The Warring States of NPF  

Go Back   The Warring States of NPF > Social > Computers & Technology
User Name
Password
FAQ Members List Calendar Today's Posts Join Chat

Reply
View First Unread View First Unread   Click to unhide all tags.Click to hide all tags.  
Thread Tools Display Modes
Unread 06-26-2010, 07:58 PM   #1
tacticslion
Regulator
 
tacticslion's Avatar
 
Join Date: Feb 2006
Posts: 1,842
tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted.
Serious I need help with a virus (not the computer I'm currently on)

To explain: several months back, I was doing several things online simultaneously. Somewhere, somehow, on one of the sites I was on (I'm unsure if it was this one, Spoony's, or another), I accidentally clicked on an add that I couldn't see yet (it was one of those moments where the page isn't fully loaded, you click on a blank spot, but NOPE! There's an ad there you couldn't see, and now it'll load and take forever!). Turns out it was a porno site, and the thing wouldn't go away. Whenever I tried exiting, it always asked if I was "sure" I wanted to navigate away, please choose yes/no - since I didn't know or trust the site (and the requirement of specific permission to go away seemed kind of dodgy to me), I was leery of clicking anything, however when I closed that option box, the page remained. I tried shutting all of it down, but when I opened my browser again, it reloaded my previously interrupted browsing windows, including that one. Eventually, I just gave up and and clicked "yes" that I wanted to navigate away and it let me and that seemed to be that.

Later that day, however, I started to recieve notifications that my computer was under attack. I've got Norton, and it's consistantly up to date, so I felt reasonably (though not terribly) secure, but that was still disturbing (I'd wondered if, by answering, I'd given away my IP address or something - I honestly don't know). Norton was pretty good about finding and removing things, but recently the attacks have increased in frequency. Apparently recently, somehow my internet connection loaded but Norton didn't. I didn't discover this until later on, and turned Norton on, but was too late. I was instantly inundated with pop-up windows including "porno.com", "porno.org", "viagra.com", and "adult.com". These won't stop coming. Further, I'm being 'warned' that my computer is under attack and it is carefully explained that I should activate my antivirus (complete with near-Microsoft imagery and stuff!). It's all very convincing-looking, except for the fact that I have an antivirus, and that isn't it, while it's trying to get me to believe that it's scanned and discovered threats. Also, with careful visual inspection, you can see inconsistancies in the artwork of the dialogue boxes compared to actual Microsoft stuff. Finally, worst of all, whenever I try to anything - that is anything at all - I recieve a notification that that program "is infected and cannot be opened", along with a coersion to activate my antivirus program (which I'm watching scan for and locate viruses). The only program that I've tried that seems immune to this is Norton. Even Ctrl+ALT+DEL doesn't work - it claims the task manager ("tskmngr.exe") is infected and won't open. I have no idea what to do. Currently, my computer is disconnected from the internet (though the pop-ups are still coming, so I'm presuming it was an actual downloaded virus instead of an attack on my IP address?), and I've got Norton doing a full system scan. Oh, and one more thing: my computer's been shutting down seemingly at random recently (I believe this to be overheating instead of specific virus/worm activity), so Norton doesn't really have much time to do a full system scan.

I hate porn with a passion, and I'm incredibly frusterated that I've apparently recieved a virus from a site I never wanted to go to and of a kind I try to avoid. The computer I've got now is... okay, but it's old, slow, can't handle much (this forum causes a bit of a delay) and the keyboard is slightly glitchy (it's an old laptop with a touch-pad mouse, causing all sorts of fun glitches and typos) and most of my stuff and games are on the other one.

tl;dr: lousy virus infected my computer. I've disconnected from the internet, and Norton's doing the best it can, but because my comp's recently developed an over-heating problem, Norton usually gets interrupted before it can do anything. Help?

P.S. anyone here work for Dell? 'Cause that's what it is.
P.P.S. no, I can't conclusively prove it was that one site - I don't even know which one it was. The timing is too coincidental to ignore, however.
__________________
Make the best decision ever. I look forward to seeing you there!

You should watch this trailer! It's awesome! (The rest of the site's really cool, too!)

I have a small announcement to make. And another!

Last edited by tacticslion; 06-27-2010 at 06:15 PM. Reason: Because porn is never fashionable
tacticslion is offline Add to tacticslion's Reputation   Reply With Quote
Unread 06-26-2010, 09:28 PM   #2
bluestarultor
Blue Psychic, Programmer
 
bluestarultor's Avatar
 
Join Date: Feb 2007
Location: Home!
Posts: 8,814
bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two.
Default

This sounds like a classic case of a scareware virus. Chances are it's Windows-something Antivirus (Pro), right? Get Malwarebytes and put it on a USB drive, try running it, and if it's blocked, just change the name to something random and run it again. If that fails, change it from EXE to BAT.

There are other solutions, but that's the easiest.
__________________
Quote:
Originally Posted by Drake Clawfang
Aerith is clearly the most badass character ever. She saves the world. Twice. While dead. No one else can claim that, can they?
I'm gone from here for good. This place gave me many memories to take with me and shaped me greatly. I still care about you guys. I just can't stay.

Journal | Twitter | FF Wiki (Talk) | Projects | Site
bluestarultor is offline Add to bluestarultor's Reputation   Reply With Quote
Unread 06-26-2010, 10:19 PM   #3
MasterOfMagic
ahahah
 
MasterOfMagic's Avatar
 
Join Date: Mar 2004
Posts: 3,456
MasterOfMagic is a ray of sunshine lighting up your life. MasterOfMagic is a ray of sunshine lighting up your life. MasterOfMagic is a ray of sunshine lighting up your life. MasterOfMagic is a ray of sunshine lighting up your life.
Default

I'd boot up in safe mode and load up malware bytes. You won't have to worry about renaming anything that way. Just spam F8 as your computer boots up, and you'll get a black screen with white text that lets you choose safe mode.

I've seen that one before me thinks, malwarebytes took it off really easy like.
MasterOfMagic is offline Add to MasterOfMagic's Reputation   Reply With Quote
Unread 06-27-2010, 06:14 PM   #4
tacticslion
Regulator
 
tacticslion's Avatar
 
Join Date: Feb 2006
Posts: 1,842
tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted.
Default Semi-update

Okay, now this is really cool: I was at church and casually mentioned this to a tech guy and he gives me his key that has Malwarebites on it (on loan, I'm giving it back, but still). I try it, and it's simply shutting off, and I'm getting all frusterated. Then, I got on the old compy here and read that Blues ID'ed the issues I was having before I'd said anything about it. Blues, you, sir, are the bomb-diggity. I then proceeded to read Master of Magic's(I didn't know how to shorten his name - MoM's and Master's just sounded awkward, so let me know how you want to be addressed) way of doing things without renaming. You, sir/madame are also the bomb-diggity (especially since the data key/program wasn't mine). Collectively, that makes you the bomb diggitii? Anyhoo, I'm running Malware now. Yeah, it wouldn't let me use task manager, malware bytes, or anything else I tried under regular mode, but under safe mode, it's already found something. I'll update this soon!

Also...
Quote:
Originally Posted by tacticslion View Post
I hate porn with a fashion
So... naked porn is okay? I find it humorous that no one called me on this. Typing went so slow on the forums, I did this in word first (runs faster on my laptop), and I guess with one wrong letter, it auto-fixed to the wrong word. Either that or I'm a w0rst3d sp3113r than I thought. What I meant to say, of course, was, "I hate porn with a passion..."*

*And the natural concluding joke follows: "... but cold, disenterested porn is something I can really 'get behind'!" To be clear: this isn't true, but it's funny to say(no it's not and I should be ashamed. And am! ... wait, that doesn't look ashamed...)!
__________________
Make the best decision ever. I look forward to seeing you there!

You should watch this trailer! It's awesome! (The rest of the site's really cool, too!)

I have a small announcement to make. And another!
tacticslion is offline Add to tacticslion's Reputation   Reply With Quote
Unread 06-28-2010, 04:40 PM   #5
synkr0nized
synk-ism
 
synkr0nized's Avatar
 
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,857
synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law.
Send a message via ICQ to synkr0nized Send a message via AIM to synkr0nized Send a message via MSN to synkr0nized Send a message via Skype™ to synkr0nized
Default $NTUninstallolol

Quote:
Originally Posted by tacticslion View Post
Also: is there any reason, whatsoever, that I should have, like, thirty folders, with names similar to "$uninstal1e3" or somesuch (they all have the $ sign and uninstall, and all look fairly innoculous) in my Windows folder in my C drive? 'Cause I do. I'm thinking of deleting all those things with a vengence. Also, all their names are in blue, and they're slightly transparent. Got some "ini" stuff in all of 'em. I haven't yet, because I remained unsure, in the end.

Those are from Windows/MSIE updates. They are there to make it possible to uninstall updates that you have previously installed. While you can remove them, if you don't need to there's no harm in leaving them there [barring them being infected, of course]. However, many users remove them when they feel confident that they won't ever need to/try to uninstall any of the hotfixes and updates or when they are desperate for HD space.


Otherwise, it sounds like you're still infected. Fun times.

You could try running a LiveCD cleaner. Personally I'd recommend Dr. Web or UltimateBootCDForWin with its AV options. These would be able to scan your computer and tackle files that otherwise attempt to hide from your system or scanners or that re-install themselves.
__________________

Find love.
synkr0nized is offline Add to synkr0nized's Reputation   Reply With Quote
Unread 06-28-2010, 06:24 PM   #6
bluestarultor
Blue Psychic, Programmer
 
bluestarultor's Avatar
 
Join Date: Feb 2007
Location: Home!
Posts: 8,814
bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two.
Default

You know, at this point, more exact messages and hopefully screenshots would help us help you a lot more.

You may have to remove whatever virus is on your computer manually, but we don't even have a name to work with, here. You really need to help us help you.
__________________
Quote:
Originally Posted by Drake Clawfang
Aerith is clearly the most badass character ever. She saves the world. Twice. While dead. No one else can claim that, can they?
I'm gone from here for good. This place gave me many memories to take with me and shaped me greatly. I still care about you guys. I just can't stay.

Journal | Twitter | FF Wiki (Talk) | Projects | Site
bluestarultor is offline Add to bluestarultor's Reputation   Reply With Quote
Unread 06-28-2010, 07:42 PM   #7
tacticslion
Regulator
 
tacticslion's Avatar
 
Join Date: Feb 2006
Posts: 1,842
tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted. tacticslion bakes the most delicious cookies you've ever tasted.
Serious I counter "Virus of Endless Annoyance" with "Norton, Malware Bytes, and the NPF!"

Quote:
Originally Posted by synkr0nized View Post
Otherwise, it sounds like you're still infected. Fun times.
Oh, I'm still infected. I apologize if I've been unclear. It's probably as a result of me trying to find any humor in something I've been exceedingly frusterated with and coming off as vague.

To try to be clear: I don't have any such program as the one that is claiming to be my antivirus. It looks only superficially official - it's wholly a scam, and always has been, and this is something I've been fully aware of from the start.

As far as screen shots go, I'm not going to be able to do that. The infected computer can't really go online. Whenever I try it gets so inundated with pop-ups that simply won't go away, that I can't do anything with it. It's beyond annoying. I might try the Live CD cleaner thing, I'll have to look into it.
Quote:
Originally Posted by bluestarultor View Post
You know, at this point, more exact messages and hopefully screenshots would help us help you a lot more.

You may have to remove whatever virus is on your computer manually, but we don't even have a name to work with, here. You really need to help us help you.
I'll be glad to help you however I can, but I really didn't know what you needed to know. As for exact messages, however...

Whenever I try to open most things (although I can get away with plain old folders whose names have nothing to do with "anti", "virus", "malware", or the like) I get a "Security Warning". This is a dialogue box with a blue upper bar, and a gray back ground. In the upper left, it says "Security Warning", while in the upper right is a grayed-out "X" box (the "close this window" button) making it impossible to close the windo (right-clicking only gives me the option of moving the window, not closing or minimizing it). A large red circle with a white "X" in it fills the left part (roughly one fifth of the gray area below the blue bar is the official "puffy" red circle surrounded by space that XP often uses) while the right holds black text: "Application cannot be executed. The file mbam.exe is infected. Do you want to activate your antivirus software now?" Below that are two buttons, one for "yes" and one for "no". This is absolutely everything that is on that particular dialogue box.

Replace "mbam.exe" (which is Malware Bytes, by the way) with any given application, executable, or anything else, and you've got the message. Any folders or applications (including task manager) with names or known functions that might be related to security are instantly closed, if they successfully open at all. Only one "Security Warning" box is onscreen at a time. I dare not click either yes or no, because either may be a trap (que the Admiral!).

Ignore this part if you want, it was interrupted by a seemingly successful save by Norton! It consisted of (for your info) a red colored "scare you" box telling me to click to fix a virus in the bottom left corner, and a big red "scare you" box in the middle of my screen saying much the same. Apparently even though it didn't work on a full system scan in Safe Mode, Norton picked it up after it was active this time, though it failed to before now.Within a short time, a large box on the right side of the screen rises like tidal wave of blood that never crashes. It takes up a good X amount of the screen across, and is slightly taller than it is wide. The top bar is red, and there is no "X" button. On the right of the red title bar is a poorly rendered version (slightly "fuzzy" due to visible pixels) of the four-color windows "shield" that's often on their official stuff. To the right it reads "Antivirus software alert". Below that is a white space with partitioned into to sections (by top and bottom) by thin, only vaguely visible gray lines. In the top portion, it says in the first line of the upper box "INFILTRATION ALERT Virus Attack <a round red-ish symbol is here>" Below that it says...

SELF-INTERRUPTED FAKE-EDIT!

Okay, well the red thing is gone. For whatever reason, after I booted up the computer just now to type all this out, Norton finally identified the thing as a fake AV and killed it dead... and everything is good now, probably forever*!

The Security Warning box is still there, however. Also, I can now summon Task Manager, and order it to "end program", but that still doesn't shut down the Security Warning box that only allows me the "yes/no" option. Also a storm's coming, so I'll have to shut off that computer now so it doesn't get worse problems (as my AC did) via lightning strikes. Good times, good times.

*Sorry, I couldn't resist

EDIT FOR REAL:
I will update this to see how it goes. Thank you all for your patience and I'm sorry for my own inadequacies with it. I've just got 2 go, because I don't want to lose the computer by power surge (even with a surge protector, one of my parents' old ones was killed dead that way).

DOUBLE POST UNDONE:
Whelp.

MS Malicious Software Tool found five
Malware Bytes found seven
Norton Antivirus found one

After all this cleaning on safe mode, I restart my computer, and... instantly get three pop-ups.

One: I'm pretty sure is legit telling me X can't start up for some reason.
Two: sucks, as it's telling me that same X is infected, and would I like to register
Three: a big "scary" looking pop-up thing on the right side of my screen telling me I'm infected with a "trojan" or "name-dropper" or something similar (seriously, it tells me "or something similar"). It also wants me to register. I turned off my computer again.

Vaguely related note: my AC is off (it got struck by lightning yesterday), and it's 100+ degrees outside. Won't be fixed until tomorrow. That means the computer has to stay off until tomorrow so it doesn't die a horrible, screaming, fiery death. Which it was wont to do with AC. Yay, go me.

When I've got a faster machine, I'll amend my double post into one, or a mod can do so, if they like. Sorry for the double post, but I figured this was important enough.

Also: is there any reason, whatsoever, that I should have, like, thirty folders, with names similar to "$uninstal1e3" or somesuch (they all have the $ sign and uninstall, and all look fairly innoculous) in my Windows folder in my C drive? 'Cause I do. I'm thinking of deleting all those things with a vengence. Also, all their names are in blue, and they're slightly transparent. Got some "ini" stuff in all of 'em. I haven't yet, because I remained unsure, in the end.
__________________
Make the best decision ever. I look forward to seeing you there!

You should watch this trailer! It's awesome! (The rest of the site's really cool, too!)

I have a small announcement to make. And another!

Last edited by tacticslion; 07-01-2010 at 06:42 PM. Reason: IMPORTANT NOTE; also changing from double post
tacticslion is offline Add to tacticslion's Reputation   Reply With Quote
Unread 06-28-2010, 09:39 PM   #8
MasterOfMagic
ahahah
 
MasterOfMagic's Avatar
 
Join Date: Mar 2004
Posts: 3,456
MasterOfMagic is a ray of sunshine lighting up your life. MasterOfMagic is a ray of sunshine lighting up your life. MasterOfMagic is a ray of sunshine lighting up your life. MasterOfMagic is a ray of sunshine lighting up your life.
Default

I've had great luck with avast's boot time scan as well, it takes awhile to run, but there's no worries about permission issues and the like, since nothing has loaded yet. I hate to keep throwing programs at you, but well, that's generally how it goes. What one program misses the others pick up.

You can boot up in "Safe Mode with Networking" if you need to download other programs without being molested, but be extra careful about knowing where you plan to go, and what you click on. Also works for just letting your virus scanners update their definitions, which you definately want to do.

Quote:
(I didn't know how to shorten his name - MoM's and Master's just sounded awkward, so let me know how you want to be addressed)
It was an unfortunate flight of fancy that brought me this screenname. Whatever you feel like is fine, people actually used MoM alot when I posted more. Oddly enough, always with that exact capitalization :D
MasterOfMagic is offline Add to MasterOfMagic's Reputation   Reply With Quote
Unread 06-28-2010, 09:43 PM   #9
synkr0nized
synk-ism
 
synkr0nized's Avatar
 
Join Date: Nov 2003
Location: throughout the Wired
Posts: 6,857
synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law. synkr0nized isn't just above the law -- they are the law.
Send a message via ICQ to synkr0nized Send a message via AIM to synkr0nized Send a message via MSN to synkr0nized Send a message via Skype™ to synkr0nized
Default just like how a lot of people capitalize the s in mine

Quote:
Originally Posted by MasterOfMagic View Post
Ipeople actually used MoM alot when I posted more. Oddly enough, always with that exact capitalization
'cause that's how those words would follow case as a title. Most folks likely overlook how you've done it in your name in favour of that.
__________________

Find love.
synkr0nized is offline Add to synkr0nized's Reputation   Reply With Quote
Unread 06-28-2010, 09:49 PM   #10
bluestarultor
Blue Psychic, Programmer
 
bluestarultor's Avatar
 
Join Date: Feb 2007
Location: Home!
Posts: 8,814
bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two. bluestarultor is one of Jay-Z's 99 problems. Possibly two.
Default

Quote:
Originally Posted by synkr0nized View Post
'cause that's how those words would follow case as a title. Most folks likely overlook how you've done it in your name in favour of that.
Or because they don't want to be calling him MOM in all caps all the time.

Some people also use Magic if they still feel MoM is awkward.
__________________
Quote:
Originally Posted by Drake Clawfang
Aerith is clearly the most badass character ever. She saves the world. Twice. While dead. No one else can claim that, can they?
I'm gone from here for good. This place gave me many memories to take with me and shaped me greatly. I still care about you guys. I just can't stay.

Journal | Twitter | FF Wiki (Talk) | Projects | Site
bluestarultor is offline Add to bluestarultor's Reputation   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 07:38 AM.
The server time is now 12:38:45 PM.


Powered by: vBulletin Version 3.8.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.