Help me ._.

Viruses and worms
1

Okay. I’m a tiny little nub, and I read through the advice sticky topic and such, but I’m ridiculously dense when it comes to the more intricate works of a computer, and I’ve been dealing with this problem for like a month now and I’m afraid I’m going to lose my computer if I don’t get some form of help. ><

I have some serious Trojan problems.

Early November, I got a Trojan. It locked me out of AVG, the main anti-virus I used/use, and Spybot search and destroy was giving a solid wall of blocked whatevers. I freaked and, not knowing what else to do did a system recovery, losing EVERYTHING and all for naught as I’ve come to learn.

Pretty sure it got into the backup HD where the recovery data is.

First week or so, everything seemed okay. Then one day, um… Data Execution Prevention comes up and shuts my computer down. I did a hijack this log and put it up on a forum who was kind enough to completely ignore me. I figured perhaps there was nothing and it was an issue with the fact that my computer had been pushed hard that day.

But about a week or two later, while browsing the net, using Firefox which is the only net explorer I use, an open tab I was not on tried to open a PDF. Nothing, no link or any such thing had been clicked. More positive in that I avoid PDFs like a plague. Only thing that kept it shut at the time was as I had done the recovery, I had yet to agree to their Terms of Use. So I close it, but it happens immediately again, and, stupidly, thinking not of why a PDF was trying to open, but of how much PDF’s slow my computer down and the fact that if I agreed to it now, I wouldn’t have to be so slowed later, I agreed. Then AVG pops up and starts screaming about Trojans.

The random PDF file opening happened twice more. The second time was on the same website, being DeviantArt. The third and worst time happened on some webcomic hosted through drunkduck.com, which I’ve never had issues with before. (The whole PDF thing has made me think that it’s my Mozilla files themselves that are infected, as the site seems random and dictated by where I am when the whim to install Trojans strikes) This one was TERRIBLE. Every time I’ve had the PDF problem, I’ve used Malwarebytes’ to worm things out, which usually finds more than AVG. But this time, both were finding things the other didn’t. AVG, with it’s active protection, blocked around 20 Trojans. Malwarebytes’ found 61. Most were in the recovery HD which is the only thing that stopped me from performing yet another panic stricken recovery.

Since then, about 5 days ago, every day I run a scan. Yesterday was the first day Malwarebytes’ didn’t find anything, but AVG blocked about 5, and, upon recommendation to use avast, 8 were found. One was a decompression bomb, which apparently no longer exists. (Checked the containing folder) 3 JS:Packed-T [trj]. 1 Win32:Trojan-gen {Other}. 2 Win32:Adware-gen [Adw]. And then BV:AutoRun-E [Wrm] (And upon seeing that I flinch)

I don’t know what to do. The only thing I can think of is that all the anti-virus programs I’m using are missing something and it’s breeding like a demon bunny and then sharing it with the rest of my computer. I don’t have the money to have this thing professionally cleaned and all I’m qualified for is purging by fire, which will be more detrimental I’m sure.

Anything. I’ll do anything. I just don’t know what to do. I don’t understand this kind of stuff or I’d make it better. But I can’t and I need help. whimper

(Also, just a note, a lot of these viruses seem to keep being found between the backup HD and my “temporary internet files” I cleared Firefox’s cache, but some seem to be making it into IE’s temp files, which I find ironic since I don’t USE IE. It’s a terrible terrible program and if I could I would just remove it from my computer. Windows is too in love with it though and wont let me, and with my luck, I’d be breaking something and my computer would spit fire in my face as a punishment.)

Also. Feel free to shoot me if I’m being abhorrently stupid. I think I deserve it at this point.

2

Enalia, are you still using AVG? Is avast installed in this same computer? ???
Maybe you can post the name/path of the 8 infected file… or submit it to www.virustotal.com to be sure they’re infected.

3

Yes. Avast, AVG and Malwarebytes’ are all on the same computer. It’s the only one I have (Hence some of my panic)

Um.

Decompression Bomb
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxkjk2qi.default\Cache\DB780835d01

JS:Packed-T [trj]
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Acr1B4.tmp

JS:Packed-T [trj]
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Acr49.tmp

JS:Packed-T [trj]
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\AcrCB.tmp

Win32:Trojan-gen {Other}
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UNS18ZOT\sruninstaller.prod.v12001.23oct2008.exe[1]/f0a49c57dc6771a6e657c36846dbe0d4

Win32:Adware-gen [Adw]
C:\Program Files\Compaq Connections\5577497\Program\Interop.SHDocVw.dll

Win32:Adware-gen [Adw]
C:\System Volume Information_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0000638.exe$INSTDIR\PPCToolbar.dll

BV:AutoRun-E [Wrm]
D:\System Volume Information_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP40\A0007436.inf

Thank you ._. for at least looking by the way.

4

Also. I went to the site you mentioned and put everything in but all of them are gone. ._.

5

avast and AVG will conflict each other.
Choose one of them.

AVG Remover download here: http://www.grisoft.com/ww.download-tools

6

I’ll remove it then. AVG has failed me enough times that I’ll skip on it.

7

Okay. I’ve removed AVG. Gonna go ahead and do another scan. But while I’m at it, I have a question. Is there a way to get Avast to continue scanning even after it’s found a virus? Because having to babysit my computer for 3 hours while it does a scan which slows my computer enough to not really be able to do anything else is a mite tedious you know. And really. The fact that it stops scanning as soon as it finds something and starts jumping up and down and going, “Hey hey what should I do? You have no clue? Too bad! Decide!” is daunting. :-\

8

Only in the Professional version. In the home version there are workarounds, but it’s for advanced users.

9

Foo. Well. Okay. I’ll deal with it. :slight_smile:

Thank you though. This is the most help anyone has given me in the past month and I just don’t know what to do. If I lose this computer, I lose everything. It’s all I got and I can’t afford a new one.

10

Well, use Mozy as online backup. Click on Mozy in my signature :wink:

11

runs in circles

I was really hoping Avast would help, but it hasn’t, and someone must know something I can do!

Obviously something is still there because just. slams head into desk

Browsing web, typical website. Suddenly I start lagging bad, my window, which is kept in a size to allow me to see text from a game I play, resizes itself to full screen, and the page begins redirecting, without my having done anything.

The lag was bad enough I had time to stop the page from loading. Because the computer was still lagging however, I quickly closed Firefox. But then about 2 minutes later, Avast starts up about 5 different things.

All Win32 again.

Two Win32:Trojan-gen {Other}
Two Win32:Rootkit-gen [Rtk]
One Win32:Dialer-gen [trj]

If you want file locations?

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp Win32:Trojan-gen {Other}
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp Win32:Trojan-gen {Other}
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp Win32:Dialer-gen [trj]
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp Win32:Rootkit-gen [Rtk]
C:\WINDOWS\system32 Win32:Rootkit-gen [Rtk]

Please. Please please please I beg you. Someone MUST know what to do. I’m at wits end here. This is the only computer I have and ever will have. I was lucky to get this piece of garbage. My aunt got it for me a few years back. I wont have that happen again and I can’t afford a computer. It’s like, someone told me to back everything up. To what avail? If I lose this, there is no point to the data because it’s all gone. And my luck says any backup will have the virus and be so kind as to share it. Hell. I’m scared of my iPod right now.

I’ve run avast multiple times. Before that I ran AVG multiple times, but it’s gone now, after being told to remove it. I’ve run MBAM multiple times. They’ll find bags full of viruses then suddenly, after a day or so of finding them every day, then suddenly, it finds nothing. “Oh hey, you’re clean. Now go enjoy your false hope because tomorrow mozilla is going to dump viruses everywhere again when that one little viruses that’s hiding from all these supposedly awesome but not helping anti-virus programs continues to breed like a demon bunny and pushes again more viruses into your computer and again destroys so much precious information. HAVE FUN!”

Please… I don’t know what to do.l…

12

Maybe you can run full computer on-line scanning:
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)

I suggest BitDefender…
Also, did you run avast at boot time?

13

I’ll try those. And. Um. By boot time. Do you mean it’s set up to begin running the moment my computer starts, or I personally activated a scan before I started doing anything else. Because for the first few mornings I tried it, the moment I turned on my computer I ran Avast. But it’s never run of it’s own accord.

Also. Quick question. C:$AVG8.VAULT$

It’s a hidden file and I’m wondering. Isn’t that an AVG file? And shouldn’t it be gone if I removed AVG. And I don’t know. hides under a rock

14

It’s the quarantine (chest) of AVG. If you don’t want to restore any file (using AVG), you can delete it.

15

This shows that AVG8 wasn’t completely removed and there may be more left behind.

AVG Remover, download tool from here, http://www.grisoft.com/ww.download-tools there is a 32bit and 64 bit windows version, ensure you use the correct one. Tech also gave you this link earlier if you didn’t run it you should.

Re the boot-time scan:
If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.

  2. MalwareBytes Anti-Malware, which you say you have, so did you run it from safe mode ?.

16

That was why I asked. And he gave me the same link as you, which was how I removed AVG. However, I probably used the wrong one. I spent 5 minutes staring at the options wondering what the heck to do. I, as previously stated, am not smart when it comes to computers.

Which leads me to a new question then. How does one figure out which to use. You mentioned 32 and 64 bit. Only thing that comes to mind is pixles, and that doesn’t sound like what you mean.

Thank you so much for the boot time info. I’ll do that as soon as I can.

And as for safe mode, no I haven’t. But this is because. Well. Honestly, I can’t seem to get my computer to go into Safe Mode. Unless I’m missing something F8 was usually the key to get there right? Well my computer doesn’t give me the option. It gives me F10 and maybe another, but from the startup, there is no safe mode option. I’ll check again when I restart my comp, and if I find it, do the safe mode virus scans. But yeah. Other than that, MBAM has only been used while my computer was running normally.

Quick Edit. It’s a 64 bit and I ran the 32 bit remover. ><

And. Now added in, it wont let me run the remover.

17

Well that tool is really for use if you have problems using the normal add remove programs function or you experience other issues (possible conflicts) that may indicate remnants of avg8, did you do that first ?

Are you sure you have/need the 64bit version of the removal tool, what is your OS ?

It is a large concious decision to go for a 64bit version of XP Pro 64bit or Vista 64bit, etc. so believe me you would know if you had a 64bit OS and subsequently the need for the 64bit version of the removal tool.

Pecking away at the F8 key as the computer boots should interrupt the normal boot and you choose to boot into safe mode. Booting into safe mode http://www.pchell.com/support/safemode.shtml

However, some malware tries to disable that to stop you having a better chance of removing it.

18

Mmm. No. I’ll need to reinstall it however, as the uninstall and such are gone. Just found that hidden file was all.

Well no, but, this is keeping in mind that this was one of those 300 dollar pre-built junkheaps 2 years ago. I know nothing about it except that the ram is painful and that it’s currently in the process of dying and leaving me grieving. May be garbage but I depend on it. :-\

OS? Um. Windows XP. Says Media Center addition version 2002. So no probably not. I don’t know. I was digging through system information and found something that made me think it, but it was probably a rather silly whim. God I just wish I could get this stuff down better.

There definitely isn’t, nor do I believe there ever has been an F8 option on start up. In fact, I got into safe mode on accident this morning. I was trying to find it. Options are Esc, for the boot menu, and then I believe two F key options, one of which is F10. I don’t really remember with the F Keys to be honest. I know there’s at least one, and one leads to the Recovery menu. Reason I got into safe mode today, was I hit Escape, and was sent to the boot menu, which rather baffled me, so I manually shut down the computer (Yeah I know) and then when I restarted it, it told me something about Windows not having started properly and all the stuff about possible Hardware failure causing it, would I like to start in safe mode.

I’ve tried spamming F8 on other occasions. It doesn’t work. I can’t tell you if it’s always been the way for sure. This computer is 2 years old and I’ve the memory of a slug.

I don’t know. Anyway. I did get into Safe Mode and I ran a scan with Malwarebytes’ and it didn’t turn up anything, but, as usual, I’m not holding my breath. Too often now have I thought this problem finally better only to suddenly find viruses flocking to my computer. I’m afraid to even open Firefox now ._.

drops head on desk dejectedly

19

If there is no add remove entry for avast, it looks like you had a failed installation in the first place, possibly due to remnants of avg8, etc.

So you should do a clean reinstall:
Download the latest version of avast http://www.avast.com/eng/download-avast-home.html and save it to your HDD, somewhere you can find it again. Use that when you reinstall.

Download the avast! Uninstall Utility, find it here and save it to your HDD.

  1. Now uninstall (using add remove programs, if you can’t do that start from the next step), reboot.
  2. run the avast! Uninstall Utility, reboot. If step 1 failed it may be necessary to run this from safe mode, once complete reboot into normal mode.
  3. install the latest version, reboot.

I don’t believe the XP Media Center ever came in a 64bit version, so it looks like it is a 32bit OS version and the tool you tried to remove avg8 was correct. Why it left remnants of the folder structure is questionable.

It is generally an accepted standard to use th F8 key during boot to bring up the boot menu to boot into safe mode (why that doesn’t work I don’t know), however if you read the info on the link I gave you it shows an alternative way to get into safe mode (safeboot), use the info relating to XP.

The reason this is important is the avast uninstall utility needed to remove avast will have to be run from safe mode as you don’t have an entry in windows add remove programs. If you try to run the uninstall utility it will fail if the avast self-defence module is running, it will stop modification/removal of avast components.

20

No. I’m sorry I wasn’t clear. I said the uninstall for AVG is gone. As far as I could tell, minus the hidden folder, AVG is gone. There is no option to uninstall is what I mean. Avast is in my list of removable programs however.

Probably not. Again. I honestly don’t remember what possessed me to think it.

Okay. I checked this morning. Escape for Boot Menu, F1 for Setup and F10 for System Recovery Menu. No F8 option, and mashing F8 does nothing >< However, I will use the other option you linked me to for further reference however thanks.