Virus Problems

cregser

I'm helping to fix a guys laptop that got infected will all sorts of viruses after a malicous e-mail.

He has Symantec AV Business Edition and it was up to date when he caught the virus AFAIK. However, his WindowsXP Pro wasn't patched up.

He told me the virus he caught was Psyme. He followed the steps to remove it detailed on symantec's site.

When he came to me he still had problems.
- SymantecAV was not finding any viruses, even when searching in Safe Mode with System Restore turned off.
- Something kept changing his homepage to C:\Windows\hompage.htm which was an add page. He was also getting add pop-ups and warnings about porn addresses being found on his computer. His Favourites were changed to porn sites. "homepage.htm" was hidden as a system file.
- Script errors kept popping up (even outside IExplorer) on a odbc.hta file. This was also hidden as a system file.
- I checked running processes and saw that "bargains.exe" was running. "iexplore.exe" kept starting and stopping even when Internet Explorer was closed.
- I checked his registry and saw that "mslaugh.exe" and "teekids.exe" were set to run on start up. Also, "msbb.exe" from a "180Solutions" folder was set to run. 180Solutions also had it's own tag in HLM\Software\...I think. I forget now, their was so much **** on his comp.
- I found "mysys.exe" and "outLook.exe" hidden in the Windows directory. I scanned them but nothing turned up. I deleted them anyway.

Anyway. I removed all signs of viruses that I can see. I installed add-aware on his comp and removed all the spyware. I have updated WinXP through Windows Update for all critical errors. Yet their is one annoying problem I cannot fix:

When he connects to the internet, and especially when he opens Outlook, the window title bars start flashing. Whatever window he is focused on starts going in and out of focus. So if he were to type sometthing he would be interupted after a few key strokes. When he reboots his comp and stays disconnected, everything seems fine.

I have removed signs of about 3 or 4 different viruses from his comp. SymantecAV only found about 2 of themm Does anyone have any ideas or can you direct me to somewhere that does?

Thanks for reading.

OfflerCrocGod

Use Search and Destroy aswell as ad-aware ( using just one is not always enough ) those are usually good enough to catch all the crud in a messed up windows system. Check what he has running as processes in windows when he runs IE and this weird stuff starts happening. I also recommend you give him FireFox and tell him to stay away from IE except for Windows Update, it may help keep his system clean for longer.

DaemonF

You might also want to download CWShredder - This gets rid of most of the Coolwww hacks that search and destroy misses.

Also HiJackthis is very good - But be warned that if you make the wrong changes to the registry you might naff the OS.

If the home page keeps resetting to something else that you have not enterered do a search on google for that particular link - You will probably find someone else has had the same problem and has the fix you need.

Paulw

Get a better anti-virus.

AVG is one of the better ones, and it's free (www.grisoft.com)

cregser

I've deleted more suspicious files off his comp. But now the pop-up adds have reappeared. It's annoying.

I already use AVG and Firefox myself. The problem is his job uses Symantec on all their computers and they have a client/server thing going on in their network. AVG might confilct with it. Also, Firefox will present compatability issues with software they use. He needs Outlook and it seems to be infected with something. Maybe it isn't. I can't tell with SymantecAV not finding anything.

I won't see him till Monday. I told him to ring Symantec.

I'll try the other spyware detectors, and I always backup the registry before making changes.