Nonstop viruses, can't get rid of them?

[Flame]

Ok, something weird has happened to my wife's computer and I want to see if any of you guys have any ideas.

Yesterday, she was setting up a business site on myspace, hadn't downloaded anything in a while, just working away and suddenly got a bunch of pop ups. They started coming one, after another, after another, non stop. It shut down the computer. I rebooted it, and it did it again! It's a fairly new computer, and I had forgotten to load any antivirus programs on it. So I downloaded threatfire and Aadaware, and they found 300 some corrupted files, and it was like a laundry list of evils....

trojan horses
backdoor. trojans
malware
spyware
rootkits


Of all sorts of names. It was insane. I delete them all, reboot........... and THEY'RE BACK! I run a scan with both of the programs again, find new ones, delete them, scan and get a clean scan. Scan in 10 minutes, and find 100 some corrupted files again.

WTH? Any idea on how to take care of this? Never seen something like this before..... any suggestions?

 

[Marlene]

we have a laptop here with the same problem. they are, even as we speak, re-newing Norton to see if it will solve the problem.

 

[GK]

Ok, something weird has happened to my wife's computer and I want to see if any of you guys have any ideas.

Yesterday, she was setting up a business site on myspace, hadn't downloaded anything in a while, just working away and suddenly got a bunch of pop ups. They started coming one, after another, after another, non stop. It shut down the computer. I rebooted it, and it did it again! It's a fairly new computer, and I had forgotten to load any antivirus programs on it. So I downloaded threatfire and Aadaware, and they found 300 some corrupted files, and it was like a laundry list of evils....

trojan horses
backdoor. trojans
malware
spyware
rootkits


Of all sorts of names. It was insane. I delete them all, reboot........... and THEY'RE BACK! I run a scan with both of the programs again, find new ones, delete them, scan and get a clean scan. Scan in 10 minutes, and find 100 some corrupted files again.

WTH? Any idea on how to take care of this? Never seen something like this before..... any suggestions?

Unplug the comp from the internet and disable the wireless. Reboot it in safemode and try doing all the scans that way. There is a good chance you are missing something and it is just reconnecting to a server and re-downloading all the crap back onto the computer again, with no internet connection this won't happen.

 

[Replicator]

1. Disconnect from internet.

2. Research specific trojan names from another computer and print removal instructions.

3. Full antivirus scan after removal of major threats.

Should be good after that . . . !

 

[bob]

You might want to disable system restore before you get rid of all of the malfeasant code.

Double click My Computer and then right click in the window. Select Properties->System Restore and turn it off. When you're all done, turn it back on again.

Lots of nasty software is persistent if System Restore is on while getting rid of the stuff.

 

[JimJenson]

you need a clean boot disc.

boot from CD drive, delete virus's.

 

[Bigdawg]

If you have any trouble removing specific viruses www.majorgeeks.com is an excellent resource.

 

[GK]

Another thing to keep in mind too is to disconnect any USB travel drives/thumbdrives. Several newer malware/trojans infect connected external drives now since they are usually left out of the system scans unless you check them off as well. So they elude the system scan and then reinfect the system once you plug them back in.

 

[SignTech]

http://usa.kaspersky.com/

 

[Dice]

Sounds like you have a Nasty backdoor dropping in other viruses. I just recently had a pretty nasty infection that my Panda Anti Virus apparently couldn't handle. (I hate McAfee and Symantec)

After doing much research i found that KasperSpy AV to be the top rated and best. It's a bit more expensive but worth it. Something you don't want to slack on is your AV.

You can download a fully functional trial version and try it out.

http://www.kaspersky.com/

 

[njsigns]

I'd try Avast out if I were you. You can do a "boot time scan" and delete files before Windows even loads. Some viruses will replicate themselves upon delete, this prevents them from doing so. I've been using it for years and really like it...

Gene

 

[Flame]

win.32rootkit will NOT go away, I got some to leave, but this one always pops up. Erg..........

 

[Dice]

What did you install?

What did you install? Make sure that you only have 1 AV installed on the machine at a time. Make sure you run a full scan.

Install KasperSky and change it to High Security Level and do a full scan. If KasperSky can't kill it, then your hosed and will have to reinstall windows or use a repair disk.

 

[threeputt]

Flame, I can't offer anything in addition to the good advice you're getting here, but wanted to tell you I empathise. This sort of thing has happened to me and it absolutely drives you mad. Feel bad for ya.

I use AVG the pro edition, and keep it up to date. Also run SpyHunter once a week. I'm not a techy though, just muddling through.

Good luck.

 

[Techman]

All of the above is almost correct.
But non of it will work. You can scan until the machine turns to dust and it will never get it out. All excepts bob's suggestion which is spot on.

reinstall windows or use a repair disk.

Absolutly mistaken.. No need for any re-install or repair..

This is a smitfraud infection
You will need a special cleaner for that. google it. its around. And do not pay for it. The free one is the best one because it works. Big DAwg has a good idea where to find it.

Find the smit fraud cleaner and run it. Nothing else will work. The infection is too deep and always comes back. BEcause you will not find the roots.
Also with smitfraud is likely something with 800 in the name on yoru machine as well. usually its around the program files folder. That has to go as well. This type of infection comes from visiting sites with a compromised JAVA. They failed to update their java and smitfraud invades. Other cases are accepting certain web cards.


As for the root kit.. that's something else. Very likely added in or just a red hearing. You will need a root kit cleaner for that if it is infact there..

In the end. I charge about $80 bux to do a deep cleaning for smit fraud with guarantee.

 

[Signsforwhile]

9 times out of 10 no matter how many scans, virus blockers, registry cleaners etc you run, your computer will never be the same again. Attempt to back everything up and then its time to format your computer. It will save you a lot of aggravation.

 

[MrKoob]

I'm inclined to agree with Hudson. If if it were just 1 or 2 infections, quarantining or deleting wouldn't be a big issue. In this case you may have infections that may not show up until months later. Backup your important files like Projects, Accounting Files, etc, then run a format and reinstall everything from scratch. (Make sure to make AV Software first on your list, Avast, AVG, etc.)

 

[Dice]

Something that I've done in the past is to remove the drive and put it in an external 3.5" usb case, then scan the drive from another machine.

This way the virus can't protect itself from AV scanners and does not have a chance to execute.

 

[Techman]

You guys kill me.. AHAHAAHAHAH

An infected on a computer is just some code. Its just some 1's and 0's. All you have to do to make it stop causing probs is to change just a few of those 0's or 1's and the code is dead. It's not dirt, its not germs, its just some magnetic spots on a hard disk.

Remove the threat and nothing else matters. Its gone. The code has no life. Reformat for about 800 bits of data is like emptying the pacific ocean because someone poured some oil into it. Once the bad code is disabled,, the computer will over write what ever is left. Thus its all gone. Dead .. as in no longer exists. It will not show up again months later.

 

[mark in tx]

Smitfraud is a nasty one.
I'd like to find the bastards responsible and remove their sex organs with a lead pipe.
Internal and external.