Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Riddled With Viruses!!!! :(

  • 04-03-2005 6:24pm
    #1
    Closed Accounts Posts: 520 ✭✭✭


    Hey guys,

    My girlfriend's computer has been on the net a bit too long without any anti virus, spybot, or adaware :(

    She's riddled with viruses! Everytime she turns her computer on it, she gets a blue screen with white writing which appears for like a milisecond and it says something like "for the protection of your computer windows is shutting down" and other stuff similar to that.

    So.. we can't put antivirus software on it, as it will not stay on long enough. :(

    I was just wondering tho, If I run msconfig in safemode, and disable some of the startup options, would that give me enough time to install anti virus software? Or perhaps, stop it turning off for a while?

    These are the programs that are currently in her startup...

    igfxtray
    STDSB
    icon
    synTPLpr
    synTPEnh
    AOLSP scheduler
    CMESys
    jusched
    realsched
    systime
    dumprep
    ctfmon
    msmsgs
    Gstartup
    clickme
    igfxtray
    STDSB
    icon
    synTPLpr
    synTPEnh
    AOLSP scheduler
    CMESys
    jusched
    realsched
    systime
    dumprep
    ctfmon
    msmsgs
    Gstartup
    clickme
    PCMservice

    Is there anything that should not be there? I'd really really really really really REALLY appriciate anyone's help.

    -Gav


Comments

  • Registered Users, Registered Users 2 Posts: 6,017 ✭✭✭lomb


    os reload, followed by all the patches, anti virus software, anti spyware and full auto updating.


  • Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    We need more info on the PC. Like what operating system is it running? Are you connected to a network ? (doubtful)


    /edit

    What you could try if you get badly stuck and still dont want to redo the whole thing over is simply bung the harddrive into another machine that IS fully patched up with AV and the like. Run the AV on your drive and see what it finds. Of course then its possible that the problems from you drive would spread to it, but thats a chance im wiling to take.


  • Closed Accounts Posts: 594 ✭✭✭mobile04


    ive a few urls popping up and ive got xp pro pop up protection activatied too?
    any ideas
    getting 3 sites kep coming up.
    is there anything that runs in the backround to stop this


  • Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    mobile04 wrote:
    is there anything that runs in the backround to stop this

    I like to call it Firefox. Apart from that just run Adaware on a regular basis. Never rely on XP to protect your system, given that it's XP is at fault for all the holes in the first place....

    OH ya, get rid of that massive sig image, ya "knob".

    Whenever I'm asked to "install the internet" on someones PC here at home, I cannot go without installing:

    AVG Free http://free.grisoft.com
    Zonealarm http://www.zonealarm.com
    Adaware SE Personal http://www.lavasoft.com

    and, if I can manage to convert them -
    Firefox http://www.mozilla.com


  • Closed Accounts Posts: 520 ✭✭✭AlienGav


    Haha! Thanks for your replies guys,

    Sorry about not telling you more about it.

    It's running Windows XP, and it's not connected to any networks.
    It's a laptop, so that hard drive thingy, sadly is a no-no :(
    But thanks for your imput. :)

    Also, It's a packard bell easynote E4. If that helps.
    Do you guys think i might be wasting my time by trying to disable unframiliar start up programs?

    -gav


  • Advertisement
  • Closed Accounts Posts: 594 ✭✭✭mobile04




  • Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    AlienGav wrote:
    Also, It's a packard bell easynote E4. If that helps.

    It does. Normally systems from the likes of DELL, HP etc come with a "recovery cd". Which means just lob the CD into the drive and away you go.

    The only sure-fire way to sort it though is a format and a reinstall, as was suggested earlier.

    If you cork based I'll do it for you, for a small fee ofc ;)


  • Registered Users, Registered Users 2 Posts: 273 ✭✭REDZ


    Spyware
    Icon.exe ***nasty
    Cmesys.exe from gain/gatorcorp ****es
    systime.exe
    Gstartup.exe again Gain/Gator
    Clickme.exe
    PCMservice.exe

    Virus
    msmsgs.exe?


    you should get hijackthis, it should be in the essential software thread. i'd google
    Icon.exe for removal instructions. msmsgs could be W32.Alcarys.B@mm worm. again google for removal instructions. its worth trying to fix it.

    good luck


  • Closed Accounts Posts: 594 ✭✭✭mobile04


    does that firefox run a scan? it seems to be a url page and reset your homepage


  • Registered Users, Registered Users 2 Posts: 273 ✭✭REDZ


    mobile04 wrote:
    does that firefox run a scan? it seems to be a url page and reset your homepage
    dunno bout that, firefox will help you get less of this in the future. go to downloads.com and get ad-aware.,and maybe spybot search and destroy as well, sounds like you need em
    good luck


  • Advertisement
  • Closed Accounts Posts: 211 ✭✭Terra


    your need to install a decent virus protection software and firewall on your system.

    I'd recommend downloading and installing avg's antivirus as it is free and quiet good.

    it can be got from this website

    http://www.grisoft.com/us/us_index.php

    I would also recommend installing kerio as a firewall, this is also free and can be downloaded from

    http://www.kerio.com/kerio.html

    you may have to install these in safe mode or something if you system isn't booting up correctly.

    Use another computer to download them and put them on a cd or something and install them on the system.

    Then run avg's scan to get rid of any viruses, once that is done install kerio firewall.

    I would also recommend using firefox in future as it prevents much adware from coming through.


  • Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    mobile04 wrote:
    does that firefox run a scan? it seems to be a url page and reset your homepage

    Eh - no, thats more than likely the **** already in your system causing that. MOZILLA.COM - type into your address bar.

    But theres no point really until you system is clean.

    Ironic that the PC im fixing at the moment just popped up with an AVG warning about Bagle infecting WINSHOST. Found the bugger in the registry and removed it, and took out wiwshost aswell.

    And where we are talking about viruses :) I loves AVG


  • Registered Users, Registered Users 2 Posts: 13,016 ✭✭✭✭vibe666


    yep, new version of bagle on the loose.


  • Registered Users, Registered Users 2 Posts: 2,098 ✭✭✭aaf


    1. Make sure you have some antivirus program installed. Keep it up to date and schedule or run scans regularly. Here's a good free one: AVG
    2. Run stinger scanner. Bookmark that site as the program is updated about every 2 weeks.
    3. Install Ad-Aware, check for updates and perform full system scans regularly
    4. Install Spybot Search & Destroy, update and check for problems
    5. Install Microsoft Windows AntiSpyware and start a scan. That'll also prevent spyware and adware getting onto your system in the 1st place
    6. Download and install Hijack This. Post the results from that here and we'll try to help you out
    7. Get RegCleaner and google anything in there that looks suspicious.
    8. Get Firefox, web browser that is less prone to spyware and adware s***
    9. Get a firewall like Sygate Personal Firewall or ZoneAlarm to mention but a few
    10. Make sure you keep Windows updated
    11. Use google :cool:

    Not in order but generally you should 1. Update Windows 2. Antivirus scans 3. Spyware and Adware Scans 4. Install Firewall

    Well, that's what I do but I also have a Linksys wireless firewall router WRT54G for added protection and my system has been relatively clean for a yr now

    Tip: If you're having probs connecting to the web in the 1st place, get this months PC Live!, it's got most of the above mentioned tools included on the accompanying cd-rom. I should get commission for that suggestion!!


  • Closed Accounts Posts: 2,148 ✭✭✭angelofdeath


    im always hesitant to advise straight off a full format and reinstall, i prefer to put a bit of work in and fix the problem, but in your case (assuming theres no million dollar top secret documents on the machine) id suggest a clean slate, and follow these guy's advise, and even go a step futher and disable stuff like messenger and outlook and also internet exporer unless your into web design


  • Registered Users, Registered Users 2 Posts: 6,017 ✭✭✭lomb


    a guy i know ran a back door trojan virus on my fully patched xp machine/antivirus/ spyware all autoupdated the other day.

    he wrote it 5 years ago, and installed it. nothing detected it, me thinks windows is like a sieve..........very worrying. i would go thru each process once in a while and any suspicious ones i would find a way to stop them permanently.


  • Closed Accounts Posts: 8,264 ✭✭✭RicardoSmith


    lomb wrote:
    a guy i know ran a back door trojan virus on my fully patched xp machine/antivirus/ spyware all autoupdated the other day.

    he wrote it 5 years ago, and installed it. nothing detected it, me thinks windows is like a sieve..........very worrying. i would go thru each process once in a while and any suspicious ones i would find a way to stop them permanently.

    How did he get it on the PC?

    What AV/Malware/Firewall are you running?

    Windows IS like a sieve. Thats hardly news is it?


  • Registered Users, Registered Users 2 Posts: 6,017 ✭✭✭lomb


    he got it on the pc, as he had uploaded it onto some sites storage and downloaded it in 2 seconds (only a few kilobytes) to my pc. he came over for a few hours and did it to show me and removed it afterwards by using regedit.

    basically it was an .exe, on running it nothing happened but it installed and became a running process opening a port, and the firewall didnt detect it as my pc was requesting communications to a remote server

    anyway i have xp pro, sp2, full updates, etrust computer associates antivirus, spybot, microsoft anti spyware beta, hardware firewall, and zone alarm firewall. all fully updated and with registry protection from microsoft antispyware and spybot. incredibly neither allerted on running the exe on modifying the registry.

    very worrying.........


  • Closed Accounts Posts: 8,264 ✭✭✭RicardoSmith


    If you manually downloaded it, or ran it, then you bypassed all your security. Thats user error not a problem with the software. AVG the freeware version doesn't scan exes at run time. You can buy software that does this. Spybot should have spotted it trying to write to the registery. But even so the main problem is that you downloaded and ran an unknown exe.


  • Registered Users, Registered Users 2 Posts: 4,751 ✭✭✭Ste-


    Heursitics should have caught it if enabled.
    If your friend wrote this and it was never "released" then why would it be caught.
    Virus scanners work on a database of known viruses, so if it was written and not released noone else would know about it and would only be detected by heuristics if some of it's properties are like known virsues.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,017 ✭✭✭lomb


    nah he never released it. surprising spybot didnt even pick up the registry change though. anyway a run thru all processes every now and then is a good thing. google is good to do a search on any unknown process.


  • Closed Accounts Posts: 8,264 ✭✭✭RicardoSmith


    lomb wrote:
    nah he never released it. surprising spybot didnt even pick up the registry change though. anyway a run thru all processes every now and then is a good thing. google is good to do a search on any unknown process.

    So what do you if it uses a safe process name? ;)

    Who has time do to that anyway?


  • Registered Users, Registered Users 2 Posts: 6,017 ✭✭✭lomb


    So what do you if it uses a safe process name? ;)

    Who has time do to that anyway?

    ahhhhhhhhh clever!

    time-doesnt take long, obviosly if the pc is used for sensitive stuff like ebanking and paypal etc i would def do it regularly in addition to the usual virus scans. the last thing u want is a back door trojan with keystroke logger, whatever about a virus


  • Closed Accounts Posts: 8,264 ✭✭✭RicardoSmith


    lomb wrote:
    ahhhhhhhhh clever!

    time-doesnt take long, obviosly if the pc is used for sensitive stuff like ebanking and paypal etc i would def do it regularly in addition to the usual virus scans. the last thing u want is a back door trojan with keystroke logger, whatever about a virus

    A proper firewall will tell you if something is trying to get out that shouldn't. This is exactly why you should use something better than XP2 firewall. Not search on the name via google. At that point its already running and is sending out info. Some security that. Its like closing the stable door after the horse has bolted.


  • Registered Users, Registered Users 2 Posts: 1,350 ✭✭✭skywalker_208


    :) Firefox is an alternative browser to crappy Internet Explorer... well worth using instead. Opera is another one worth checkin out...


  • Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭techguy


    Maybe you could take the hard drive out and put it into a another computer and scan it with various programs and repair it. then put it back into the original PC and keep the os and security programs updated...

    Hakko


Advertisement