I really need help! Please read!

[Chillum]

Hello!

I have a problem with my computer, that I hope someone here can help me with.. I think I got a virus.. a really annoying one!

Problem:

- My firewall has gone down, and I am not able to turn it on again.. When I try to, windows says that I can't because of unknown reasons.

- My startpage has changed to: c:\secure32.html, which is a file that can't be opened, and I don't know what it is... I can change it, but then it just goes back again when I restart my comp...

- I have got a new toolbar that I dont wanna have... I can change it, but then it just goes back again when I restart my comp...

- There is this "Adult finder" box in the bottom of every Internet page I visit.. Can't remove it, and it is NOT an ordinairy pop-up.. It is "locked", and it kinda looks like that it is ment to be there, if you know what I mean..

- I think theres something wrong with my virus protector, eTrust EZ Antivirus, too.. It doesn't find a single infected file when I scan my comp..




ATM, I don't know if theres more, cause I have just got the virus now.. But I would relly like to get rid of it!

Would it be a bad idea to set the computer to the way it was earlier today? (In danish: Systemgendannelse.. I don't know what it's called in english..)


Anyone who has an idea???

BTW, if my activity lacks, this is propably why..


EDIT: Stinger rapport:

McAfee AVERT Stinger Version 2.6.0. built on Apr 5 2006

Copyright (C) 2005 Networks Associates Technology, Inc. All Rights Reserved.

Virus data file v1000 created on Feb 2 2006.

Ready to scan for 55 viruses, trojans and variants.



Scan initiated on Fri May 19 20:06:43 2006

C:\WINDOWS\system32\.pif

Found the W32/Sdbot.worm!ftp virus !!!

C:\WINDOWS\system32\.pif has been deleted.

Number of clean files: 300382

Number of infected files: 1

Number of files deleted: 1

So it found a worm... But that didn't cause the problem.. But still nice to have that removed..

Now I am scanning with AdAware (which I DID have.. ) Allready 86 New Critical Objects Hope this works!!

[Maz]

mm... Those things can really be nasty... Any things that I can invent right now are:

1. online virusscan (some viruses are able to disturb local scanners)
2. run sbybot / adaware
3a. If virus / spyware is removed, update firewalls / virusscanner (if possible), stop using IE and download firefox.
3b. If virus is not removed... The Best Thing You Can Do

[Chillum]

mm... Those things can really be nasty... Any things that I can invent right now are:

1. online virusscan (some viruses are able to disturb local scanners)

Right now I am running a scan with Stinger, which I just downloaded... It haven't said anything yet after about an hour though..

2. run sbybot / adaware

I don't even have a spyware detector.. Better get one..

3a. If virus / spyware is removed, update firewalls / virusscanner (if possible), stop using IE and download firefox.

Hmm.. Might do that then...

3b. If virus is not removed... The Best Thing You Can Do

DON'T even THINK about it.. Hehe..


But what do you say about setting the system as it was earlier today, where I know that there wasn't anything wrong?...


EDIT: Oh, Stinger just found and deleted a Worm.. Let's hope it works now!!!

Scan initiaded on Fri May 19 20:06:43 2006
C:\WINDOWS\system32\.pif
Found the W32/Sdbot.worm!ftp virus !!!
C:\WINDOWS\system32\.pif has been deleted.
Number of clean files: 300382
Number of infected files: 1
Number of files deleted: 1

[Usul]

the best combination against spyware is Spyware Blaster and Spybot
really works fine.

[Chillum]

Yearh, but I don't know if it's spyware..

I forgot to mention that it came after I installed an Active X object.. My bad..


Ad-Aware status so far: 111 New Critical Objects

[Maz]

You should REALLY consider Linux, at least on another computer/HDD. That way when your crappy Windows chockes under the pile of worms, viruses, spyware and bugs in code, you would still have a way to access to here & do your GH duties

[Chillum]

First of all, I can't afford Linux.. And it's not my own computer anyways It's my parents..

I will not consider Linux.. I can take your advice by using firefox, but not linux..

[Maz]

First of all, I can't afford Linux..

You surely can... Most of the Linuxes are FREE And what's even better, they include much software which is better than corresponding Windows versions, for FREE. (But I'm not forcing anyone We all do have our own cups of tar (windows) or beer (linux) )

Sorry, I did not mean to be pushy

[Chillum]

Hehe.. I have just always used Windows, and I don't wanna shift it to Linux atm...

Talking about my problem:

I have now got rid of the nude ladies ( ) in the bottom of the screen, and the annoying toolbar in the top.. I did that by deleting 150+ infected files, that Ad-Aware found for me... (I've propably got rid of other things too then )
But I still got the problem with the start page crap....

[Chroelle]

HAve you tried changing it now? I mean after the removal of all those things...
BTW: Systemgendannelse = System restore

REmember to press the apply button and not the ok button...(Learned the hard way) when you enter a new startpage adress...

[mistergreen77]

You could use regedit to check for entries in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
as well. If you are not sure what a process listed in here is you should find out, it is handy to know what is happening when you start windows. And then you will be able to know which ones you want to keep.

Also, use in Internet Explorer choose Internet Options from the tools menu, select the Program Tab and click on the button that says Manage Add-ons. Remove any you don't approve of.

Hope this helps you get your computer clean.

[eMTe]

Try HijackThis. You can download it here:

http://www.majorgeeks.com/download.php?det=3155

Try it only after deep scanning with antivirus program.

Secure32 is a very popular trojan, so there's lots of solutions in web. After scanning with hijack save logfile and post it on some good tech help forum. Experts will tell you which registry values and files to remove.

And move to Firefox...

[mistergreen77]

Or jsut don't install active-x controls unless you are sure you can trust it - active-x controls have full access to the file system so it is an easy way to get a trojan or virus. Whatever it is they are promising you is probably not worth it.

[Chillum]

Status so far:

- Computer's running pretty slow

- Still probs with the startpage

- Firewall's still down

- Ad-Aware's scanning again: 6 New Critical Objects after scanning 120.000 files.. it has to go through about 300.000 files..


Right now I am downloading a new antivirus+firewall called AVG, which Chrølle recommended.. Then I'm gonna make a virus scan, and then I'll use the HijackThis which eMTe recommended..
Mistergreen, i tried the regedit thing as you said, but there wasnt anything unusual in there though..

And I'll take a closer look at active-X controls from now on

[eMTe]

I use AVG and Zone Alarm and I have no problems with my comp - only one minor virus through last year. If you/your parents have too much money I advise you to buy Kaspersky: http://www.kaspersky.com/index.html . 40 bucks per year, but it detects literally every intrusion. I was using it for a while (pirated version, forget I said that) and I was impressed.

[Chillum]

My parents doesn't swim in money, and I definately doesn't! Hehe..

But ad-aware and AVG is done scanning now, and I'll download HijackThis now...


Edit: Oh, and I have a working firewall now! ^_^ Yiphee.. but its only a 30 days trial

[oscarcg]

Change your approach.

Make backups of everything (bookmarks, address books, e-mail, documents, files, etc).

Download installers for trial versions of KASPERSKY, GOOGLE TOOLBAR and AD-AWARE PRO.

Check the version of your Windows XP installer. If less than SP2, get the installer for SP2 either.

Un-plug any network cable and switch off wireless lan.

Format C: and reinstall Windows. After, install Kaspersky, google toolbar and ad-aware. Activate Windows Firewall, and setup the IE options to block every pop-up under the sun.

Go online and update kaspersky, and ad-aware. Go into kaspersky options for real-time, and de-activate the option so it won't alert you of network attacks.

Now, activate inside the Ad-Aware the ultimate piece of software protection: the AD-WATCH.

Re-install every other software you need, keep reading the ad-watch registry warnings so you know which to authorize and which won't to pass into the registry.

Done, now you are ready to hit the road.

-------------------------------------------

It's more time efficient to start it over. If you keep trying to "fix" the computer, you will keep yourself waisting time and blaming the computer for its slow performance. Time to cut.

[mistergreen77]

I would say Oscarg is right. I normally only recommend reinstall as last resort but prevention is much easier than the cure.

There are a few good anti-virus software products out there that are free for personal use - if you don't have much money find one.

Make sure you have service pack 2 as well. I use a combination of spybot, antivirus and windows default firewall.

Don't rely on your firewall! Disable network services you don't need that could be hijacked. Never accept anything that you are not sure about or didn't ask for. Have some common sense about which sites you visit. Virus scan anything you download before you run it. IE is not the real problem - I have been using it for years with no problems.

[Chillum]

I know it would be a good idea to do as you say, Oscar... But I don't really know where I should keep all the stuff I wanna safe.. I have'nt got an extra harddisk or so to make backup...

[mistergreen77]

Do you have a cd burner and a blank cd? If you ever get round to re-installing windows I suggest you repartition the hard disk and have two partitions - one for windows and one for storage. That makes it much easier if you ever have to re-install it again because you can copy anything you want to keep to storage and start again.