PDA

View Full Version : Any advice on a bug problem/reformat?



Tokkyu40
October 12th, 2007, 09:19 PM
I've got it bad, as the song says. I hit a website without checking to see if the subject matched the title, with predictable results. It bounced me around a bit, and when I had it under control and off my computer again, I had a trojan horse popping up.
My anti-virus (Avast) keeps killing the same trojans over and over, so there's another program it can't find that's spontaneously generating them.
I bought Tenebril SpyCatcher, which claims to prevent everything down to rootkits, but it didn't find anything. Neither did AVG Anti-Rootkit Free. I'm stumped.
Two questions. If it can be fixed, what should I try next? Any suggestions?
And if it can't be fixed, how do I safely reformat the drive and start over?
I already have the World folder on an external hard drive. I also want to save my e-mail addresses and favorites. Where can I find those?
And what else should I save?I know I can ignore any program without a lot of saved work, and any games (if they're any good, I'll just start them over). Is there anything else I should know?
Thanks for any advice.

:cool: Claude

sethmcs
October 12th, 2007, 10:24 PM
What's the name of the trojan(s)? Maybe someone knows how to get rid of them. I use AVG Free and Spybot free. Both programs have protected my computer for years against various attacks.

I would try downloading both of these programs and run both. I found that virus protectors and spyware that you pay for are not as good as these.

Do not start over (reformat) unless that is absolutely necessary.

Hope this helps

fran1
October 13th, 2007, 01:59 AM
try major geeks forum, it's quite good and they will probably have a solution.

stagecoach
October 13th, 2007, 02:51 AM
Have you tried a restore to a point before you got it.

Ferngren
October 13th, 2007, 03:23 AM
Yeah, try a restore, it might just work.

Worst case - the trojan is also in the system-restore folder and will clone itself back-in once you make a restore. This happened to me once. The only remedy is to empty that folder but then you won't have any restore-points left.

fran1
October 13th, 2007, 05:39 AM
i think the trick is to turn system restore off then you dont get a copy of the trojan kept on your system.
check the restore dates make sure you have an earlier one, not to early or you'll lose data. turn off sys restore, restore, turn sys restore back on. this way I believe it won't copy .

Tokkyu40
October 13th, 2007, 07:14 AM
Have you tried a restore to a point before you got it.

Yes, I did that. System restore failed. Fran1's idea sounds good.
So how do I turn off system restore? All I really know about computers is that when you push the button, you can play Trainz.;)
The trojans are Win32:Small. And yess, I went into the Win32 folder to eliminate any new files. The location they're listed under doesn't exist after Avast kills them. Apparently the program creating them is somewhere else.
I'll try AVG next. Maybe it'll find something. Spybot didn't find anything.
Thanks for the help so far.


:cool: Claude

fran1
October 13th, 2007, 07:40 AM
all programs,accessories,system tools,system restore,system restore settings. turn off, restore,turn on.
i think all that happens is ,1, it does not create a store point for that change,2 does not keep a back up of that restore which is where the trojan is.
delete any recent restore points you think may have the trojan in it.
if in doubt look up sys restore in microsoft help.

fran1
October 13th, 2007, 07:53 AM
put the trojan name in google, it comes up quite a bit. removal instructions are also there.
try Kaspersky a\v first if you want, its listed there, called Downloader small EK at grisoft which is where avg comes from.
seems you may have got it from online poker which is where its mainly targetted.

Tokkyu40
October 13th, 2007, 11:14 AM
No, not online poker.
At least, I don't remember being passed through an on-line poker site during my sudden tour. (Lots of naked women, but no poker)
I just finished downloading and running AVG. It found a total of 63 problems, including 40 in the system restore.
One was a virus, obfustat.rty. That may have been the generator creating all the trojans.
After restart, there's no sign of the problem, so it may have worked. AVG is a lot more powerful than it was a few months back when I switched to Avast. The recent updates have really improved it.
I wrote down the instructions for working with system restore, thanks. I'll try to learn a bit more today.
Now that you saved me, I would be greedy to ask for more, but there are two more items to finish cleaning up the mess.
1) The administrator (that would be the virus) turned off the Task Manager. Do you know how to get it back?
2)It appears that I'll need to upgrade my protection. What's your favorite firewall?
Thanks for helping my clean out the trash. You've saved me!:D

:cool: Claude

fran1
October 13th, 2007, 02:01 PM
do you mean (task manager) scheduled tasks? if so control panel then open it from there. re-schedule your scans etc.
virus protection. I use norton and update weekly but if I spot machine running lousy (I'm not the only user).
i run a hijackthis scan and remove anything I don't recognise. especially at the top beginning with an R. they should not be there!!
download AVG, update,run scan, remove what it says,remove AVG.
if I still have problems then its google it then go into regedit which is not for the fainthearted because you can spend hours manually removing the virus but one false step and your doomed.
I'll check later for a reply off to scotland now.

Tokkyu40
October 13th, 2007, 09:05 PM
Thanks again. Have a good trip.
Actually, by Task Manager, I mean the window that pops up when I push Ctrl-Alt-Delete in XP. Except I get a notice that the administrator has disabled it. Now I need to enable.
I prowled around the control panel, and it does recognize me as the administrator, so I should be able to enable this handy toy. I'll dig through the help file and see if I can make more sense of it while you're out.

:cool: Claude

Edit: I managed to sort out the help file and find the answer. Click Start\Run, type in regedit and navigate to the part that says Disable TaskMgr, which is, of course, missing. Now I have to find out what to do if that entry is gone or hidden. Slow progress is progress, right?

sethmcs
October 13th, 2007, 11:23 PM
Be careful fooling with the registry. A better approach would be goto the control panel and explore administrative tools for the setting that controls access to task manager. Maybe someone knows exactly where that's at....Unfortunately I don't.:confused: While you are in the control panel goto security center and enable firewall,updates, and virus protector.

I'am very happy to hear that AVG solved your immediate problem of removing the viruses. It's the best I know of and has saved my computer at least twice from some nasty attacks.

Wish I was a computer expert but I am not. When I get jammed up with a problem I consult with the computer repair shop. This saves me from myself.:hehe:

mikey186
October 14th, 2007, 12:30 AM
well my dad change the Anti-Virus:AVG-avast! Virus Recover Debase. but try restart the comp. :oand careful about the register.:o

fran1
October 14th, 2007, 07:19 AM
do an internet search, put in major geeks, put task manager in the search box, there's a couple of task manager fixes in there, should be just the job for your problem, i go there when I run out of ideas. a lot of free stuff to help people out.

Kelly88
October 14th, 2007, 08:20 AM
Yeah, try a restore, it might just work.

Worst case - the trojan is also in the system-restore folder and will clone itself back-in once you make a restore. This happened to me once. The only remedy is to empty that folder but then you won't have any restore-points left.


System restore is reknown for this problem
it is better to disable this system

Tokkyu40
October 14th, 2007, 11:19 PM
i think the trick is to turn system restore off then you dont get a copy of the trojan kept on your system.
check the restore dates make sure you have an earlier one, not to early or you'll lose data. turn off sys restore, restore, turn sys restore back on. this way I believe it won't copy .
Mind you, when I turned off system restore it wiped the restore points, so there wasn't anything to restore to, but it did expose a lot of trojans to AVG.

I checked Major Geeks. Most of the pages won't load in any of my browsers, and the initial pages I got to (I searched for "major geeks task manager") say to do a total system rebuild before they're willing to even think about the problem.
I suspect I'll be spending much of my evenings during the next week sorting through their list.
The computer is also running a little (a lot) slow lately. I'll have to dump most of the tools I added during the cleaning phase to take some pressure off the processor.:hehe: Not much benefit if I clear out all the bugs but the computer is so busy polishing the files that there's nothing left for Trainz.
Work tomorrow, so I'll do another virus sweep while I snooze. Thanks for all the help.

:cool: Claude

Edit: Off to bed, a happy man. I found a fix where I used Run, gpedit.msc to open the group policy window, then navigate down the list to disable the Disable Task Manager function. Now it's just a slow grind through the Major Geek clean and tweak to bring the computere back up to peak performance (as peak as a 1.6GH can be these days.) Once again, Thank you for all your help and advice. You've saved me.

Ferngren
October 15th, 2007, 10:53 AM
I'm glad things are clearing up for you. Out of something bad comes something good. Hanging around the nudy-pages makes you become more aware, alert and custom to trojans and worms plus you'll get more familiar with your computer and its system. All for the better.

What? Me? Nooo....I never visit those sites.....

Tokkyu40
October 15th, 2007, 09:08 PM
In my (all too recent) experience, you don't have to go to the nudie sites. Just click on whatever the searches dig up and soon enough they'll come to you.

:cool: Claude

fran1
October 16th, 2007, 04:13 PM
once your sorted go onto internet options in control panel.block pop ups, which was probably what started your problems. you have control over what site your viewing but not the junk that comes with them.