Bunch of viruses! Computer filled with 'em

RECOMMEND YOU READ THIS AND OTHER POSTS BEFORE POSTING

Hi, I’m on my cousins computer and since e mail accounts are inaccessible they can’t register for themselves so I’m posting from my account.

My cousins don’t know alot about computers so they downloaded a rogue anti virus and well, got their computer messed up.

Anyway, I downloaded Avast! Home edition for them and scheduled a boot scan (with archives) and found 8 viruses. I moved them all to the chest so I can get there names down. However, before I got them Avast!, some websites like google, yahoo, gmail, and most important websites do not work. The avast website worked, so that’s how I got them Avast! on their computer for a start. Also, when going on the websites that don’t work, a message comes up saying “Bad request (Invalid Hostname)”. I assume the viruses messed with their host’s folders? :frowning:

So after I moved all the viruses to the chest, I checked their security center, but everything is hard to do since this is a Chinese computer and I don’t read Chinese. None of my cousins do except for their parents but they don’t want to tell their parents lol.

Back to the point, after I moved all the viruses to the chest, avast picked up Win32:Trojan-gen -[other]-. I moved it to the chest and then it picked it up again. And again, and again, and again. It seemed to keep coming back everytime I accessed the security center.

Eventually it stopped. But then some websites are still inaccessible, Blah I can’t figure it out. I tried Spybot and Windows malware remover but both didn’t work. I ran another boot scan and found 4 more viruses (Unix.Malware-gen). MBAM detected some more viruses so I quarantined them all.

I attached a screenshot of the current viruses in the chest.

Oh and this is on a XP computer if that helps. Any other details needed, I’d be happy to comply.

UPDATE

Because of some curse crap, I can’t go to their house to help for 1 month. It’s stupid but their parents take it very seriously so it’s out of my control.

UPDATE

Okay, it’s been a month and they said I could go back now.

Keep them in the virus chest for a few weeks, if they’re still detected after a few weeks, delete.

Do try MBAM.
Sounds like the Hosts file has probably been tampered with. See here for good information about how to manage this.
Good luck doing this with a system file in Chinese. You might need to get some help, there.
If it’s the parents computer, the kids should really 'fess up and ask for advice, but that’s an issue outside the normal range of help here, of course.

Okay, I’ll have to show them this because I’m back at my house. Also, I tried MBAM and it detected a few more viruses and some of them couldn’t be removed so I put them in the quarantine.

Thanks for the help, I’ll reply back again to tell you the results.

Always quarantine any threat found, rather than deleting them. Deletion as a first option isn’t a good one (to plagiarise from DavidR); you have none left.
The quarantine area of any security application is a secure area where malware can do no harm without specific user action.

If all is clear you can alway try to do a boot time scan with archives (alway do a scan with archives) So like i say if you got problem with google or something try to tell us what was your current AV and how did you removed it.

:slight_smile: Hi :

As “insurance” in case the “Hosts File” has been tampered with, I recommend you use the FREE “HostsXpert” program available at www.funkytoad.com/index.php?option=com_content&id=13 ; IF you are able to successfully install this program, you would use its "Restore MS Hosts "
feature, followed by using its “Make ( Hosts ) Read Only” feature .

Yeah I quarantined all of them but they called me today (Mon, July 6) and said a virus was found by avast (Win32: Trojan-gen[other]) and when I told them to move to chest an error came up saying that the action could not be processed so I just told them to leave it alone for now.

A bunch of viruses are still in the MBAM and Avast’s quarantine but I guess they are still coming in. Maybe a dropper somewhere but I’m sure I got rid of that using Spybot S&D.

They also said that this thing keeps popping up in the security center that tells them to get anti spyware. Then there’s a link to get the anti spyware but I told them not to click it since, well you know…

I’m going to go back to their house on Saturday (July 11) and check back at this thread.

Thanks for everyone who’s helping out. :slight_smile:

clearly there is something on the computer, or a site they are going to, that is either not being fully removed (additional files involved that cause it to be recreated) or that is being downloaded anew with subsequent browsing sessions.
I’d recommend a HJT log.

Well they can’t really go on much websites right now.

Here are a list of websites that worked when I tried them:
wikipedia
AOL
hulu
Microsoft
Avast
Symantec

Alright I’m going back tommorow and I’ll post a HJT log, be sure to check back please :stuck_out_tongue:

Don’t worry. I’m subscribed to the thread.
Or someone else will spot it and help.

Rather than an HJT log which does not show a great deal could you run the following and upload it to mediafire for me to analyse

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTS to your Desktop

[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EvtViewer (last 10)
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Sorry I couldn’t post the HJT log today, something came up and I wasn’t able to get to their computer. However I’m going back today (July 12) at around 10:00 AM. (Currently it is 1:19AM (GMT-08:00) Pacific Time (US & Canada))

Alright i’ll note this when I go at 10. I’ll post the HJT log and do your steps so you guys can take a look at both just incase ;D

Thanks for everyones help :slight_smile:

AAARGGGH >:(

Man why is this happening when the answers are right here?!

Sorry guys but since my relatives are from my chinese side of the family (I’m chinese and spanish) they believe that it’s bad for someone to go into someone else’s house when someone died from their house. Err, I’ll explain since I’m sure that sentence didn’t make any sense.

Basically my grandma’s husbands dad died yesterday so I can’t go to anyone’s house because were related somehow to my grandma’s husbands dad. They say it brings back spirits in or something like that. My cousins mom is really believes that stuff so I can’t really do anything about it even if I told her I just wanted to try and get rid of the viruses.

Anyway, I can’t go to their house and do it but I can try to help them over the phone by reading the helpful replies you guys sent me. I might request a detailed explanation if necessary so if anyone’s willing to help, please bear with me for now… :-\

Hi CatWaffles,

Considering your problem versus 邪祟 -cannot you get into that computer from a distance, not actually having to visit the place or is that also frowned upon by the “Angry Lords of the After-world”?

polonus

What?

Well it doesn’t matter how I do it, I just can’t go to their house. It’s a stupid thing really but their parents are really serious about it since their old fashioned I guess…

But if there was a way to do it from my computer (without mine getting harmed in the process) then that would be so much faster.

Anyway, I’ll check on this thread weekly for any replies until this evil spirit BS is gone. (1 month according to their parents)

I know they don’t hate me…or do they? :frowning:

Of course they don’t hate you. (Do they?)
The trojan will have been caused by the bad spirits…a harbinger of death about to occur. It will go away of its own accord once the one-month period is up. If it doesn’t, a Geomancer should be called to place appropriate glyphs and shields in strategic locations, according to the proven tenets of Feng-Shui. Your presence may be a hindrance to this process. Or it may be welcomed. If the sickness leaves the computer it will jump into you, and your children will be cursed and sterile, unless you marry into money.

Anyway, be patient. And just tell them not to do anything with the computer. Banking, etc.

Haha, Yeah I already told them but they said they were too scared to even turn it on anymore so yeah. While they are suffering with a infected computer I’m going to get a new HD tomorrow. :stuck_out_tongue:

Okay, I used the Restore MS Host’s but here’s an error, "ERROR:Cannot create file C:\WINDOWS.0\System32\DRIVERS\ETC\hosts

Hi CatWaffles,

I’m not familiar with the program, but is that a typo?

Shouldn’t it be:
C:\WINDOWS\System32\DRIVERS\ETC\hosts

and is there a reason why it cannot do it?