Forums > Off Topic > Virus? Spyware? Please help!
Unicorn Lynx (181775) on 2/26/2007 6:41 PM · Permalink · Report
Hey guys,
Something weird is happening with my computer. From time to time, various messages pop up that tell me that my computer is infected and that I should download an anti-virus program. Without me confirming anything, one of my open Internet Explorer windows goes to some site that advertises some anti-virus product, prompting me to download it and opening new windows.
Also, I've notived that my computer is working slower, including opening websites and even playing games.
What's going on? Do I really have a virus? Which FREE anti-virus software would you recommend if it is indeed the case?
Thanks in advance.
chirinea (47495) on 2/26/2007 7:17 PM · Permalink · Report
It seems more likely that you have a (or several) spyware in your computer. I recommend using Spybot for removing spywares from your PC. It is free and supports several languages.
As for a free antivirus software, I use AVG, and I can't remember the last time I got any virus that really threatened my system.
Last, but not least, I'd recommend you to stop using IE. Others may disagree, but it is much more vulnerable to spywares than other browsers such as Opera or Firefox.
Don Komarechka (1615) on 2/26/2007 7:36 PM · Permalink · Report
The program telling you that you have a virus is the virus itself, or malware, spyware, etc. In fact, most "free" antivirus or anti-spyware is truly the opposite, infecting your machine and spreading.
both AVG for anti-virus and Spybot are good choices. Spybot has been a great help for me from time to time, but if you want to go all out, you can try multiple anti-spyware tools, as some of the different ones will over the removal of different bits of malicious code (from my experience, no one program detects them all)
Another good one is Ad-Aware.
Riamus (8480) on 2/26/2007 8:57 PM · Permalink · Report
Yeah. Spybot: Search & Destroy is great for spyware and Hijackthis is great for checking your IE for hijackers. just make sure you know what you're doing with both of those because you can remove legitimate things that can prevent software from working. AVG is a good antivirus if you want a free one. And, as mentioned, Ad-Aware is good for spyware stuff as well, though I don't think it's free.
One thing I'll mention... if those popups appear randomly and not just when you're opening a new page, then it may be Windows Messenger that is causing it (not to be confused with MSN Messenger). Windows Messenger is a REALLY bad thing to leave turned on, which it is by default. It lets message boxes be sent to your computer without you doing anything. If you do nothing except hit the X in the corner to close them (DON'T hit the "cancel" button as it's just an image and not a real button), they can't really do anything to you, but they are still a problem.
If you're using XP, you can do Start > Run > Services.msc > Enter, then find Messenger and disable it and turn off auto-start. From other OSes, you should be able to find something in Config Panel > Administrator Tools that has to deal with Services.
Unicorn Lynx (181775) on 2/27/2007 3:56 AM · Permalink · Report
Thanks for the help guys, I'm going to try out those programs.
Sciere (930488) on 2/26/2007 7:42 PM · Permalink · Report
As a virus scanner, the aforementioned AVG does the job, and as for spyware, Hitman Pro incorporates all major antispyware programs into a single application (free).
D Michael (222) on 2/27/2007 4:06 AM · edited · Permalink · Report
A lot of those issues are fixed with the service packs also. Do you have at least service pack 1 for Windows XP (assuming that's what you're using).
Spybot is the most up to date. It has removed some nasty stuff from this machine. I thought I'd have to reformat when I got Torpig but it removed it. Good stuff and regularly updated.
Unicorn Lynx (181775) on 2/28/2007 11:00 AM · Permalink · Report
I tried Spybot; it discovered dozens of spyware, said it took care of them; the next morning, they all appeared again. The computer is unbearably slow, and all kinds of commercials pop up.
What should I do now, can anybody help?
Luis Silva (13443) on 2/28/2007 11:29 AM · Permalink · Report
disable system restore.
Unicorn Lynx (181775) on 2/28/2007 12:43 PM · Permalink · Report
?? How to do this?
Luis Silva (13443) on 2/28/2007 1:11 PM · Permalink · Report
Right click "my computer", you should have a "System Restore" tab, check disable.
Unicorn Lynx (181775) on 2/28/2007 3:25 PM · Permalink · Report
Sorry, I'm using Chinese Windows XP... and when I right-click on My Computer, I only see options like Rename or Delete, no tabs... did you mean I should click on Properties? When I open Properties, there are some tabs, which one is the right one?
chirinea (47495) on 2/28/2007 3:32 PM · Permalink · Report
Well, I'm using the Brazilian version, so I'm sorry if I translate something wrong. Anyway, here's a shortcut:
Press the "windows" key and the "pause" key together. You'll get the system properties window. Go to the "System recovery" tab and check the "disable the system recovery in all units" option.
And Oleg, I don't know if this was the way you did it, but use the Spybot program in Security Mode, 'cause some spywares are loaded during the boot process, and the program is unable to remove them. To do so, assuming you don't know how to do it, when your windows is about to boot (right before that black screen with the Windows logo and a running bar under it), press F8 and select the Security Mode.
Unicorn Lynx (181775) on 2/28/2007 3:36 PM · Permalink · Report
Thanks for the advice! And sorry for being so stupid, but... where is the Pause key?..
chirinea (47495) on 2/28/2007 3:39 PM · edited · Permalink · Report
Heh, well, if your Chinese keyboard is similar to my Brazilian one, it is near the numpad, right above your arrow keys. You have the arrow keys, then the Insert, Delete, Home, End, Page Up and Down group, and then, above it, Print Screen, Scroll Lock and Pause/Break.
Edit: ah, and about the Security Mode thingy, do the same with the anti-virus program.
chirinea (47495) on 2/28/2007 3:49 PM · edited · Permalink · Report
If I got Luis' reasoning here, it will prevent Oleg's system from going back to a restore point in which the spywares were still installed.
I myself would try to recover to a point where those spywares were not installed in the system, but maybe that's hard to figure. Anyway, disabling it also frees a lot of HD space! =D
But seriously, the Security Mode is something really needed in those cases, as most spywares and viruses love to be loaded during boot. I think this is more important than disabling the system restore, and should be done first.
Unicorn Lynx (181775) on 2/28/2007 4:22 PM · Permalink · Report
I did both. Nothing helped, the little suckers are still there...
Maybe I did something wrong? I booted in Secure Mode, ran Spybot, then re-booted normally. Should I re-boot in Secure Mode after having run Spybot, and only then boot normally (third time)?
chirinea (47495) on 2/28/2007 4:28 PM · Permalink · Report
Nah, that should do it... strange... Man, how I hate being in the other side of the world, I'd like to be in China now, so I could take a look at your machine, heh...
Well, as Don said, maybe you'd try another anti-spyware program, such as Ad-Aware. I used to use it before, but then I got a spyware that it couldn't remove, so I tryed Spybot and got that removed.
Unicorn Lynx (181775) on 2/28/2007 4:23 PM · Permalink · Report
And yes, they definitely appear when I boot. When I check system configuration utility (msconfig), there is always a checked box with a weird-named program. No matter how many times I uncheck it, a new one appears next time I boot.
Problem is, they appeared also when I booted in secure mode.
Unicorn Lynx (181775) on 2/28/2007 4:38 PM · Permalink · Report
Weird names, just bunch of random letters, with .dll extension; and they all appear in such a way: RUNDLL32.EXE, and then the name of this damn .dll... The names are new every time, look like random, just eight letters without any meaning.
chirinea (47495) on 2/28/2007 4:43 PM · Permalink · Report
Er, don't know if I can help more then... I mean, sometimes, you can Google search the process name, and get tips about its removal. But since everytime it is a new name, I guess it wouldn't be so easy.
Well, try Ad-Aware then, Oleg, and if it doesn't help, I don't know what more to do. The old format command comes into mind... Do you guys have other ideas?
D Michael (222) on 2/28/2007 5:15 PM · Permalink · Report
Do this; run spybot and let it find the spyware. Make sure that the problems listed are programs, files, or folders and not cookies. You can do this by expanding the tree after the check is done and the problems are listed. It will tell you which type of problem it is.
Once you have a name of the problem files, folders, or programs, check each one individually in a search engine. There are often removal tools or specific instructions for each program. I'm willing to bet that the running processes you see are just a symptom of the problem but not the root of it, nevertheless you can check those as well. It's worth a shot.
Unicorn Lynx (181775) on 2/28/2007 5:20 PM · Permalink · Report
I did that already.... I tried to delete those files individually, but they refused to be deleted manually. I told Spybot to delete them, and it said it did... but they all appeared next time I booted. They are exactly the same every time.
I also think that the root of the problem is somewhere else.
Luis Silva (13443) on 2/28/2007 7:23 PM · Permalink · Report
[Q --start D Michael wrote--]What good does disabling system restore do? I'm not criticizing, just asking. [/Q --end D Michael wrote--] What chirinea said. When something appears out of nowhere (particularly viruses or spyware) they're hidden somewhere, and restore checkpoints are top on my list.
Riamus (8480) on 2/28/2007 9:16 PM · Permalink · Report
The System Restore checkpoints are "protected" and Antivirus/Anti-spyware cannot remove anything from there. Viruses and trojans often attach themselves there so that they can restore themselves automatically when you boot up regardless if you remove them with antivirus or whatever. Disabling it will allow you to remove the viruses/trojans completely. Once they are removed, you can enable it once again.
Unicorn Lynx (181775) on 2/28/2007 3:46 PM · Permalink · Report
Thanks, I think I got it...
Indra was here (20755) on 2/28/2007 5:37 PM · Permalink · Report
For future manual reference for detecting trojans. Something I picked up during my porn downloading days cough.
Identify irritating program that has the bad habit of popping up by:
Unicorn Lynx (181775) on 3/1/2007 7:14 AM · Permalink · Report
It looks like Ad-Aware took care of the problem! I've re-booted the machine several times, it looks like the nasty files are not booting any more, and I stop getting those fake advertisements.
Thanks a lot for your help, guys!
Depeche Mike (17455) on 3/1/2007 3:19 PM · Permalink · Report
File sharing progs are a really bad source of incoming nonsense as well, for future reference.