newbie
    Join Date
    March 8th, 2005
    Posts
    13
    Hmm, but then you should still be able to install Norton. Not being able to install that is usually a good (bad) sign that some virus is present. Is it possible to delete the added user account through the Windows control panel?

    You could also still continue and kill the running processes that were initiated by the user ID of your husband. Those processes aren't needed to run Windows. You could even kill some SYSTEM processes, but not all, or else Windows will reboot. Well you can experiment with it, it won't do much harm. Everything will be loaded again on the next boot-up.
    I don't really know what else to say. Try the Panda one, and that tool called stinger that was mentioned. Another good place to look for weird things is in your registry:
    HKEY_localmachine>>software>>microsoft>>windows>>currentversion>>run
    Check all the keys that you see. If you don't trust certain programs that are listed there, punch them in into Google and see if they are mentioned as virus threats.

    But I guess the stinger tool and the Panda online scanner are first on the list.

    Rolf

  18. #18
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Panda's still running but it says it's found a virus. I just hope it's something that's easy to eradicate.

    So what do you guys think I should wring out of hubby for putting me to all this trouble? Dinner at a nice restaurant? Jewelry? A relaxation tape?

  19. #19
    Newbie
    Join Date
    March 8th, 2005
    Posts
    13
    A new computer and a huge TFT screen?

  20. #20
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Rhea,

    Just went back and read your first post. You should go to control panel and go to Users. See what it says there for what all users are on the computer and what permissions you hubby has when he logs on. Depending how Windoze was configured at set-up, there could be 2 sets of ID's (one admin and one not). Hubby might have the default user log in to be the one that is NOT the Admin. Norton's is gonna want to install over all users accounts and this usually has to be done logged on as the Admin of the computer. Just depends how permissions have been set.

    Also...I get faked bounced emails with virii attached all the time. So that doesn't necessarily mean you have an infection (unless hubby opened the attachment). I get faked bounced email all the time. I also get (thankfully much less freqently now) bounced spam email because spammers are spoofing my addy as the send email.

    As far as slowness of his computer. When was the last time he ran maintenance like defrag and scandisc on his PC?

    To get a really good snapshot off all processes running on the computer (many that won't show just through TaskManager), install and run hijackthis or xraypc. Google the name of any processes you don't recognize as legit processes.

  21. #21
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    Panda is cool...I used it on a NEW Laptop the company bought the other week and found 1 Virus and 5 Adware, Since then I have loaded it with AVG Anti Virus (free), StopZilla ($39 I think) and MS AntiSpyware (free)

    Cheers

    Chris
    Affiliate Marketing by AMWSO. Skype - chrissanderson ::: TEL 1-720-336-1784 ::: www.amwso.net
    Join our affiliate programs :Vaper Empire, Iolo, Art of Tea, or See ALL our Programs here

  22. #22
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    So what do you guys think I should wring out of hubby for putting me to all this trouble? Dinner at a nice restaurant? Jewelry? A relaxation tape?
    heck go the whole hog, A full on luxury dinner with Jewelry thrown in as a sweatner, followed by an evening out at a concert of your choice

  23. #23
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    I thought Panda had found something but it turned out to only be spyware. If three virus detection apps couldn't find a virus then I'm going to proceed on the assumption that there is NO virus.


    Kellie, you guessed right about maintenance on that machine. Hubby says he's never defragged it. Holy cow. He also never downloaded MS patches. When you think about the vulnerability on that machine it's kind of amazing that he doesn't have a couple dozen viruses! Fortunately his online time is mostly spent playing chess, an activity that's not likely to get him into much trouble!

    Anyway, last night he decided to contact Symantec's help line. He spent an hour and a half on the phone with tech support and I'm not sure what the outcome was. He's taken back oversight of his own computer which is just fine with me. After he leaves for work today I'm going to run defrag on his C drive. I figure it will take most of the day to run.

  24. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Virus?
    By Cheesehead in forum Virtual Family and Off-Topic
    Replies: 11
    Last Post: February 10th, 2004, 09:13 PM
  2. Virus
    By dete99 in forum Virtual Family and Off-Topic
    Replies: 6
    Last Post: November 10th, 2002, 08:15 PM
  3. New Virus?
    By Packy in forum Midnight Cafe'
    Replies: 11
    Last Post: January 28th, 2002, 10:02 PM
  4. Another NEW virus
    By Monstrphil in forum Midnight Cafe'
    Replies: 8
    Last Post: December 11th, 2001, 07:33 PM
  5. Another new virus ?
    By Elisac in forum Midnight Cafe'
    Replies: 8
    Last Post: December 10th, 2001, 03:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •