Household Tech Guy

RonSchon

RonSchon

Bailmatic
Joined
May 27, 2009
Messages
208
I work a week of 48 hours from Friday morning to Sunday night - hence the camper so I can just sleep at the airport where I work.

I do this so I can be around the house most of the week - in case my wife has to travel - as is occasionally the case.

So today my daughter (13) comes up to me and says she has been having problems with her cell phone. Shutting off on it's own and losing all the faves and address book. About 90 minutes later the Tmobile people agreed she needed a new phone, and since I have the replacement policy, a new one is on the way.

About 30 minutes after that - she says - BTW, my laptop keeps giving me a "virus" warning. It's now been 6 hours, and I'm just about done. 254 infected files. It looks like the main culprit was a malware program called "PC Security 2009". It is a nasty bugger to get rid of, but a combination of Eset Nod32, Windows Defender, and Spybot Search and Destroy seems to have it clean. From my research, it appears to be something going around Facebook. I don't Facebook, but if you do - make sure you're wearing protection...

I guess it's all my fault in the first place, her Nod32 license expired in December - I should have known, as I updated my computer at that time.
 
Try Malwarebytes Anti-malware.

Sorry, I don't have the link in front of me. I can get it tomorrow when I'm in the office. Spybot Search and Destroy is pretty good, Windows Defender is kind of OK, I haven't heard of Eset Nod32.

At work, various versions of "PC Security..." show up every now and then, but the Malwarebytes product has always removed it pretty easily.

BTW, have you read the license agreement for Spybot Search and Detroy? It's unusual.
 
My sons Facebook, but it's those porno sites that *really* load a machine up with BS. Those random pop-ups bust 'em EVERYTIME!

Problem is, I'm no computer tech/guru...and I have one CPU that is totally...should I say..SCREWED from such visits. I ended up buying the youngest a new laptop and told him if I find this stuff on it he is "TOAST".

Only a few years to go tho until I get my house back and they can f' up their own stuff! (and I can camp freely/when i want)

:rolleyes: Are we THERE yet?
 
Oh man. I've fixed some that took days to remove all the viruses and assorted malware. One of things where you go "why did I do to all that work, shoulda just formatted and started over".

I keep my anti virus programs, windows updates, spyware programs all up to date and I've never had a problem on my computer.
 
I hear ya... I thought I was done last night - but nope. So after reading Ed's post, I downloaded malwarebytes on my good computer and burnt it to a disk - the infected computer no longer can get to the net. After yesterdays Spybot runs, and Nod32 scans, Malwarebytes found 64 more infected files and registry entries today. Just cleaned them and rebooted and still no internet. Now I'm downloading XP SP3 on the good puter to burn and install to the broken machine, to see if that will help repair my "winsock" - at least I read some info to lead me to believe that is possibly part of the problem. Another day in the basement.
 
If it can't get to the net, it can't get the updates, which is crucial for any cleaner, preventer, etc. You might have success booting in safe mode and running the update and first sweep. During the boot process, press the F8 key. You should get a menu with several options like boot normally, use last known good configuration, etc. Select the "boot in safe mode with network support." Hopefully, whatever you have won't load. Start the Malwarebytes product. Do an update before running a scan, do a full scan and follow the steps for removing whatever it finds. If you have to reboot to finish removing anything, reboot in safe mode again and run another scan. Once that is done, reboot normally and run a scan. If that scan tells you to reboot, then do so and run yet another scan.

Optionally, make sure you have all your data backed up and re-install the OS and all your programs, restore your data, etc. etc. Like Graig said, that can sometimes be the fastest way to fix the problem.

If you can't backup the data, it's possible to boot from a USB harddisk and use a program called Norton Ghost to backup the entire disk (including the virus, or whatever), then you can reload everything and get back just the specific files you want using a companion program called Ghost Explorer that comes with Ghost. If you find this is the route you have to take, let me know, I'll be glad to walk you through it.

Have fun.:(
 
The malwarebytes that I brought over on CD was a build from 2 days ago - so I think there is a high probability that it is pretty up to date. I'm running the malware through a second full scan, it's almost done - 1.5 hours - and hasn't yet found anything. From the bad laptop I can't ping google, but I can ping my router.
 
Touche

I think a Mac and airbags will solve the problem.

I knew someone was going to say "Mac." I didn't count on the airbags. That was a nice touch.
 
MAC's Are Vulnerable

Once wasn't that way, but it must be a problem now if Norton is offering an antivirus for MAC's.

Airbags....gotta be good for something.

-Buzz
 
Currently last one that wont go away is "backdoor.bot" running Malwarebytes from safemode finds it on every scan and deletes it. My MWB database version is 2421 of 7/13/2009.

Soon I'll have to restore, but that isn't a sure fix, as I'll be restoring from the PC itself. Don't know where the restore cd's are that burnt when I got this 5 or 6 years ago.
 
Name Resolution issue to get to the net

The malwarebytes that I brought over on CD was a build from 2 days ago - so I think there is a high probability that it is pretty up to date. I'm running the malware through a second full scan, it's almost done - 1.5 hours - and hasn't yet found anything. From the bad laptop I can't ping google, but I can ping my router.

It's funny how my mind works. I got distracted with something else last night and stopped thinking about your problem. This morning I woke up with a start because the first thought in my head was "I bet he is pinging the IP address of the router, but trying to ping the name of google and it can't resolve the name." Do you get a message like "Can't find host www.google.com check the name and try again?" You can get the ip address of google or any other site by using the good computer to ping it. Note the reply from ip address and try to ping from the infected PC using the ip address.

It could be that either the DNS settings got screwed up on the computer, or the host file has been populated with bogus entries. I've seen malware put a bunch of stuff in the host file. Typically you only need one entry in the host file - 127.0.0.1 localhost. It's a simple text file located at C:\Windows\System32\Drivers\Etc\Hosts. You can edit it with notepad.
 
Symantec

Currently last one that wont go away is "backdoor.bot" running Malwarebytes from safemode finds it on every scan and deletes it. My MWB database version is 2421 of 7/13/2009.

Soon I'll have to restore, but that isn't a sure fix, as I'll be restoring from the PC itself. Don't know where the restore cd's are that burnt when I got this 5 or 6 years ago.

You might look at www.symantec.com for a removal tool for that particular threat. It's been a while since I looked at their site, but I know they have a bunch of removal programs for specific threats.
 
Thanks Ed - I have run "Hijack this, combofix, and MLB" - all find it, none fix it. I've also done a "repair" to my network adapters - they connect to the router (both wired and wireless), but can't get out. The hosts file had about 1,000 entries that said they were inserted by Spybot S&D - they were all 127.0.0.1 with DNS names by them... Like www.casinoking.com, etc.. I cleared them all out. Still SOL...
 
Ok... progress... Did what you said - pinged googly from a good puter - got the address - pinged it from infected computer - good return

Now what?
 
One last thing to try.

Turn off your system restore, then run a scan and removal.

To turn off the system restore, right click on my computer then click on properties. Optionally, go to the control panel and click on system. Then click the system restore tab and click the box to disable it. After 6 years, it may take a few minutes to delete all the restore points. It may look like the computer is locked up, but it'll come back.
 
all right, it's going. It'll take about 2 hours - I'll report back.
 
found the same backdoor.bot that it's found the last 4 scans.... Now what Ed - try to restore?
 
You must log in or register to reply here.

Similar threads - WTW

B
Can I mount gas lifting struts with the gutter
Vic Harder
Vic Harder
P
**SOLD** - 2009 All Terrain Campers Panther Model
Pkerslake
P
craig333
Park Fire
Casa Escarlata Robles Too
Casa Escarlata Robles Too
craig333
Ooops
Bosque Bill
Bosque Bill
H
2025 Chevrolet tailgate removal problems
HiCap
H

New posts - WTW

Back
Top Bottom