To explain: several months back, I was doing several things online simultaneously. Somewhere, somehow, on one of the sites I was on (I'm unsure if it was this one, Spoony's, or another), I accidentally clicked on an add that I couldn't see yet (it was one of those moments where the page isn't fully loaded, you click on a blank spot, but NOPE! There's an ad there you couldn't see, and now it'll load and take forever!). Turns out it was a porno site, and the thing wouldn't go away. Whenever I tried exiting, it always asked if I was "sure" I wanted to navigate away, please choose yes/no - since I didn't know or trust the site (and the requirement of specific permission to go away seemed kind of dodgy to me), I was leery of clicking anything, however when I closed that option box, the page remained. I tried shutting all of it down, but when I opened my browser again, it reloaded my previously interrupted browsing windows, including that one. Eventually, I just gave up and and clicked "yes" that I wanted to navigate away and it let me and that seemed to be that.

Later that day, however, I started to recieve notifications that my computer was under attack. I've got Norton, and it's consistantly up to date, so I felt reasonably (though not terribly) secure, but that was still disturbing (I'd wondered if, by answering, I'd given away my IP address or something - I honestly don't know). Norton was pretty good about finding and removing things, but recently the attacks have increased in frequency. Apparently recently, somehow my internet connection loaded but Norton didn't. I didn't discover this until later on, and turned Norton on, but was too late. I was instantly inundated with pop-up windows including "porno.com", "porno.org", "viagra.com", and "adult.com". These won't stop coming. Further, I'm being 'warned' that my computer is under attack and it is carefully explained that I should activate my antivirus (complete with near-Microsoft imagery and stuff!). It's all very convincing-looking, except for the fact that I have an antivirus, and that isn't it, while it's trying to get me to believe that it's scanned and discovered threats. Also, with careful visual inspection, you can see inconsistancies in the artwork of the dialogue boxes compared to actual Microsoft stuff. Finally, worst of all, whenever I try to anything - that is anything at all - I recieve a notification that that program "is infected and cannot be opened", along with a coersion to activate my antivirus program (which I'm watching scan for and locate viruses). The only program that I've tried that seems immune to this is Norton. Even Ctrl+ALT+DEL doesn't work - it claims the task manager ("tskmngr.exe") is infected and won't open. I have no idea what to do. Currently, my computer is disconnected from the internet (though the pop-ups are still coming, so I'm presuming it was an actual downloaded virus instead of an attack on my IP address?), and I've got Norton doing a full system scan. Oh, and one more thing: my computer's been shutting down seemingly at random recently (I believe this to be overheating instead of specific virus/worm activity), so Norton doesn't really have much time to do a full system scan.

I hate porn with a passion, and I'm incredibly frusterated that I've apparently recieved a virus from a site I never wanted to go to and of a kind I try to avoid. The computer I've got now is... okay, but it's old, slow, can't handle much (this forum causes a bit of a delay) and the keyboard is slightly glitchy (it's an old laptop with a touch-pad mouse, causing all sorts of fun glitches and typos) and most of my stuff and games are on the other one.

tl;dr: lousy virus infected my computer. I've disconnected from the internet, and Norton's doing the best it can, but because my comp's recently developed an over-heating problem, Norton usually gets interrupted before it can do anything. Help?

P.S. anyone here work for Dell? 'Cause that's what it is.
P.P.S. no, I can't conclusively prove it was that one site - I don't even know which one it was. The timing is too coincidental to ignore, however.

This sounds like a classic case of a scareware virus. Chances are it's Windows-something Antivirus (Pro), right? Get Malwarebytes (http://www.malwarebytes.org/mbam.php) and put it on a USB drive, try running it, and if it's blocked, just change the name to something random and run it again. If that fails, change it from EXE to BAT.

There are other solutions, but that's the easiest.

I'd boot up in safe mode and load up malware bytes. You won't have to worry about renaming anything that way. Just spam F8 as your computer boots up, and you'll get a black screen with white text that lets you choose safe mode.

I've seen that one before me thinks, malwarebytes took it off really easy like.

Okay, now this is really cool: I was at church and casually mentioned this to a tech guy and he gives me his key that has Malwarebites on it (on loan, I'm giving it back, but still). I try it, and it's simply shutting off, and I'm getting all frusterated. Then, I got on the old compy here and read that Blues ID'ed the issues I was having before I'd said anything about it. Blues, you, sir, are the bomb-diggity. I then proceeded to read (I didn't know how to shorten his name - MoM's and Master's just sounded awkward, so let me know how you want to be addressed) way of doing things without renaming. You, sir/madame are also the bomb-diggity (especially since the data key/program wasn't mine). Collectively, that makes you the bomb diggitii? Anyhoo, I'm running Malware now. Yeah, it wouldn't let me use task manager, malware bytes, or anything else I tried under regular mode, but under safe mode, it's already found something. I'll update this soon!

Also...
I hate porn with a fashion
So... naked porn is okay? :raise: I find it humorous that no one called me on this. Typing went so slow on the forums, I did this in word first (runs faster on my laptop), and I guess with one wrong letter, it auto-fixed to the wrong word. Either that or I'm a w0rst3d sp3113r than I thought. What I meant to say, of course, was, "I hate porn with a passion..."*

*And the natural concluding joke follows: "... but cold, disenterested porn is something I can really 'get behind'!" To be clear: this isn't true, but it's (no it's not and I should be ashamed. And am! :dance: ... wait, that doesn't look ashamed...)!

Also: is there any reason, whatsoever, that I should have, like, thirty folders, with names similar to "$uninstal1e3" or somesuch (they all have the $ sign and uninstall, and all look fairly innoculous) in my Windows folder in my C drive? 'Cause I do. I'm thinking of deleting all those things with a vengence. Also, all their names are in blue, and they're slightly transparent. Got some "ini" stuff in all of 'em. I haven't yet, because I remained unsure, in the end.

Those are from Windows/MSIE updates. They are there to make it possible to uninstall updates that you have previously installed. While you can remove them, if you don't need to there's no harm in leaving them there [barring them being infected, of course]. However, many users remove them when they feel confident that they won't ever need to/try to uninstall any of the hotfixes and updates or when they are desperate for HD space.


Otherwise, it sounds like you're still infected. Fun times.

You could try running a LiveCD cleaner. Personally I'd recommend Dr. Web or UltimateBootCDForWin with its AV options. These would be able to scan your computer and tackle files that otherwise attempt to hide from your system or scanners or that re-install themselves.

You know, at this point, more exact messages and hopefully screenshots would help us help you a lot more.

You may have to remove whatever virus is on your computer manually, but we don't even have a name to work with, here. You really need to help us help you.

Otherwise, it sounds like you're still infected. Fun times.
Oh, I'm still infected. I apologize if I've been unclear. It's probably as a result of me trying to find any humor in something I've been exceedingly frusterated with and coming off as vague.

To try to be clear: I don't have any such program as the one that is claiming to be my antivirus. It looks only superficially official - it's wholly a scam, and always has been, and this is something I've been fully aware of from the start.

As far as screen shots go, I'm not going to be able to do that. The infected computer can't really go online. Whenever I try it gets so inundated with pop-ups that simply won't go away, that I can't do anything with it. It's beyond annoying. I might try the Live CD cleaner thing, I'll have to look into it.
You know, at this point, more exact messages and hopefully screenshots would help us help you a lot more.

You may have to remove whatever virus is on your computer manually, but we don't even have a name to work with, here. You really need to help us help you.

I'll be glad to help you however I can, but I really didn't know what you needed to know. As for exact messages, however...

Whenever I try to open most things (although I can get away with plain old folders whose names have nothing to do with "anti", "virus", "malware", or the like) I get a "Security Warning". This is a dialogue box with a blue upper bar, and a gray back ground. In the upper left, it says "Security Warning", while in the upper right is a grayed-out "X" box (the "close this window" button) making it impossible to close the windo (right-clicking only gives me the option of moving the window, not closing or minimizing it). A large red circle with a white "X" in it fills the left part (roughly one fifth of the gray area below the blue bar is the official "puffy" red circle surrounded by space that XP often uses) while the right holds black text: "Application cannot be executed. The file mbam.exe is infected. Do you want to activate your antivirus software now?" Below that are two buttons, one for "yes" and one for "no". This is absolutely everything that is on that particular dialogue box.

Replace "mbam.exe" (which is Malware Bytes, by the way) with any given application, executable, or anything else, and you've got the message. Any folders or applications (including task manager) with names or known functions that might be related to security are instantly closed, if they successfully open at all. Only one "Security Warning" box is onscreen at a time. I dare not click either yes or no, because either may be a trap (que the Admiral!).

Within a short time, a large box on the right side of the screen rises like tidal wave of blood that never crashes. It takes up a good X amount of the screen across, and is slightly taller than it is wide. The top bar is red, and there is no "X" button. On the right of the red title bar is a poorly rendered version (slightly "fuzzy" due to visible pixels) of the four-color windows "shield" that's often on their official stuff. To the right it reads "Antivirus software alert". Below that is a white space with partitioned into to sections (by top and bottom) by thin, only vaguely visible gray lines. In the top portion, it says in the first line of the upper box "INFILTRATION ALERT Virus Attack <a round red-ish symbol is here>" Below that it says...

SELF-INTERRUPTED FAKE-EDIT!

Okay, well the red thing is gone. For whatever reason, after I booted up the computer just now to type all this out, Norton finally identified the thing as a fake AV and killed it dead... and everything is good now, probably forever*!

The Security Warning box is still there, however. Also, I can now summon Task Manager, and order it to "end program", but that still doesn't shut down the Security Warning box that only allows me the "yes/no" option. Also a storm's coming, so I'll have to shut off that computer now so it doesn't get worse problems (as my AC did) via lightning strikes. Good times, good times.

*Sorry, I couldn't resist

EDIT FOR REAL:
I will update this to see how it goes. Thank you all for your patience and I'm sorry for my own inadequacies with it. I've just got 2 go, because I don't want to lose the computer by power surge (even with a surge protector, one of my parents' old ones was killed dead that way).

DOUBLE POST UNDONE:
Whelp.

MS Malicious Software Tool found five
Malware Bytes found seven
Norton Antivirus found one

After all this cleaning on safe mode, I restart my computer, and... instantly get three pop-ups.

One: I'm pretty sure is legit telling me X can't start up for some reason.
Two: sucks, as it's telling me that same X is infected, and would I like to register
Three: a big "scary" looking pop-up thing on the right side of my screen telling me I'm infected with a "trojan" or "name-dropper" or something similar (seriously, it tells me "or something similar"). It also wants me to register. I turned off my computer again.

Vaguely related note: my AC is off (it got struck by lightning yesterday), and it's 100+ degrees outside. Won't be fixed until tomorrow. That means the computer has to stay off until tomorrow so it doesn't die a horrible, screaming, fiery death. Which it was wont to do with AC. Yay, go me.

When I've got a faster machine, I'll amend my double post into one, or a mod can do so, if they like. Sorry for the double post, but I figured this was important enough.

Also: is there any reason, whatsoever, that I should have, like, thirty folders, with names similar to "$uninstal1e3" or somesuch (they all have the $ sign and uninstall, and all look fairly innoculous) in my Windows folder in my C drive? 'Cause I do. I'm thinking of deleting all those things with a vengence. Also, all their names are in blue, and they're slightly transparent. Got some "ini" stuff in all of 'em. I haven't yet, because I remained unsure, in the end.

I've had great luck with avast's boot time scan as well, it takes awhile to run, but there's no worries about permission issues and the like, since nothing has loaded yet. I hate to keep throwing programs at you, but well, that's generally how it goes. What one program misses the others pick up.

You can boot up in "Safe Mode with Networking" if you need to download other programs without being molested, but be extra careful about knowing where you plan to go, and what you click on. Also works for just letting your virus scanners update their definitions, which you definately want to do.

(I didn't know how to shorten his name - MoM's and Master's just sounded awkward, so let me know how you want to be addressed)
It was an unfortunate flight of fancy that brought me this screenname. Whatever you feel like is fine, people actually used MoM alot when I posted more. Oddly enough, always with that exact capitalization :D

Ipeople actually used MoM alot when I posted more. Oddly enough, always with that exact capitalization :D

'cause that's how those words would follow case as a title. Most folks likely overlook how you've done it in your name in favour of that.

'cause that's how those words would follow case as a title. Most folks likely overlook how you've done it in your name in favour of that.

Or because they don't want to be calling him MOM in all caps all the time.

Some people also use Magic if they still feel MoM is awkward.

'cause that's how those words would follow case as a title. Most folks likely overlook how you've done it in your name in favour of that.
Actually! I hadn't ever considered that. I always assumed it was to break up the flow of the word and keep it from looking like "mom" as much as possible. Weird.

Anyways, about that virus and stuff...

Well, I'm going to have to just redirect things to here, then: http://www.nuklearforums.com/showthread.php?t=37503

Whelp, this thread should probably be locked at this point. To update you guys on what happened: it worked, the virus(es) as far as I can tell are all gone, and the computer is up and running. The reason I haven't been active again, however, is that when I disconnected from the Internet, somehow I lost my WEP, and so can't get back in via that computer. Good times. I don't expect you guys to help me with that part, and you've all done so very much I appreciate it, especially since I, n00b that I am, created this thread when there was a sticky for this very thing. I'm posting here only because the virus part is (I think) done, and I don't want to post a "hay, eye'm gud nao" on a sticky. Peace and the Lord's copious blessing on you people for your help. Hopefully I'll be more active soon, once I figure out what I did with my WEP.

~ tac

If it's just a matter of not remembering your WEP or that computer not having it, one solution is probably just to, on a wired connection, configure a new WEP passkey on your router.

Or move to the stronger WPA 2 if it can. Then you can just reconfigure the machines that connect wirelessly with the updated info. If you know the WEP, though, you can just do this on the machine in question.