Really nasty virus

Discussion in 'Desktop & Laptop Computers Forum' started by Logo Hater, Sep 17, 2007.

  1. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24
    I have picked up a really nasty virus.

    I have the latest version of Norton, and the latest version of Spy Sweeper, they both found it and supposedly removed it, but before it went it must have changed something somewhere and now I can't access the internet sites I want to. It will only let me go where it decides I can go, which is where I absolutely don't want to be.

    I am assuming it has changed something in the registry, but this is something I am not clever enough to muck about with. I tried a system restore from an earlier date, but they thought of that and it says no need to restore, nothing has been changed. It definately has though.

    When I turn the computer on there is a little shield appears in the botton right hand corner, which alternates between a green question mark and a red cross, and a caption appears saying that therem is spyware on my computer and I need to download a programme to remove it. Somehow I don't think I want to download what they are suggesting.

    I have had to resort to posting this on my wifes laptop. I am glad she got this last week or I would be snookered right now.

    Any ideas please, I am at a total loss at how to fix this. I'm not very clever with these things.:lease::lease::lease:
     
  2. Steven

    Steven
    Senior Moderator

    Joined:
    Feb 1, 2005
    Messages:
    37,621
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    166
    Ratings:
    +6,604
    If its spyware try spybot and/or adaware (note spelling)

    Need to identify the malware/virus really. Usually can be removed... I only suggest nuking a system as last resort. I presume you have backups of everything?...
     
  3. Synchro

    Synchro

    Joined:
    Nov 14, 2004
    Messages:
    6,007
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Chester
    Ratings:
    +1,541
    Suggest this is moved to PC section.

    The shield is Microsoft security centre.

    Green shield with a checkmark: Your situation is more secure; your computer is using the recommended settings.

    Red shield with an X: Your computer's security settings are not recommended.
     
  4. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24
    Both Norton and Spyware said it was a Zlob, and the latest scans tell me it has been removed. However that has not repaired what it appears to have done.

    Nuking really isn't an option, I haven't got backups of of Windows XP, or the Microsoft Office which would disappear. Most of the other stuff would not be too much of a loss, but losing those would be disastrous.
     
  5. John

    John
    Moderator

    Joined:
    Dec 13, 2002
    Messages:
    11,635
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    166
    Ratings:
    +3,304
    Going to move , Shodan had a particularly nasty one the other day . look his thread up where I move this one to
     
  6. Synchro

    Synchro

    Joined:
    Nov 14, 2004
    Messages:
    6,007
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Chester
    Ratings:
    +1,541
  7. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24

    It is a light blue question mark on a dark blue background, and a white cross on a red background.
     
  8. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24

    I am having to do this on my wifes laptop, my internet won't let me go anywhere else other than where the virus wants me to go.

    But I'll go and try and come back to let you know.
     
  9. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24
    Surprisingly it let me into Majorgeeks and I'm running a scan now. I'll let you know how I get on.

    Many thanks for all the help, it really is appreciated.
     
  10. cosmicblue

    cosmicblue
    Active Member

    Joined:
    Sep 25, 2005
    Messages:
    245
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Ratings:
    +51
    Part of the problem is Norton AV itself, in my professional opinion one of the least effective and most system resource hungry applications around today - sad because the Norton reputation used to be untouchable. I have recovered many (well into double figures) PCs with upto date copies of Norton AV in the last couple of years that have also been infected. :thumbsdow

    I'd respectfully suggest that you consider using Eset NOD32 for AV - it also prevents the Spyware from ever reaching your PC. And no, I don't work for Eset either.

    Uninstall Norton and Live Update and then download and install the trial version of NOD32 - it will find and eliminate your virus as part of the installation routine.
     
  11. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24
    Thanks Cosmicblue, I will have a go at that later.

    I installed Regcure from Majorgeeks, it found and theoretically repaired 1996 faults. Unfortunately it didn't find and repair mine. My problem is still there.

    When I turn my computer on and the little shield appears I get a caption with this.

    SYSTEM ALERT.

    System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware, by downloading an up to date antispyware solution.


    I had done that before I came on here but it wouldn't let me run anything, so it made no sense.
     
  12. leeb

    leeb
    Active Member

    Joined:
    Jan 10, 2003
    Messages:
    880
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    28
    Location:
    Melton Mowbray
    Ratings:
    +52
    You've probably already realised this but it's actually the spyware/virus itself which is showing this message! It's a bit like a protection racket, cause the problem then offer to sort it, for a price!

    Have you tried starting in Safe Mode? Try it and then see if this message and the strange icon appear? If not then it's probably running from the Run registry key.
     
  13. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24


    Yes I have run it in safe mode and it is there as well. I ran Spysweeper in safe mode and it picked up TROJAN-DOWNLOADER-ZLOB, which I removed. Turned my 'puter off and re-started. Guess what, it's still here.

    I am going to try what Cosmicblue suggested tomorrow, and see what happens then.
     
  14. Synchro

    Synchro

    Joined:
    Nov 14, 2004
    Messages:
    6,007
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Chester
    Ratings:
    +1,541
    A good reason to keep Vista UAC switched on, when using Vista (not relevent to you obviously, but still worth a mention).
     
  15. isherwood3

    isherwood3
    Standard Member

    Joined:
    Sep 16, 2007
    Messages:
    6
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    1
    Ratings:
    +0
    Try Prevx 2 - it's an antimalware/spyware programme that uses an online database. The trial version is fully functional & free for a month. I had a similar problem & it was the only thing that would clear it.
     
  16. John7

    John7
    Well-known Member

    Joined:
    Aug 6, 2004
    Messages:
    2,803
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Ratings:
    +972
    I've had this before, several times.

    I've cured it by using system restore - Then turning off system restore and running a full virus scan and spybot scan before re-enabling system restore.

    I know you've already tried a restore, but try choosing an earlier date - worst case you may have to reinstall any software you've installed since then.
     
  17. Pincho Paxton

    Pincho Paxton
    Banned

    Joined:
    Oct 3, 2006
    Messages:
    14,128
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Ratings:
    +635
  18. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24
    Since I performed the scan in Safe Mode and removed the Virus everything seems to be working OK. However I still have the little shield which keeps putting the caption on screen. If I could get rid of that, I think everything else will be alright. I can't leave it on there, it is really annoying and distracting.

    When I open IE now, It opens on my selected screen and I seem to be able to access all the other sites I want to. I dont want to click on that shield though, in case it reloads the virus somehow.
     
  19. Pincho Paxton

    Pincho Paxton
    Banned

    Joined:
    Oct 3, 2006
    Messages:
    14,128
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Ratings:
    +635
    You posted at the same time as me probably... You can get rid of the shield in the link above.
     
  20. Logo Hater

    Logo Hater
    Active Member

    Joined:
    Nov 26, 2002
    Messages:
    515
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lancs
    Ratings:
    +24


    Many thanks for your help.

    I downloaded the link and followed the instructions, it said I may have to wait hours. In fact it took just seconds and didn't autoboot as it said it would, but it worked, the icon has gone.

    I can't thank everyone who helped me, enough, you are a bunch of really nice helpful people and I am really glad I have been a member of AV Forums for as long as I have. It's a great place to be.:clap::clap::clap:
     

Share This Page

Loading...