virus blitz :(

[stargazer777]

Well, I'm just about ready to throw in the towel.

I've been battling a bunch of hijacker demons for a couple of weeks, and still not done with them. (See thread at http://discussions.virtualdr.com/sho...0&pagenumber=1 ).

Now I have no less than eight (8) virus items lurking on my hard disk. I have no idea how I picked them up – while I’ve been working on the hijacker problems, I’ve done regular virus scans, AND I’ve been avoiding using MSIE browser to surf.

I’ve been using Pocket Killbox to exterminate both files related to hijacking problems, and also suspected virus files. Interestingly, they keep popping up again, apparently re-installing from other files, scripts etc.

Also, mysterious things have begun happening with MSIE, such as previously-visited sites (such as Virtual Dr., Trend Micro, etc.) disappearing from the History list that drops down when you hit the arrow on the address bar, and my MSIE browser window suddenly closing for no reason.

It’s very late and I’m out of time, but I will attach files showing (a) some nasty suspect files in a C:\Documents and Settings sub-folder, and (b) a screen shot showing the list of viruses found, using Trend Micro’s online virus scanning.

Thanks in advance for your help. Gift certificates for visits to my psychologist’s office will be gratefully accepted.

wearily,
- Dave in Virginia

[stargazer777]

Sorry, but I guess VDr doesn't allow more than one attachment per post. I am attaching the other screen shot I mentioned in my first post.

- Dave

[crunchie]

Download the stinger from http://vil.nai.com/vil/stinger/ and run it.

[HAN]

Dave: Is the Dave.DGATES1 user one that you built? (I assume it is.) Do you surf as a limited user or as an administrator? There are others that are going to be able to help you sort this out much better than I can but one thing that can limit this kind of stuff is to surf under a limited account.

Using a limited account can sometimes limit things like online gaming and some applications like Spybot need to be updated under each user. (Running as a limited user flat out won't work for Windows updates.) But for most other stuff it works pretty well. One thing for sure...it can help prevent nasty stuff from running since most programs need administrator rights to install.

Also, if any of this stuff runs at startup, there are a couple of programs that can help keep them off in the future. See this post and the 2 programs I mention at the bottom. http://discussions.virtualdr.com/sho...hreadid=181427

[Train]

Does the browser have a "Enable install on demand" like IE in it?
If so disable all instances of it. And watch it, some of those nasties re-enable those settings.
By the way, that being enabled, allows a server to install on your computer without your knowledge. He has nothing to do with you downloading.

[stargazer777]

Crunchie -

Unfortunately, here I am again

While I don't seem to be experiencing any negative symptoms, a whole raft of suspicious .EXE files are once again appearing in my C:\ root directory.

You had previously asked me to send a Zip file containing them, but I had somehow gotten rid of them. Now they're back ..... I've attached a Zip file of them. CAREFUL!

Thanks,
- Dave

P.S. I *STILL* have no idea where they keep getting "reinstalled" from . . .

[stargazer777]

I'd better write fast because my MSIE has been shutting down without warning, probably because of some of these nasties.

I will write more soon but want to post this before something else happens.

More viruses showed up, see attached screen shot.

Wish me well, I'll post as I can.

- Dave

[stargazer777]

Well, that last post made it, I guess I'll try another.

Train, what did you mean by "Does the browser have a "Enable install on demand" like IE in it?" Perhaps my screen shot may provide info to answer that ...

An interesting thing accompanies my latest virus blitz: I've also been inundated (even whilst writing this) with popups advertising spam and trojan killers, etc. Almost seems like someone is bombarding me with crap and then spamming me with offers of tools to kill the very same stuff.

Attached in this post AND the NEXT post are screen shots of a couple of sample spam windows. These are now popping up quite often and interrupt my typing such as this post.

- Dave

[stargazer777]

And the other screen shot I took of a spam window ....

- Dave

[stargazer777]

The only other comment I have right now is,

GEEZZ ... I have antivirus, firewall, Spybot and ZoneAlarm ... all of which I update regularly, and the first two always running in the background, including email scanning by the a.v.

Why is this still happening ?? and why can't my a.v. kill or "heal" them ?



Losing my cool and sense of perspective here . . . I've previously taken this fairly in stride, but right now I feel like I'm sinking fast . . .

- Dave


P.S. In the past 15-20 mins., even though I've been doing nothing but typing these posts (and a couple of screen shots), the spam windows advertising spam blocking are showing up about every 2 minutes. .... sighhhhhh

[poppy4]

stargazer777......I've read your thread here several times, and while I have no definitive answer, several things come to mind. The first is Ad-aware:

http://www.majorgeeks.com/download506.html

Download, install and UPDATE before using.

Secondly, I seem to remember MS instant messaging causing pop-ups....do you use it?....if so, might want to disable.

Your question to Train about 'install on demand"......In IE go to tools\Internet options\Advanced Tab.....and scroll down to 'Enable Install on Demand'......and if it is checked.....UNcheck it (Disable).

hth poppy

[stargazer777]

Thank you, Poppy4, for clarifying Train's comment about "'Enable Install on Demand". I performed the procedure as you described.

Crunchie, thanks for the link about the Stinger app. I downloaded it and let it run. Interestingly, it did not report any viruses etc. found/repaired/healed etc. However, not knowing what to think, I had my usual a.v. run a scan again, and all of the viruses were gone.

I think Stinger is great, I just wish it would list what it found and what it did with each item.

One item that is still plaguing me is someone's stupid little "EliteBar" toolbar, with buttons for "Premium Sites", "Online Dating", "Online Casinos", "Adult Content Sites", "Online Drugs" and "Virus Scan" (I bet their a.v. doesn't report their own malware :P ) OK .... Stinger killed the viruses, my a.v. now shows nothing, SpyBot S&D did its job (only found 6 items), and everything seems to be clean. Why is MSIE still getting this stupid "EliteBar" ?

Also, every time I now come to VirtualDr., there is a separate window on the left side labeled "Search Bar" at the top left and an "X" to close with on the top right. This window and top bar are the same greyish color as the rest of MSIE etc. (excluding the top blue bar) ... then the next item down is a medium blue bar labeled "Related Searches". I wouldn't go into so much detail, but I never saw that come up before, until I had these virus problems.

Well, I think I've probably set a record for posts in one day and bored some people to tears, so I'd better quit.

Unless something new happens, I'll sit it out and see if anyone has any comments (besides telling me to shut my yap ... heheh).

- Dave

[crunchie]

Elitebar should be able to be uninstalled from add remove programs. Then check to make sure the folder is gone from program files.
Have you rid yourself of microsoft's VM yet and installed Sun Java?

[stargazer777]

Crunchie,


Yes, I seem to have easily (relatively speaking) deleted the EliteBar.


As for your remarks about SunJava .... forgive me, but I'm not quite the guru you are.

I re-read your post about Sun Java in the HJT forum, and I cannot find anything relating to it after bringing up Control Panel.

I would be extremely grateful if you could outline a few simple steps to toss out the MS VM and install SunJava .... or perhaps point me to a link where I could find the procedure and info.

Thank you !!!

- Dave

[crunchie]

A link is probably easier as I really am not a guru.
Just an ordinary working man .

http://www.windowsitpro.com/Windows/...ows_38206.html

Sun Java Runtime from here;

http://www.tucows.com/preview/194327.html