Jump to content
Objectivism Online Forum

All Sorts of Bad Things Happening

Rate this topic


Benpercent

Recommended Posts

Oh it's days like this I feel ashamed of myself for not being more technologically competent. I was searching my username (Benpercent) on Google to see which sites show me as associated with them (despite my never going there) or showcase my content (as was once the case with a site copying and pasting my Amazon.com reviews), and I foolishly clicked on a couple and got some nasty viruses. It feels like I've gone and scrambled the brains of my computer, though it isn't so inoperable that I can't use it to get myself here.

I have run my anti-virus + adware programs multiple times, both in smart and and full scan mode, but as evident from the problems I seem to be missing something. To give a list, here are my problems:

1.) Google Chrome either cannot display any pages whatsoever -- instead it instantaneously gives me the "Aw snap!" error message every time I tried to get it to navigate -- or it stays on the completely white page that indicates it's loading something (but it never finishes). I have tried clearing my cache and whatnot, but the problems still persist. Chrome is my primary browser.

2.) Firefox stalls somewhat. Unlike Chrome I can actually access a few websites, but after just a couple pages it runs into the latter problem Chrome faces and stays stuck on one page infinitely loading something. Right now I'm using Safari, which, aside from being veeeery slow, is actually working perfectly fine.

3.) Last night my taskbar disappeared after I restarted my computer. Just magically. I thought maybe it was unlocked and I accidentally lowered the bar below the screen, but it wasn't until I ran a virus scan and restarted that it reappeared. The problem *seems* to be resolved, but I have no idea what happened there or if I permanently fixed the problem.

4.) Just this morning a fake anti-virus scanner (pro-virus implanter?) installed itself and kept telling me I had dozens and dozens of infections and that I needed to activate it. It kept sending me messages every forty seconds or so, and it claimed to be of the Windows brand. During that period Internet Explorer, the browser I never use, sent me a pornographic and viagra-related advertisement. I was also denied access to several of my files, files I know are clean, because the faux scanner would cancel the action and tell me the file was infected. I did a virus scan and seem to have destroyed the scanner and its cohorts, and I do have access to my files, but again I'm not so sure given that some of the other problem are persisting and the possibility that I could only be treating surface symptoms while the underlying causes multiply.

5.) As par my usual virus procedure I tried to go into Safe Mode in order to be able to scan a greater number of my computer files, but upon the reboot the computer would tell me that an error had occurred and would send me back to the boot menu, telling me the choose the previous settings that were last known to work. The fact that I cannot get into Safe Mode is what frightens me the most.

Additional information: I'm on a HP computer that is running the OS Windows XP Media Center Edition (year 2005 I think). My main anti-virus system is AVG Anti-virus free edition, though I also have Malwarebytes' Anti-malware. For adware I use Ad-Aware.

I have managed to fix problems 3 and 4, but all the rest are still present. I fear another outbreak. What should I do?

Thank you for your time, and thank you much more so if you should choose to help.

Link to comment
Share on other sites

The way you describe it, it could be that something has taken over at a very basic level (something like a "rootkit"). Do you have access to your Window's OS disks? Do you have lots of files that are not backed up? Do you have lots of software that you would need to reinstall (and do you have access to disk for that software, where relevant)?

Depending on the answers, you could consider reinstalling Windows, and then applying all the relevant OS updates from the Microsoft site. (Apart from files, remember to back up things like your browser favorites and your email, if any.)

Link to comment
Share on other sites

The way you describe it, it could be that something has taken over at a very basic level (something like a "rootkit"). Do you have access to your Window's OS disks? Do you have lots of files that are not backed up? Do you have lots of software that you would need to reinstall (and do you have access to disk for that software, where relevant)?

Depending on the answers, you could consider reinstalling Windows, and then applying all the relevant OS updates from the Microsoft site. (Apart from files, remember to back up things like your browser favorites and your email, if any.)

And this is why I regret my technological incompetence. :thumbsup: I got this computer when I was still a teenager, say about 17 or so (I'm 21 now), and I threw away the PC box, which probably had the OS disk in it and whatnot.

As far as backing things up go, I could easily do it on a really big flash drive. All I desire to keep are my episode of Monk and my writing files. My single PC game can easily be reinstalled, and there's nothing else I want to save.

If it is a rootkit, there are free rootkit detection utilities out there to track them down.

Could you list a few brands? I looked at Download.com and all they seem to list are *general* anti-virus programs, not special rootkit detection software.

Link to comment
Share on other sites

I looked at Download.com and all they seem to list are *general* anti-virus programs, not special rootkit detection software.
Googling returned this one, and this one, among others. Since you don't have your Window's disks, reinstalling the OS is out... therefore, you're got to figure out what is on your machine, and to remove it.
Link to comment
Share on other sites

Just finished a little bit ago scanning with the first rootkit remover you suggested Software Nerd, and it found four or so "hidden files" and removed them. I restarted my computer and regretfully all the problems are still here, including the disappearing taskbar. I still cannot get into Safe Mode either, the mode that would most likely be the cure all. Blast!

Aside from the danger it poses to the computer, does a rootkit present any danger to my being, such as logging passwords or sending identifying information?

Link to comment
Share on other sites

Aside from the danger it poses to the computer, does a rootkit present any danger to my being, such as logging passwords or sending identifying information?
If that's what you have, then its like any other virus except that it is at a "deeper" level, and therefore is able to mask its presence to tools. So, like any other virus, its really impossible to tell the intent of the author. You say it is popping up messages. Maybe that's all it does; or, maybe it does more.

I'm not sure what you can do next without safe mode and without Windows disks. One thought is: any friend or family close by who will lend you their Windows disks?

Link to comment
Share on other sites

I would go into start > run > msconfig, go to the startup tab, and just uncheck everything, then restart your computer a couple times, and see if anything re-checks itself on the startup tab. You can also go to the services tab and look for anything conspicuous. That might help you track it down. After unchecking everything, you can also run a free online antivirus scan. I recommend Kaspersky. Also see if Eset, Avira, Avast, and Trend Micro have online scanners you can try. Also run anti-spyware scans, e.g. SuperAntiSpyware. For rootkits, check out Rootkit Unhooker, Avira Rootkit Detection, GMER.

Edited by brian0918
Link to comment
Share on other sites

The adventures continue! I did what you said Brian and ran Sophos in the special startup settings and it managed to come up with over 130 suspected files! Most of them appear innocent, so I suspect that the rootkit virus is framing them somehow. I wanted to send a sample of the log files to the makers of Sophos, but they only allow an upload limit of 50 MB while my log file is 119 MB. I'm awaiting a response from customer service. In the meanwhile I'll download some of the programs you suggested Brian. I should be near-invincible after this attack given all the protection I'm downloading.

I don't think I'll ever look up my username again.

Edit: Misspelled product name

Edited by Benpercent
Link to comment
Share on other sites

Still at war. Just noticed a new symptom: I can't use search engines, at least not Google. When I search for something any link I click, regardless of whatever it is, directs me to something *completely* unrelated, and perhaps harmful. I was just looking up my local health food store for instance -- a store website I have been to before and know is not malicious, but could not remember the URL -- and when I clicked the link it sent me to some place called "Superpages." When I clicked for a cached version of the address it sent me to a site that had an IP address as its URL.

Link to comment
Share on other sites

I had something similar a few years back. The bad news is you can't remove it entirely without starting the PC on safe mode to delete some of the offending files. This kind of malware is insidious. It respawns after you've removed it, not to mention it renders the computer pretty much useless (mine also tried dialing the modem).

I suggest you take it to a PC tech. You may need to re-format the hard drive and do a clean install of windows. So do whatever backups you need now, and scan the disks before copying the files back.

Link to comment
Share on other sites

Still at war. Just noticed a new symptom: I can't use search engines, at least not Google. When I search for something any link I click, regardless of whatever it is, directs me to something *completely* unrelated, and perhaps harmful. I was just looking up my local health food store for instance -- a store website I have been to before and know is not malicious, but could not remember the URL -- and when I clicked the link it sent me to some place called "Superpages." When I clicked for a cached version of the address it sent me to a site that had an IP address as its URL.

Ok, all the advice given so far is good, but once you're infected by a modern virus, anti-virus software alone isn't likely going to get rid of everything. What you need to do is start collecting information on the symptoms that are visible to you; take notes on your the culprit, getting all possible identifying information possible. Many of these phishing and faux screens have identifying (similar) characteristics (tile bar, brand name, buttons), write them down on paper; when you run the anti-virus software to remove files, write down the infected file names before you erase or quarantine them; etc..

Once you've compiled enough information you're going to need to search for the culprit(s) using a search engine. Because one of the viruses is preventing searching, you're going to have to use a different computer. At this point you should start getting some hits from the identifying information, especially the file names you've recorded. From here you can then search for the specific virus(s) you may have identified.

After you've tracked down a specific virus, you can check your system for it and remove it by the various instructions you've located at this point. This will include removing files and registry entries. Of course, you're going to have to search for '*virus* removal,' ect... Once you've identified the virus, the main anti-virus software company websites are also good tools for listing exactly where a virus installs itself, helping you remove it completely from your system.

This process is in-depth but almost mandatory these days. Once a virus gets into your OS like this it will prevent the proper operation and installation of anti-virus and security software. Additionally, you are most likely going to be infected by numerous viruses, all of which do different tasks, most of which will be related to bot-net expansion; viruses usually keep downloading and installing new viruses, that's why your symptoms change and get worse.

EDIT: Furthermore, once you've got your computer clean, you need to re-download and install your anti-virus software; and then do a complete scan. Of course, it's important to wait for whatever product you choose to download to update itself once for the new virus definitions. This should help totally clean the system, in case you've missed anything which is highly likely. This should give you back some control and usability, but you should still think about reformatting at some point. When you do reformat, make sure you install an up-to-date virus suite -before- you start putting your old files on your new installation.

EDIT2: I forgot to add to also look through the processes running on your computer, by using the task manager, for any thing that looks strange, and add that to your information. Another tip to collect further details is to run through the faux windows, like the virus one, a little. If you think it's going to ask you to download something, take it all the way to that point and record the file name of the program it wants you to download. This is obviously a little hazardous, but what's it matter, your computer is infected already by multiple viruses, and by doing this you will find out the identity of one of the viruses and be able to continue from there. Of course, don't actually download and run the virus.

Edited by RussK
Link to comment
Share on other sites

Ben: I recognize that virus. Two people at work got it, and it did the same thing - popped up fake antivirus messages, redirected your google searches to other pages. After spending a few days trying to get rid of it, I eventually just reformatted their computers. I had run a boot copy of Windows with a bunch of antivirus/spyware/rootkit utilities built-in, ran all the utilities, and it still didn't fix it.

If you do end up reformatting, use Firefox in the future, along with Adblock Plus. And you might want to get a scanner that checks websites' page links for viruses.

Edited by brian0918
Link to comment
Share on other sites

OT question, but does Chrome really have a pop-up window that says "Aw Snap..."?
Not as pop-up, but yes that's a message you get. (We have one machine at work where Chrome gives us that message ever since we upgraded its Symantec client-software.)
Link to comment
Share on other sites

I had the same thing a while back and had to end up reinstalling everything from scratch. Stopsign anti-virus had even made a custom cleaning program that failed to get rid of it. After I reinstalled Vista, it was eliminated.

I'm now running Windows 7, incidentally. I didn't care for Vista.

Link to comment
Share on other sites

I got this virus, and fixing it was as simple as rolling back to a previous System Restore point.

Seeing as how you say you're technologically impaired, it's not likely that you've turned system restore off (a lot of people do, especially gamers and performance junkies).

Start > Accessories > System Tools > System Restore

Go through the dialog. It's pretty self-explanatory. When you get to the calendar, choose to rollback to a system restore point that was made before you started having these problems (system restore points are the bold dates). You'll lose everything you've done since the system restore point (programs installed since then, changes made to OS settings, etc) but it's probably worth it because you likely haven't done much since then on account of the virus and all.

Link to comment
Share on other sites

Still at war. Just noticed a new symptom: I can't use search engines, at least not Google. When I search for something any link I click, regardless of whatever it is, directs me to something *completely* unrelated, and perhaps harmful. I was just looking up my local health food store for instance -- a store website I have been to before and know is not malicious, but could not remember the URL -- and when I clicked the link it sent me to some place called "Superpages." When I clicked for a cached version of the address it sent me to a site that had an IP address as its URL.

Of course there are myriad viruses that will do this, but a very common one that I have seen over the past couple of years and very recently are the koobface viruses, which are associated with social networking sites. Since you say you were searching around for your content on the web, I'm guessing you may have got a hit upon such sites and visited it. Check your task manager and C:\Windows directory for freddy*.exe, ld*.exe, or pp*.exe (* denotes some random number). All of these are associated with the details you've given.

Link to comment
Share on other sites

Again, thank you for the assistance everyone.

I tried pulling up the system restore menu, but the first did I did it it glitched up and had to be shut down via task manager and the second time I selected it -- a few minutes ago -- it refused to come up. My computer is either glitching on that area (which is typical; I cannot do system updates since my computer would search for them infinitely without finding them) or the viruses have that base covered.

Would installing a new operating system help? I think I'm up the creek without a paddle in regards to Windows XP since I'm not too well acquainted with anyone to know what kind of OS they run and stores, of course, now carry Windows 7. If I sniff around I'm might be able to get a copy of W7 for cheap on my campus.

Link to comment
Share on other sites

Oh boy, I don't know if I really did it, but I think I may have cured it. I was trying different things while the computer was booting up and I thought I'd give "Recovery Mode" a shot, and to my surprise it reset my entire computer to its factory settings. (Don't worry, I e-mailed myself the files I simply would not stand to lose.) Everything is working fine now, but you guys are more experted: is factory-rollback sufficient?

Link to comment
Share on other sites

Congrats! If you've really got back to factory settings, you're at a good starting point.

You should apply all the "critical" Windows updates from MSFT.

BTW: Do you connect to the internet via a router (either wireless or wired), or is your computer plugged into a cable modem/DSL modem?

Link to comment
Share on other sites

Congrats! If you've really got back to factory settings, you're at a good starting point.

You should apply all the "critical" Windows updates from MSFT.

I think I just need to do one more restart and I'll be set! Everything's working dandy as candy.

BTW: Do you connect to the internet via a router (either wireless or wired), or is your computer plugged into a cable modem/DSL modem?

I'm plugged into a DSL modem. Of what significance is it?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...