Virus?

NullZer0

Im just on my flatmates laptop and the latency on the network is really bad. there is a seriously high ping.

So, I went to CMD line and tried to run ipconfig.... if wont run... in fact no command line command will work.


There seems to be alot of pop ups etc.... Adware/spyware Id say... but is it possible that something like this could disable the use of the command line?

the_syco

Boot into Safe Mode (F8 on startup), and check it out there.

NullZer0

Will try that actually... I should have though of that. I got Spybot running at the moment anyway and its picking up alot. He had no protection against adware, spyware or viruses.

Saruman

iRock wrote:

There seems to be alot of pop ups etc.... Adware/spyware Id say... but is it possible that something like this could disable the use of the command line?

Yes and you will probably find task manager will not open. well it will but closes right down..

sorry its not a virus but the malware is worse than a virus these days.

try the smitfraud fix in safe mode... i might sort it depending on what malware it is but probably there is more than one so you will need hijackthis, and only one of us expert types can actually use it properly as all it does is list everything running allowing you to select what not to run... dissable something you need and you will be in trouble.

trout

iRock wrote:

Will try that actually... I should have though of that. I got Spybot running at the moment anyway and its picking up alot. He had no protection against adware, spyware or viruses.

If that machine was completely unprotected and online for more than say 20 seconds, it's a fair bet that it's riddled

If it was me, I would be looking to backup the important data, and consider the time taken to rebuild, versus the time taken to scan, fix and check whatever may be lurking.

With such good freeware about like AVG etc, why do people go online nekkid

Saruman

Also try and make sure that in future, as well as protection that they use firefox or some other browser other than IE as its much harder to get malware that way. Also tell them to stay away from warez/pirate sites. NEVER download little free games and screensavers etc as these usually come with malware.

NullZer0

Oh I know... But try telling a click happy porn searching hippy!

I know because I been there and its happened to me from similar sites... Years ago before I knew anything about computers.

Ill run spybot, Lavasoft Adaware SE and AVG and see what the story is then.... I really want to avoid doing a rebuild coz I dont have any Legit CD's and its not my laptop.

trout

++ for Mozilla with Ad Block Plus add-on ... and also the dTa add-on, perfect for click happy pr0n surfin' hippie types ... that should be a t-shirt

Saruman

iRock none of those apps you mentioned will do any good unless you run them in safe mode, just so you know.
By all means do it in normal mode, clean it off but make sure you also do it in safe mode as when these apps are closed and deleted, they simply reinstall themselves within under a second so you need to clean them when they are not running.

Sometimes they also run in safemode which is why specialist tools (for certain types of malware) such as smitfraud fix which kills the shell (explorer.exe etc) is needed.

NullZer0

Just got ERD commander today..... I havent had a chance to mess about with it but has it got anything that can help?

ZENER

I doubt even safemode will help. This malware is started from the registry and will prevent any AV or SpyWare app from deleting the files associated with the bug. Even if it does delete the files causing the current infection there will no doubt be a hidden file somewhere which is called from the registry at bootup re-infecting the machine.

A good place to start is to disable system restore and all startup items.
Try copying msconfig.exe and rename the copy to - say - sweets.com. The vireus won't find anything suspect with this and will allow you to run it. Later versions of the virus aren't fooled by this but you might be lucky give it a try. You can try the same trick with cmd.exe.

A recent conflict with a computer infected with something like this required the use of BartsPE and a lot of reading about registry editing.

Tread carefully.

ZEN

ActorSeeksJob

You shouldn't run SmitfraudFix unless you make sure you have that infection first. To the OP, don't bother running those scans, sounds like you got some bad infections that they wont be able to fix. Do this instead

Please download the self-extracting version of HijackThis from here:

HijackThis_sfx download

Save HijackThis_sfx to your desktop.

Double-click the file then click the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

Open HijackThis and click Do a system scan and save a log file. Copy the entire contents of that log and post it here

Qwertyboy

Sorry to hijack this but its not worth a new thread. Which is better... An updated AVGfree antivirus or out-of-date Norton 2006? Sorry again

ActorSeeksJob

An updated AVGfree antivirus is far far better. In fact an update AVG free anti-virus is better than an updated Norton 2006/2007

ZENER

ActorSeeksJob wrote:

In fact an update AVG free anti-virus is better than an updated Norton 2006/2007

Agree 100% with this. The number of computers I get for cleaning that have Norton installed is frightening. It seems malware has no problem disabling Nortons from starting thus letting the infection take hold.

ZEN

ActorSeeksJob

I think McAfee is the worst by far, so many problems with them.

Just out of curiosity ZENER, where do you clean PC's? I'd love to get involved in cleaning PC's as a job since I'm really good at it and do it a lot anyway
Think you could pm me details about what you do?