Potential Virus/Trojan/Worm problem - Tilted Forum Project Discussion Community

Derwood · 05-02-2005, 05:03 AM

Here's the story:

My Dad just bought a brand new Dell desktop. He was complaining to me that it was running slow, so I went over to take a look. I got rid of a bunch of stuff from his Startup routines (via msconfig) but it was only marginally faster. It would still take the Control Panel 15 seconds to open up, etc. (on a 2.33 GHz, 256 MBRAM machine). Something wasnt' right.

I ran spyware and adware programs and turned up little. So I went into the Ctl+Alt+Del screen to see what was running.

There were something like 47 processes running. Many involved AOL and his printer and digital camera. But several were gibberish and were listed under SYSTEM instead of his username. I went to iamnotageek.com to check them out and about 6 came up as really bad files (most were .exe files that the site said were introduced by a trojan or a worm).

I immediately ran a virus scan but it turned up nothing. So the question is, how do I get rid of these files? Is the computer already screwed? And where would he have gotten these from? He has a virus scanner and a firewall running all the time, and isn't online most of the time (he's still on dialup).

Sorry for the long post, but I want to help him clear up the problem.

soccerchamp76 · 05-02-2005, 08:26 AM

Well there is a link above that covers most of it. Find a thread that I started, i tihnk the title is "Cure-All for Spyware/Viruses."

It mainly involves using all the spyware and antivirus programs, and running them in SAFE MODE. Press F8 when rebooting and enter safe mode, then run all your scans and see what turns up.

Derwood · 05-02-2005, 11:12 AM

Quote:

Originally Posted by soccerchamp76

Well there is a link above that covers most of it. Find a thread that I started, i tihnk the title is "Cure-All for Spyware/Viruses."

It mainly involves using all the spyware and antivirus programs, and running them in SAFE MODE. Press F8 when rebooting and enter safe mode, then run all your scans and see what turns up.

Ok, I'll look that up. Thanks.

mikec · 05-04-2005, 07:44 AM

disable system restore, install AVG anti-virus (norton doesn't do the trick), boot into safe mode and run a full scan.

also grab M$ antispyware and run that in safe mode too. catches a lot of stuff adaware and spybot leaves behind.

eeef2 · 05-04-2005, 03:15 PM

ive found a cure all- http://housecall.trendmicro.com/ try the 6.0 beta that cleans viruses and spywares. Use housecall with IE.

hrdwareguy · 05-05-2005, 06:15 AM

Another thing, not helping with the files but will help system performance, get him another 256 of Memory. XP is a memory hog and 256 will run slow.

hrandani · 05-05-2005, 06:43 PM

The housecall stuff is not a cure all, it assumes your computer works well enough to go to websites and allow that sort of thing. : p

Also I recommend getting rid of internet explorer, download firefox ( look it up on google) You can even carry over your bookmarks, which should solve any problems your dad has. I also second getting more RAM, as Dell typically gyps its customers with low RAM. It's dirt cheap and easy to install. Just make sure to get the same kind as the first one.

tyler durden 12 · 06-05-2005, 06:46 PM

get mozilla firefox, definitely... and stop using IE. i haven't had a single spyware infestation since i switched.
i would use ad-aware, spybot, and microsoft's spyware killer, also install spyware blaster (it prevents spyware). and keep them all updated.

download "win patrol"> it's alot like your taskbar (ctrl+alt+del), but it keeps programs from staying in memory and putting themselves in startup behind your back. let it run at startup and stay in the background. it's like a personal offline\online watchdog to stop programs (malicious or not) from slowing down your PC.

what firewall you got? try sygate or zone alarm. i found that norton was a system resource hog and slowed down my machine pretty good, so i killed it, now all is well.

try anti vir or avast (with latest updates)... run in safemode.

worst case, if you have a virus you can't kill.... you got the Dell restore discs right?

Slavakion · 06-05-2005, 06:52 PM

Honestly, I'd recommend a reformat. I know that it's new, and you probably think I'm crazy. But pre-fabs from Dell, HP, etc. come with all kinds of crap installed on there that you'll never use. The first time I reformatted instead of doing a system recovery I was astounded at how much faster my computer ran.

After doing that, get Firefox, some firewall, an AV, and a couple of spyware detectors.

pattycakes · 06-05-2005, 07:38 PM

download antispyware beta, download avg or another antivirus.get the updates for both. get sp2 if thats not on the cd already. unplug the internet, format install xp, install sp2 then the spyware and antivirus stuff, the updates for those you downloaded. after they are turned on and working connect tot he internet check for updates again, then use mozilla or firefox,

thats how i do it....
if you are connected to the internet you will get infected without even connecting to a site

mikec · 06-07-2005, 08:51 AM

Quote:

Originally Posted by pattycakes

if you are connected to the internet you will get infected without even connecting to a site

that's just not true. sorry.

KingOtter67 · 06-07-2005, 10:01 AM

Quote:

Originally Posted by mikec

that's just not true. sorry.

It's possibly true, but you have to have certain features of the operating systems enabled, etc. For example, if you have the Internet Information Services turned on in Win2000, and I think to some extent the Personal Web Server.

As long as you stay up-to-date with the Windows Updates you should okay.

A lot of bad stuff can come through instant messaging, too. Never click a link you don't expect even it is from someone you know.

I should also say that it is usually a good idea to have something between you and your internet connection. A Linksys hub or something. Something that lets you maintain a private IP address while the invulnerable network device like the switch/hub maintains the public IP address. If this is over the heads of anyone I apologize.

Slavakion · 06-07-2005, 05:22 PM

Quote:

Originally Posted by mikec

that's just not true. sorry.

Unpatched XP? Yes it can... I always install my firewall and AV before the drivers for my wifi card.

God of Thunder · 06-07-2005, 05:30 PM

Quote:

Originally Posted by mikec

that's just not true. sorry.

Sorry to jump on the bandwagon, "The Screensavers", when it was a good show, hooked a Windows machine up to the internet with no firewall or antivirus. It was attacked within 4 minutes.

There is enough stuff out there that simply crawl the web looking for open holes. If you're unprotected, you will play host to a trojan rather quickly.

05-02-2005, 05:03 AM	#1 (permalink)
Derwood Who You Crappin? Location: Everywhere and Nowhere	Potential Virus/Trojan/Worm problem Here's the story: My Dad just bought a brand new Dell desktop. He was complaining to me that it was running slow, so I went over to take a look. I got rid of a bunch of stuff from his Startup routines (via msconfig) but it was only marginally faster. It would still take the Control Panel 15 seconds to open up, etc. (on a 2.33 GHz, 256 MBRAM machine). Something wasnt' right. I ran spyware and adware programs and turned up little. So I went into the Ctl+Alt+Del screen to see what was running. There were something like 47 processes running. Many involved AOL and his printer and digital camera. But several were gibberish and were listed under SYSTEM instead of his username. I went to iamnotageek.com to check them out and about 6 came up as really bad files (most were .exe files that the site said were introduced by a trojan or a worm). I immediately ran a virus scan but it turned up nothing. So the question is, how do I get rid of these files? Is the computer already screwed? And where would he have gotten these from? He has a virus scanner and a firewall running all the time, and isn't online most of the time (he's still on dialup). Sorry for the long post, but I want to help him clear up the problem. __________________ "You can't shoot a country until it becomes a democracy." - Willravel

05-02-2005, 08:26 AM	#2 (permalink)
soccerchamp76 Go Cardinals Location: St. Louis/Cincinnati	Well there is a link above that covers most of it. Find a thread that I started, i tihnk the title is "Cure-All for Spyware/Viruses." It mainly involves using all the spyware and antivirus programs, and running them in SAFE MODE. Press F8 when rebooting and enter safe mode, then run all your scans and see what turns up. __________________ Brian Griffin: Ah, if my memory serves me, this is the physics department. Chris Griffin: That would explain all the gravity.

05-04-2005, 07:44 AM	#4 (permalink)
mikec I flopped the nutz... Location: Stratford, CT	disable system restore, install AVG anti-virus (norton doesn't do the trick), boot into safe mode and run a full scan. also grab M$ antispyware and run that in safe mode too. catches a lot of stuff adaware and spybot leaves behind. __________________ Until the 20th century, reality was everything humans could touch, smell, see, and hear. Since the initial publication of the charted electromagnetic spectrum, humans have learned that what they can touch, smell, see, and hear is less than one millionth of reality

05-05-2005, 06:15 AM	#6 (permalink)
hrdwareguy "Officer, I was in fear for my life" Location: Oklahoma City	Another thing, not helping with the files but will help system performance, get him another 256 of Memory. XP is a memory hog and 256 will run slow. __________________ Gun Control is hitting what you aim at Aim for the TFP, Donate Today

06-05-2005, 06:46 PM	#8 (permalink)
tyler durden 12 Upright	get mozilla firefox, definitely... and stop using IE. i haven't had a single spyware infestation since i switched. i would use ad-aware, spybot, and microsoft's spyware killer, also install spyware blaster (it prevents spyware). and keep them all updated. download "win patrol"> it's alot like your taskbar (ctrl+alt+del), but it keeps programs from staying in memory and putting themselves in startup behind your back. let it run at startup and stay in the background. it's like a personal offline\online watchdog to stop programs (malicious or not) from slowing down your PC. what firewall you got? try sygate or zone alarm. i found that norton was a system resource hog and slowed down my machine pretty good, so i killed it, now all is well. try anti vir or avast (with latest updates)... run in safemode. worst case, if you have a virus you can't kill.... you got the Dell restore discs right? Last edited by tyler durden 12; 06-05-2005 at 06:49 PM..

05-04-2005, 03:15 PM	#5 (permalink)
eeef2 Upright Location: right here	ive found a cure all- http://housecall.trendmicro.com/ try the 6.0 beta that cleans viruses and spywares. Use housecall with IE.

05-05-2005, 06:43 PM	#7 (permalink)
hrandani Insane	The housecall stuff is not a cure all, it assumes your computer works well enough to go to websites and allow that sort of thing. : p Also I recommend getting rid of internet explorer, download firefox ( look it up on google) You can even carry over your bookmarks, which should solve any problems your dad has. I also second getting more RAM, as Dell typically gyps its customers with low RAM. It's dirt cheap and easy to install. Just make sure to get the same kind as the first one.

06-05-2005, 06:52 PM	#9 (permalink)
Slavakion Mjollnir Incarnate Location: Lost in thought	Honestly, I'd recommend a reformat. I know that it's new, and you probably think I'm crazy. But pre-fabs from Dell, HP, etc. come with all kinds of crap installed on there that you'll never use. The first time I reformatted instead of doing a system recovery I was astounded at how much faster my computer ran. After doing that, get Firefox, some firewall, an AV, and a couple of spyware detectors.