Virus Problem

[mcb359]

I recently ended up downloading a virus from the Internet to my Dell running Windows XP.First of all, the virus blocked access to the Task Manager. I had had one of these before, so I used my anti-virus programs to find and delete it. However as it was being deleted, I got several "See ya b***h!" messages, followed by the address bar in web browsers disappearing and not being able to close the browsers normally with the close button. Instead I recieved "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator" messages. I tried restarting the PC thinking it would solve it, but now after logging in, I get the same message straight away and cannot close it. I cannot use anything on the PC now and the clock and mouse scrolling speed appear to be affected as well. I have tried to unlock my PC by closing the error message using Task Manager, however the desktop will not show and when I click Start (which is now missing the Run and Turn Off options), the menu closes after a few seconds and will not open anything I manage to click.

What can I do?

Thanks

[Jeremy]

Someone has infected your PC with a trojan virus in order to take complete control over it. At this point, I would recommend you disconnect the PC from the Internet and run the following applications:

McAfee VirusScan 2006

NOD32

Ad-Aware SE

Spybot 1.4

Microsoft AntiSpyware

Use common sense when downloading files. Scan them with NOD32 (the best AV imho) before you open them. Use a router, use a software firewall (I recommend Sygate Personal Firewall Pro). Anything that appears malicious or suspicious when your firewall notifies you, deny it access.

[mcb359]

Thanks. I already disconnected it from everything except the mains, monitor, keyboard and mouse. I used Ad-aware to find the virus before and all this started when it tried to delete it. I can't access any programs now to run further checks. When files I download arive, they are scanned and Ad-aware reported deleting a couple of things at the time but it didn't seem to make a difference.

[Jeremy]

Use an actual virus scanner to remove trojans. Don't use Norton, it's garbage. I'm not biased, I'm telling you this from experience, and not only my own. It's a mainstream scanner but the amount of resources it takes up is just ridiculous, and totally unfair to PCs that don't have at least 512 MBs.

But let me tell you a story with my experience with Norton, read my first post in this page http://www.msfn.org/board/index.php?showtopic=16682&st=320

So use NOD32, hell take your PC to someone's house so you can get online to update it first. Do a complete system scan. Don't use IE anymore. Use Opera. Firefox is good too but there are so many reports and articles nowadays about the "memory leaks" that others support are not leaks but an actual feature, the result of Firefox caching pages so you can conveniently go back and forth quickly. Anyway, I would use Opera. My girlfriend uses it, her aunt and uncle and my grandparents as well.

You will not get pop-ups or spyware through Opera. If you download it through Opera and run it on your own PC, that's still your own fault. Don't open e-mail from anyone/anything you do not 100% recognise as legit, ask friends and family if they did attach the files to the e-mails that appear in the e-mails, if not, do not run them. Even if they are from family do not download EXE files, if you do, scan them before you run them with NOD32.

And as I said already, get a router, because it naturally acts as a hardware firewall which monitors incoming packets and discards them if they do not match the outgoing packets. Since they do not monitor outgoing traffic, use a software firewall, Sygate (Kerio does too much notifying and isn't as user-friendly as Sygate), to notify you of anything you deliberately download that tries to send outgoing, even if its a game you install that you only want single player, not multiplayer.

As for the actual system corruption at the moment, put in your XPCD and try to repair Windows, which overwrites the infected files with the original ones from the CD.

if that does not work, then I think you'll have to reformat. That should always be your last resort.

Edited February 17, 2006 by Jeremy