I need help with a virus (not the computer I'm currently on)

[tacticslion]

To explain: several months back, I was doing several things online simultaneously. Somewhere, somehow, on one of the sites I was on (I'm unsure if it was this one, Spoony's, or another), I accidentally clicked on an add that I couldn't see yet (it was one of those moments where the page isn't fully loaded, you click on a blank spot, but NOPE! There's an ad there you couldn't see, and now it'll load and take forever!). Turns out it was a porno site, and the thing wouldn't go away. Whenever I tried exiting, it always asked if I was "sure" I wanted to navigate away, please choose yes/no - since I didn't know or trust the site (and the requirement of specific permission to go away seemed kind of dodgy to me), I was leery of clicking anything, however when I closed that option box, the page remained. I tried shutting all of it down, but when I opened my browser again, it reloaded my previously interrupted browsing windows, including that one. Eventually, I just gave up and and clicked "yes" that I wanted to navigate away and it let me and that seemed to be that.

Later that day, however, I started to recieve notifications that my computer was under attack. I've got Norton, and it's consistantly up to date, so I felt reasonably (though not terribly) secure, but that was still disturbing (I'd wondered if, by answering, I'd given away my IP address or something - I honestly don't know). Norton was pretty good about finding and removing things, but recently the attacks have increased in frequency. Apparently recently, somehow my internet connection loaded but Norton didn't. I didn't discover this until later on, and turned Norton on, but was too late. I was instantly inundated with pop-up windows including "porno.com", "porno.org", "viagra.com", and "adult.com". These won't stop coming. Further, I'm being 'warned' that my computer is under attack and it is carefully explained that I should activate my antivirus (complete with near-Microsoft imagery and stuff!). It's all very convincing-looking, except for the fact that I have an antivirus, and that isn't it, while it's trying to get me to believe that it's scanned and discovered threats. Also, with careful visual inspection, you can see inconsistancies in the artwork of the dialogue boxes compared to actual Microsoft stuff. Finally, worst of all, whenever I try to anything - that is anything at all - I recieve a notification that that program "is infected and cannot be opened", along with a coersion to activate my antivirus program (which I'm watching scan for and locate viruses). The only program that I've tried that seems immune to this is Norton. Even Ctrl+ALT+DEL doesn't work - it claims the task manager ("tskmngr.exe") is infected and won't open. I have no idea what to do. Currently, my computer is disconnected from the internet (though the pop-ups are still coming, so I'm presuming it was an actual downloaded virus instead of an attack on my IP address?), and I've got Norton doing a full system scan. Oh, and one more thing: my computer's been shutting down seemingly at random recently (I believe this to be overheating instead of specific virus/worm activity), so Norton doesn't really have much time to do a full system scan.

I hate porn with a passion, and I'm incredibly frusterated that I've apparently recieved a virus from a site I never wanted to go to and of a kind I try to avoid. The computer I've got now is... okay, but it's old, slow, can't handle much (this forum causes a bit of a delay) and the keyboard is slightly glitchy (it's an old laptop with a touch-pad mouse, causing all sorts of fun glitches and typos) and most of my stuff and games are on the other one.

tl;dr: lousy virus infected my computer. I've disconnected from the internet, and Norton's doing the best it can, but because my comp's recently developed an over-heating problem, Norton usually gets interrupted before it can do anything. Help?

P.S. anyone here work for Dell? 'Cause that's what it is.
P.P.S. no, I can't conclusively prove it was that one site - I don't even know which one it was. The timing is too coincidental to ignore, however.

[bluestarultor]

This sounds like a classic case of a scareware virus. Chances are it's Windows-something Antivirus (Pro), right? Get Malwarebytes and put it on a USB drive, try running it, and if it's blocked, just change the name to something random and run it again. If that fails, change it from EXE to BAT.

There are other solutions, but that's the easiest.

[MasterOfMagic]

I'd boot up in safe mode and load up malware bytes. You won't have to worry about renaming anything that way. Just spam F8 as your computer boots up, and you'll get a black screen with white text that lets you choose safe mode.

I've seen that one before me thinks, malwarebytes took it off really easy like.

[tacticslion]

Okay, now this is really cool: I was at church and casually mentioned this to a tech guy and he gives me his key that has Malwarebites on it (on loan, I'm giving it back, but still). I try it, and it's simply shutting off, and I'm getting all frusterated. Then, I got on the old compy here and read that Blues ID'ed the issues I was having before I'd said anything about it. Blues, you, sir, are the bomb-diggity. I then proceeded to read Master of Magic's(I didn't know how to shorten his name - MoM's and Master's just sounded awkward, so let me know how you want to be addressed) way of doing things without renaming. You, sir/madame are also the bomb-diggity (especially since the data key/program wasn't mine). Collectively, that makes you the bomb diggitii? Anyhoo, I'm running Malware now. Yeah, it wouldn't let me use task manager, malware bytes, or anything else I tried under regular mode, but under safe mode, it's already found something. I'll update this soon!

Also...

Quote:

Originally Posted by tacticslion

I hate porn with a fashion

So... naked porn is okay? I find it humorous that no one called me on this. Typing went so slow on the forums, I did this in word first (runs faster on my laptop), and I guess with one wrong letter, it auto-fixed to the wrong word. Either that or I'm a w0rst3d sp3113r than I thought. What I meant to say, of course, was, "I hate porn with a passion..."*

*And the natural concluding joke follows: "... but cold, disenterested porn is something I can really 'get behind'!" To be clear: this isn't true, but it's funny to say(no it's not and I should be ashamed. And am! ... wait, that doesn't look ashamed...)!

[MasterOfMagic]

I've had great luck with avast's boot time scan as well, it takes awhile to run, but there's no worries about permission issues and the like, since nothing has loaded yet. I hate to keep throwing programs at you, but well, that's generally how it goes. What one program misses the others pick up.

You can boot up in "Safe Mode with Networking" if you need to download other programs without being molested, but be extra careful about knowing where you plan to go, and what you click on. Also works for just letting your virus scanners update their definitions, which you definately want to do.

Quote:

(I didn't know how to shorten his name - MoM's and Master's just sounded awkward, so let me know how you want to be addressed)

It was an unfortunate flight of fancy that brought me this screenname. Whatever you feel like is fine, people actually used MoM alot when I posted more. Oddly enough, always with that exact capitalization :D

[synkr0nized]

Quote:

Originally Posted by MasterOfMagic

Ipeople actually used MoM alot when I posted more. Oddly enough, always with that exact capitalization

'cause that's how those words would follow case as a title. Most folks likely overlook how you've done it in your name in favour of that.

[bluestarultor]

Quote:

Originally Posted by synkr0nized

'cause that's how those words would follow case as a title. Most folks likely overlook how you've done it in your name in favour of that.

Or because they don't want to be calling him MOM in all caps all the time.

Some people also use Magic if they still feel MoM is awkward.

[bluestarultor]

Well, I'm going to have to just redirect things to here, then: http://www.nuklearforums.com/showthread.php?t=37503

[MasterOfMagic]

Quote:

'cause that's how those words would follow case as a title. Most folks likely overlook how you've done it in your name in favour of that.

Actually! I hadn't ever considered that. I always assumed it was to break up the flow of the word and keep it from looking like "mom" as much as possible. Weird.

Anyways, about that virus and stuff...

[tacticslion]

Whelp, this thread should probably be locked at this point. To update you guys on what happened: it worked, the virus(es) as far as I can tell are all gone, and the computer is up and running. The reason I haven't been active again, however, is that when I disconnected from the Internet, somehow I lost my WEP, and so can't get back in via that computer. Good times. I don't expect you guys to help me with that part, and you've all done so very much I appreciate it, especially since I, n00b that I am, created this thread when there was a sticky for this very thing. I'm posting here only because the virus part is (I think) done, and I don't want to post a "hay, eye'm gud nao" on a sticky. Peace and the Lord's copious blessing on you people for your help. Hopefully I'll be more active soon, once I figure out what I did with my WEP.

~ tac