CPU virus question
 

I think I may have a virus on my CPU. It only manifests itself on my wife's login and not on mine. Any ideas as to what this could be? Her IE doesnt work, when opened it says Windows Explorer is infected and gives options to buy an Antivirus software, which is obviously bogus. Why is my user fine and hers infected? :confused: I also cant open anything on her side without a security alert showing up saying the file is corrupted. Any ideas? We dont have an anti-virus software.

Re: CPU virus question
 

Google AVG virus scan. It is free and does a decent job. Also empty your history file and cookies.

Re: CPU virus question
 

what version of windows are you running?

Re: CPU virus question
 

She clicked on something that downloaded this. I understand it's very difficult to get rid of. Not uncommon- in fact it pops up and when you try to "x" out, it downloads itself. Someone said the only way to prevent this is to shut down your computer right then and there w/o clicking on anything having to do with the pop up. Hopefully an IT pro can help you with it. Not sure why it's just she and not you both- unless it discerns log-ons as seperate entities.

Oh- and get some anti-virus! There's free stuff out there that will protect you. Good luck!

Re: CPU virus question
 

oops!

I prefer Comodo anti virus (also free) plus get ad-aware, a great anti-adware program. PM if you need more info, I'm great with computers. I'd even be willing to talk you through something over the phone if you need it brother, this was my job for a long time...

Re: CPU virus question
 

I have McAfee Security Center but I never renewed the subscription. Will buying this and running it clear the infection?

Re: CPU virus question
 

probably not. My advice here is to offload any files you need from her account to an external Hard drive. Delete her account. Install AVG free or another anti virus. Defrag your hard drive. Then set up a new account, connect the external hard drive, scan it, clean it, then delete that account. Defrag again, setup a new account for her and tell her to never randomly click on stuff again. For web browsing, I would setup a separate account with no admin privileges and let her use that for web surfing. Delete it occasionally and make a new account.
I am a computer engineer whose wife constantly infected her machine via myspace, facebook, etc...

It sounds like overkill, but it is the best way, I have found to deal with Windows viruses. Or buy a Mac and install anti virus from the get go.

Re: CPU virus question
 

There are literally hundreds if not thousands of different malwares out there. Many of which could cause this type of problem.

Try using adaware first. If it doesn't solve the problem you may need to attempt to isolate the process that is running and use your administrative tools to cause it to stop running and to not auto-start.

If you cannot isolate the process you can try to do msconfig scenario where only the most basic and vital processes will boot when the is does. From there you can attempt to run adaware again, as well as antivirus and such other stuff.

If you can boot in safe mode it may give you the ability to try to investigate the problem without having it pop up every 3 seconds and causing system crashes.

Re: CPU virus question
 

with this kind of virus it is debatable(some of these big system viruses can be a *****!). Seeing as its only affecting 1 user though, it should be easy to get rid of.

Mcafee isnt on of my favorites but they do work, its a big system hog though, IMO. Every AV,firewall ect has its holes though none of them are perfect.

favorites have been symantic(my AKO corporate version), bitdefender and panda. that i have used.

Re: CPU virus question
 

You won't make it any worse if you do. And besides if it is a virus then it should find and fix it.

Re: CPU virus question
 

Erick, there are FREE anti-virus programs out there that are just as good (read "better" than McAfee).

http://personalfirewall.comodo.com/free-download.html

choose your operating system and then select "Download Comodo Internet Security for Windows"

and adaware:

http://download.cnet.com/Ad-Aware-Fr...bj=dl&tag=top5

:tu

Re: CPU virus question
 

I just ran my Malwarebytes Anti-Ware and it didnt find any infected files. Now I am doing this from my user not hers since nothing works on that side.

Re: CPU virus question
 

It should scan the whole computer, regardless of logged in user. Try a different program
Posted via Mobile Device

Re: CPU virus question
 

Anyone know if I need to download a 32 or 64 bit program?

Re: CPU virus question
 

Nevermind found it. I am downloading the Comodo software now.

Re: CPU virus question
 

I think you may be infected with one of the versions of "Antivirus 20xx"

Here is a link with instructions on removal. I took the first resuls from google so there are other options. google "Antivirus 2001 removal"

As a side note, it is very easy to get, and a pain in the ass to remove. Only antivirus program I have ever had to catch it was Kaspersky..

There was also a thread about this on here... lets see if I can find it

Here is the previous thread http://www.cigarasylum.com/vb/showth...=virus+removal and it has some good info as well

Re: CPU virus question
 

When doing the malwarebytes scan are you choosing full scan or smart scan? It is very odd that it won't pick up on the trojans/malware in your other users folders.

First, make sure you update it. There is an update tab. I have had it update to a new version within an hour, so always update first before you scan. Try doing a full scan and make sure every user is chosen. That should find something. Remove what is found and let it restart.

If that doesn't work, unplug/disconnect the internet and boot up safe mode. Then run a full scan of malwarebytes from there. Again, remove any trojan/malware found and let it restart.

Also, if it finds something, I would suggest going here: http://support.kaspersky.com/viruses...?qid=208280684

Download that TDSSkiller software and run it. If it finds something, it will get rid of it 99% of the time. If it is still happening after the tdsskiller has run, post back in this thread and I'll give you some more links and help if I can.

Re: CPU virus question
 

MiamiE make SURE you uninstall McAfee first before you install Comodo. Again, if you have questions, please PM me brother.. Viruses can be a long painful process.

Re: CPU virus question
 

It would also be a good idea not to have the Internet hooked up on your wifes log in. Download everything you need on yours and install it on hers without the Internet.

Take a look at Majorgeeks 4-5 step anti virus. It's like 4-5 free programs you run. Saved me a reload before.

Re: CPU virus question
 

Don't forget Windows' built in anti-virus. It works pretty good as long as you keep it updated, which is critical in Windoze anyway. After doing an update win$ will run a scan when it reboots. Things called rootkits get around this but you probably don't have one.
I have been able to get rid of most infections by running SuperAntiSpyware followed by WinDefender followed by a security update.

Re: CPU virus question
 

If he can't run anything on her side, it is acting exactly like a rootkit. A scan with malwarebytes should show that.

Re: CPU virus question
 

If he can get in as Administrator and get to security updates and use control panel and run Malwarebytes it's not a very good rootkit. Rootkits replace the kernel and you are no longer even running Windows, you are running malware that runs Windows for you, meanwhile it can do whatever it wants with your computer. Keep track of your every keypress, decode encrypted transactions, read any file and hide some from you, turn on your webcam and microphones, anything.
I like Malwarebytes. I just happen to carry SAS around on a thumb drive with me.

Re: CPU virus question
 

That was the old rootkit's 1 and 2 that may have done that. Rootkit's 3-5 (5 no one has confirmed yet) does not work this way.

Re: CPU virus question
 

One simple solution that has taken care of some (not all) of these, is a system restore to a date before this happened. In short some are worse than others, meaning some you have to catch before they load, some have to be taken care of in DOS, and some are a restore point away from being gone. Good luck.

Re: CPU virus question
 

Download and Install SpyBot Search and Destroy. It's free and it's very good. Make sure to boot into safe mode to run the scans...as some virus', bots, and maleware can stop a scanner from running properly.

Re: CPU virus question
 

It's known as "FakeAV". I have fought and beaten this exact issue. A freeware application called HitManPro will find and remove it. Install it while logged in under your profile, reboot into Safe Mode (hit F8 as it is booting up), and run a full system scan.

Many of the other common anti-malware/spyware apps will not work on this one. I have tried MalwareBytes, AVG, SpyBot, Symantec AV, McAfee AV, Trend Micro, and more. HitManPro is the only automated way. I have removed it manually by digging through the registry and tons of DLL files, but I doubt you want to venture into that.

Good luck.

Re: CPU virus question
 

Erick, all fantastic advice given to you except the most important.

Here goes
:D

Ready?
:D

Get a Mac!!!;s

Other than that, not much else I can offer.

Re: CPU virus question
 

Kaspersky is the leader in this field. I have removed trjoans, malware, etc multiple times from multiple machines with the tdsskiller. Malewarebytes will remove all the associated files from cookies and so on, and also let you know whether it's a rootkit or not. Then run tdsskiller and it "should" be gone. If that doesn't work, I have more last option, but I am not going to list it till the OP tries the others first.

I don't mean to argue with you, and I am sure you have removed it through other programs (gmer is also a good one). I have a lot of experience with this malicious software and have read hours on hours of bleepingcomputer logs to feel confident in my advice.

Re: CPU virus question
 

Unfortunately, Mac's are not immune to rootkits.

Re: CPU virus question
 

I too have extensive experience with this stuff in a work environment. I do use MalwareBytes quite a bit, but I've seen it detect and remove potions of FakeAV and leave other parts behind. Maybe the newer versions do a better job. Kaspersky very well may work. It is not one I've used so I can't comment on that either way. I know HitManPro will work and it's free. Either way I feel he has good advice from guys who've done this before, not just random "try this" suggestions from folks who are trying to help but don't have the background/experience.

Re: CPU virus question
 

I did the Malwarebytes and Comodo AV full scans. It detected the 4 viruses and deleted them, but my wife's IE still doesn't work. Says there no connection to the proxy server. This may be due to Comodo creating a unique IP? She can open all her files again. Thanks for all your help guys! Much appreciated.

Re: CPU virus question
 

Did you run tdsskiller?

Re: CPU virus question
 

I am going to have to do that one later.

Re: CPU virus question
 

Copy her files such as documents, favorite, mail settings...

Delete her profile and create a new one until you find the AV software to dig deeper.

Re: CPU virus question
 

Are you trying to connect to a proxy server!? I doubt you are... A better question may be, how do you connect to the internet (modem, dsl, cable etc)

Re: CPU virus question
 

I have DSL. When I loaded Comodo it asked if I wanted to create a different IP.

Re: CPU virus question
 

In IE, click tools, Internet options, then click the Connections Tab. Near the bottom click "LAN Settings" and uncheck the "Use Proxy" option. You'll have to close IE completely and re-open it. Some viruses (Virii) setup bogus proxies in IE to steal personal information. You can also get to these options in Control Panel under Internet Options.

For most DSL/Cable providers it is not necessary to use a proxy. Sometimes their install CD points you to one, but that is only for their benefit. They sell the tracking info of where you go, what you browse, and how often you make purchases, and where. They do no collect personal info, but I still don't like participating. Comcast amongst others does this with their proxies. This is why I don't install their CD. You don't need it to get online. Just an IP address, gateway, and a subnet mask. 99% of the time that is automatically provided by DHCP to the cable/DSL modem, so you're good.

Re: CPU virus question
 

Just ran this and it found no threats. My wifes IE has reverted back to F'd up after a restart... :sh

Re: CPU virus question
 

Found the bastard with Hitman Pro 3.5.8

3 Trojans, 1 Malware, 1 Rootkit, and 3 Tracking Cookie. Question is what do I do now? Delete, quarantine, or ignore?

Re: CPU virus question
 

I am not familiar with hitmanpro, but if it found something that tdsskiller did not, I would be wary.

Quarantine it and see what happens.

You can always go with my last option which is combofix.exe but let me know before you choose to do this step.

I also forgot to mention that you MUST run and save the tdsskiller.exe on your desktop. Or it won't work properly. Here is the basic use for it: http://www.bleepingcomputer.com/forums/topic377240.html

Re: CPU virus question
 

TDDSKiller did not detect anything. I quarantined them.

Re: CPU virus question
 

Did you run it from your desktop?

Re: CPU virus question
 

Yes I ran it from my desktop and did it a few times with no results. :(

Re: CPU virus question
 

This helped revert it! Thanks so much!

Re: CPU virus question
 

That is really odd. I may have to look back into hitman pro if it found something kaspersky missed.

By your desktop, I assume you meant hers.

Is everything ok now?

Re: CPU virus question
 

I actually ran it from mine in Safe Mode which I wasnt doing before. The Trojans came up in C:/Vanessa so they were on her side.

Re: CPU virus question
 

If everything is fine now, I wouldn't worry about it. But if it pops up again, try running it from her desktop.

Re: CPU virus question
 

Everything seems fine for now, thanks to EVERYONE! You guys are awesome! :tu

Re: CPU virus question
 

Erick, glad they helped you sort this out.
Now, being all is working fine, while you can, because this level of fine won't last long, go online and order your Mac.:r

Re: CPU virus question
 

Good! I wander what made your IE proxy server setting get selected!? Glad you're up and running now. Anyways, anymore PC problems let me know brother:tu