|
The Friendly Place to Get Help and Support! Here you will find free, friendly and courteous help and support for all your computing and photography needs. We also have forums where you can just relax and have fun, talk about anything you want to discuss within board guidelines, and share your interests and hobbies with others. Our portal (Home) page contains several activities and games where you can just relax. It also contains an ecard service. You are welcome to browse the forums to see what we have to offer, but you must register in order to participate. Some forums, games and activities are viewable only after you register. If you are new, click here to get started. |
 |
|
| Author |
Message |
willin_601
Royal Geek
User is Offline
Joined: 25 Dec 2006
Posts: 343
Location: Iowa
|
| Posted: Wed Feb 13, 2008 4:20 pm Post subject: I have a trogan on my laptop now |
|
|
Hi Repa and everyone, members I know and those I don't. I have been working on my desktop recovery, finally and I have been so careful using my laptop however my husband used it several times and I finally told him he needed to get himself one because he likes to click on everything.
I have kept my laptop updated, I have Windows Vista and I'm using Windows Firewall and AVG for my virus program. I also use Ad aware. My pc is not but about 6 months old and it is so slow. I checked all the things I could from the info I had been given by Repa and Novice way back and I downloaded Spybot Search and Destroy and it only picked up one thing: a trogan.
I have never used Spybot but read the tutorial first and read it again after the scan. when I clicked on the grey box to the left of the red entry found, it said Virtumonde copies itself to the system folder and creates a BHO. Vitumonde connects to malicious websites in background. It also adds a randomly named dll to the Winlogon Notify, which will make it very resistable to removal. Removal requires the computer to be disconnected from the internet and restarted after first scan and fixing session.
This may sound stupid but how do I disconnect a laptop from the internet?
then I want some clarification to make sure I understand what I'm to do.
1- I disconnect from internet (once i find out how on my laptop)
2- I would then scan again with spybot
3- I would click on the fix button
If this correct. I typed exactly what spybot showed me.
It is showing a path in the registry. It has the registy symbol out to the right of the path it showed. i hope I'm explaining this correctly.
Thank you for your help. 
_________________
Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller
|
|
| Back to top |
|
|
pepperpot
Site Admin
User is Offline
Joined: 23 Nov 2006
Posts: 2474
Location: Venezuela
|
| Posted: Wed Feb 13, 2008 9:31 pm Post subject: |
|
|
Hi Linda... glad to have you back 
How are you connected to the Internet... usb port, wireless, eternet... ?
_________________
"Spirituality is not religion, religion divides people. Believing in something unites" |
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Thu Feb 14, 2008 12:21 pm Post subject: |
|
|
Hello Linda,
Enable the viewing of Hidden files by following these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
NOTE: If you reach a step below where you can't access the security website cited, you will need to check your "Hosts" file. The following link gives you instructions on what to do:
http://www.dslreports.com/faq/10131
Follow the instructions given in the link provided above. Then return to whatever step you were in below and continue.
Download VundoFix.exe to your desktop from here:
http://www.atribune.org/ccount/click.php?id=4
Disconnect your computer from the internet. To disconnect from the internet, turn off your wireless router and your modem.
1. Double-click VundoFix.exe to run it.
2. Put a check next to Run VundoFix as a task.
3. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
4. When VundoFix re-opens, click the Scan for Vundo button.
5. Once it's done scanning, click the Remove Vundo button.
6. You will receive a prompt asking if you want to remove the files, click YES
7. Once you click yes, your desktop will go blank as it starts removing Vundo.
8. When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on, and turn your modem and wireless router back on to connect to the internet.
Now, download AVG Anti-spyware 7.5 if you don't have it and save that file to your desktop or in a folder of your choice that you have or create on your C:\ drive, like "My Downloads. Download AVG Anti-spyware 7.5 from here:
http://www.ewido.net/en/download/
Note: This is a 30 day trial of the program. Keep it as a scanner - it will still work as a scanner after 30 days, but the Resident Shield will be disabled at that time.
1. Once you have downloaded AVG Anti-spyware, locate the icon on the desktop or the folder you put it in and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
4. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
5. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
7. Under "Reports" Select "Automatically generate report after every scan"
8. Un-Select "Only if threats were found"
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, as it may interfere with the scanning proccess:
1. Lauch AVG-anti-spyware by double-clicking the icon on your desktop or find it by clicking on Start > All Programs
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG-anti-spyware will now begin the scanning process, be patient as this may take some time.
3. Once the scan is complete do the following:
a. If you have any infections you will prompted, then select "Apply all actions"
b. Next select the "Reports" icon at the top.
c. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file.
d. Close AVG-anti-spyware.
e. Repeat the scans with all of whatever other scanners you have in safe mode (Spybot, Ad-Aware, AVG Anti-virus, asquared, etc.). Fix or delete anything found, reboot your system back into Normal Mode and report your findings.
Once you think that your computer is clean again: Go to the Tutorials Forum and go through the instructions in Sticky #14: Improve Shutdown & Startup Times, & Performance to speed up and improve the performance of your computer.
If it is your husband who is responsible for infecting your computer, don't let him get on it. Tell him to get his own computer. Seems you spend more time trying to clean your computer than anything else. Your anti-malware programs will not protect you against everything. You have to exercise safe internet-surfing practices in order to avoid the problems you seem to be consistently having. I suggest you spend some time going through all the tutorials in the Tutorials Forum that are relevant to Computer Security, and read the posts and stickies in the Computer Security forum to learn about how to avoid getting your computer infected. Seems to me that keeping your husband off your computer would solve most of your problems.
_________________
Repa
Older than dirt!
Last edited by Repa on Thu Feb 14, 2008 12:54 pm; edited 3 times in total |
|
| Back to top |
|
|
willin_601
Royal Geek
User is Offline
Joined: 25 Dec 2006
Posts: 343
Location: Iowa
|
| Posted: Thu Feb 14, 2008 12:47 pm Post subject: |
|
|
|
|
| Back to top |
|
|
willin_601
Royal Geek
User is Offline
Joined: 25 Dec 2006
Posts: 343
Location: Iowa
|
| Posted: Thu Feb 14, 2008 12:57 pm Post subject: |
|
|
| Repa wrote: |
Hello Linda,
Enable the viewing of Hidden files by following these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
NOTE: If you reach a step below where you can't access the security website cited, you will need to check your "Hosts" file. The following link gives you instructions on what to do:
http://www.dslreports.com/faq/10131
Follow the instructions given in the link provided above. Then return to whatever step you were in below and continue.
Download VundoFix.exe to your desktop from here:
http://www.atribune.org/ccount/click.php?id=4
Disconnect your computer from the internet. To disconnect from the internet, turn off your wireless router and your modem.
1. Double-click VundoFix.exe to run it.
2. Put a check next to Run VundoFix as a task.
3. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
4. When VundoFix re-opens, click the Scan for Vundo button.
5. Once it's done scanning, click the Remove Vundo button.
6. You will receive a prompt asking if you want to remove the files, click YES
7. Once you click yes, your desktop will go blank as it starts removing Vundo.
8. When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on, and turn your modem and wireless router back on to connect to the internet.
Now, download AVG Anti-spyware 7.5 if you don't have it and save that file to your desktop or in a folder of your choice that you have or create on your C:\ drive, like "My Downloads. Download AVG Anti-spyware 7.5 from here:
http://www.ewido.net/en/download/
Note: This is a 30 day trial of the program. Keep it as a scanner - it will still work as a scanner after 30 days, but the Resident Shield will be disabled at that time.
1. Once you have downloaded AVG Anti-spyware, locate the icon on the desktop or the folder you put it in and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
4. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
5. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
7. Under "Reports" Select "Automatically generate report after every scan"
8. Un-Select "Only if threats were found"
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, as it may interfere with the scanning proccess:
1. Lauch AVG-anti-spyware by double-clicking the icon on your desktop or find it by clicking on Start > All Programs
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG-anti-spyware will now begin the scanning process, be patient as this may take some time.
3. Once the scan is complete do the following:
a. If you have any infections you will prompted, then select "Apply all actions"
b. Next select the "Reports" icon at the top.
c. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file.
d. Close AVG-anti-spyware.
e. Repeat the scans with all of whatever other scanners you have in safe mode (Spybot, Ad-Aware, AVG Anti-virus, asquared, etc.). Fix or delete anything found, reboot your system back into Normal Mode and report your findings. [/b]
Once you think that your computer is clean again: Go to the Tutorials Forum and go through the instructions in Sticky #14: Improve Shutdown & Startup Times, & Performance to speed up and improve the performance of your computer.
If it is your husband who is responsible for infecting your computer, don't let him get on it. Tell him to get his own computer. Seems you spend more time trying to clean your computer than anything else. Your anti-malware programs will not protect you against everything. You have to exercise safe internet-surfing practices in order to avoid the problems you seem to be consistently having. I suggest you spend some time going through all the tutorials in the Tutorials Forum that are relevant to Computer Security, and read the posts and stickies in the Computer Security forum to learn about how to avoid getting your computer infected. |
Hi Repa
You always help me and give the best instructions possible. You are absolutely right. I can not get my dear husband to understand you can't just go surfing everywhere and you can't click on everything. I spend more time trying to clean up than actually enjoying my time on the pc.
My sister bought me a really nice laptop and he wanted to use it and I let him but told him to just browse ebay which he loves to do. I didn't want to not share but I was afraid this would happen. I DID tell him to get an inexpensive laptop of his own. I had to talk him into it but he got one about 3 weeks ago. i set it up for him and i still advised him to NOT click on everything he sees. As you stated we have to use some common sense and take caution on where we surf. I was reading last night and saw many more stickies and will print them all out and follow your steps and post back. It's nice to be back. If I kept waiting to get through everything and get everything done on my to do list i would never get to be here. I thank Sheila and Fay for encouraging me to just pop in and say hello. that's all it took. God bless you Repa. Thank you too pepperpot.
I may not be able to start this until tomorrow but will post as soon as I follow the steps.
THANK YOU!!
HAPPY VALENTINE'S DAY!! 
_________________
Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller
|
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Thu Feb 14, 2008 1:10 pm Post subject: |
|
|
Linda, here's one other thing to do on your computer and your husband's that will help protect you from bad sites that you may follow a link to:
1. First go to the following link and follow the instructions to backup and check your hosts file. Go through all the instructions given.
http://www.dslreports.com/faq/10131
2. Then, open Spybot and run an update.
3. On the menu bar select Mode > Advanced Mode > Tools.
4. Double click on Hosts File in the large right pane. This will bring up the Hosts File Window.
5. On the Hosts File Window menu bar, click "Add Spybot-S&D hosts list."
6. Close Spybot.
What this does is prevent your computer from going to any of the bad sites that will now be listed (there are many) in your Hosts file, even if you click on a link to any one of them, or put the address in the address bar yourself. This should keep your husband from reaching most of the worst of these kinds of dangerous or risky sites.
_________________
Repa
Older than dirt! |
|
| Back to top |
|
|
willin_601
Royal Geek
User is Offline
Joined: 25 Dec 2006
Posts: 343
Location: Iowa
|
| Posted: Thu Feb 14, 2008 5:16 pm Post subject: |
|
|
Oh thank you repa. I surely will do it for all our computers.
I am getting everything together so I can fix my laptop tonight when my husband goes to bed.
I have another question. I came back to copy and print sticky #14 and it said it was for Windows XP. will the instructions be the same for Vista?
I have windows xp on my desktop and we both have Vista on our laptops.
i wanted to check before I did it. I still have a lot to learn about Vista.
thank you repa
_________________
Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller
|
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Thu Feb 14, 2008 9:31 pm Post subject: |
|
|
| willin_601 wrote: |
Oh thank you repa. I surely will do it for all our computers.
I am getting everything together so I can fix my laptop tonight when my husband goes to bed.
I have another question. I came back to copy and print sticky #14 and it said it was for Windows XP. will the instructions be the same for Vista?
|
I'm not sure how much applies to Vista as I don't have Vista. Here's 3 links that you can go to for the indicated actions. Set a new Restore Point before beginning just in case you mess something up:
Windows Vista Services Configuration: http://www.blackviper.com/WinVista/servicecfg.htm
Windows Vista Tips and Tweaks: http://www.blackviper.com/WinVista/supertweaks.htm
Vista Tips and Tweaks Guide:
http://forum.notebookreview.com/showthread.php?t=166532
I haven't had much time to research this, but the 3 above links look pretty good. Follow the instructions in the above links (you may find that some instructions are being repeated as you go from one link to the other - if you've done it in one of the links, you don't need to do it in any of the others) and see what that does to help speed up performance. Note: in the 3rd link, it talks about shutting off System Restore. Don't do that!
Also, follow steps 6 - 11 in Sticky #14.
As I have time, I'll work up some instructions for Vista based on the links given above. I'll determine what in XP still applies in Vista, and eliminate any redundancy that may be found in the above links. But please, don't hold your breath as it may take a while for me to get around to it. Follow the above 3 links and instructions 6-11 in Sticky #14 for now. Let me know how you progress, and if you run into any problems or instructions that are confusing.
_________________
Repa
Older than dirt! |
|
| Back to top |
|
|
willin_601
Royal Geek
User is Offline
Joined: 25 Dec 2006
Posts: 343
Location: Iowa
|
| Posted: Fri Feb 15, 2008 11:23 am Post subject: |
|
|
Repa,
what can i say...YOUR'E THE BEST!!
I appreciate all you do for not just me but everyone. It's a blessing that you share your wisdom and knowledge with others. I appreciate what everyone does. I wasn't sure when you get online and so i read and posted last night. I was thrilled to see all the different threads we have now.
I really enjoyed the craft and collecting sections.
ok now to print and get busy. I will post back if I run into something I don't understand. Thank you Repa.
_________________
Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller
|
|
| Back to top |
|
|
willin_601
Royal Geek
User is Offline
Joined: 25 Dec 2006
Posts: 343
Location: Iowa
|
| Posted: Sat Feb 16, 2008 1:23 am Post subject: |
|
|
| Repa wrote: |
Hello Linda,
Enable the viewing of Hidden files by following these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
NOTE: If you reach a step below where you can't access the security website cited, you will need to check your "Hosts" file. The following link gives you instructions on what to do:
http://www.dslreports.com/faq/10131
Follow the instructions given in the link provided above. Then return to whatever step you were in below and continue.
Download VundoFix.exe to your desktop from here:
http://www.atribune.org/ccount/click.php?id=4
Disconnect your computer from the internet. To disconnect from the internet, turn off your wireless router and your modem.
1. Double-click VundoFix.exe to run it.
2. Put a check next to Run VundoFix as a task.
3. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
4. When VundoFix re-opens, click the Scan for Vundo button.
5. Once it's done scanning, click the Remove Vundo button.
6. You will receive a prompt asking if you want to remove the files, click YES
7. Once you click yes, your desktop will go blank as it starts removing Vundo.
8. When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on, and turn your modem and wireless router back on to connect to the internet.
Now, download AVG Anti-spyware 7.5 if you don't have it and save that file to your desktop or in a folder of your choice that you have or create on your C:\ drive, like "My Downloads. Download AVG Anti-spyware 7.5 from here:
http://www.ewido.net/en/download/
Note: This is a 30 day trial of the program. Keep it as a scanner - it will still work as a scanner after 30 days, but the Resident Shield will be disabled at that time.
1. Once you have downloaded AVG Anti-spyware, locate the icon on the desktop or the folder you put it in and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
4. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
5. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
7. Under "Reports" Select "Automatically generate report after every scan"
8. Un-Select "Only if threats were found"
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, as it may interfere with the scanning proccess:
1. Lauch AVG-anti-spyware by double-clicking the icon on your desktop or find it by clicking on Start > All Programs
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG-anti-spyware will now begin the scanning process, be patient as this may take some time.
3. Once the scan is complete do the following:
a. If you have any infections you will prompted, then select "Apply all actions"
b. Next select the "Reports" icon at the top.
c. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file.
d. Close AVG-anti-spyware.
e. Repeat the scans with all of whatever other scanners you have in safe mode (Spybot, Ad-Aware, AVG Anti-virus, asquared, etc.). Fix or delete anything found, reboot your system back into Normal Mode and report your findings.
Once you think that your computer is clean again: Go to the Tutorials Forum and go through the instructions in Sticky #14: Improve Shutdown & Startup Times, & Performance to speed up and improve the performance of your computer.
If it is your husband who is responsible for infecting your computer, don't let him get on it. Tell him to get his own computer. Seems you spend more time trying to clean your computer than anything else. Your anti-malware programs will not protect you against everything. You have to exercise safe internet-surfing practices in order to avoid the problems you seem to be consistently having. I suggest you spend some time going through all the tutorials in the Tutorials Forum that are relevant to Computer Security, and read the posts and stickies in the Computer Security forum to learn about how to avoid getting your computer infected. Seems to me that keeping your husband off your computer would solve most of your problems. |
Repa, please advise, I'm stuck 
First, Vista is no way like WindowsXP even in simple things which I guess it would not be since it's a different OS. ANYHOO I could not find how to get into my hidden files per the instructions above. it doesn't say "my computer" like XP. When you double click on computer, it just brings up the drives. If you right click, it just allows you the options of defragging, etc. I spent hours searching for a simple thing. I then clicked on control panel, clicked classic view and clicked on the Folder Options Icon. this brought up the box with the tabs: general, view and search. I clicked view and saw where my hidden files and folders were and selected the radio button and removed the checkmarks on #7 and #8 of the first part of the instructions above. I followed the rest. I typed in the link to download VundoFix.exe. Saved it to my desktop. I disconnected my router and turned off the modem.
I followed step#1, Step #2 and #3 did not appear A box came up and gave me the option of only choosing "Scan for Vundo" and "Remove Vundo" so I clicked on Scan for Vundo. It scanned for a while and went through 2 phases of scanning. At least it showed this as you could see it scanning. It said Phase 1 and later it changed to Phase 2. when it had finished scannning it said "no files were found, VundoFix V6..7.8 will now close" I had to click ok. I then clicked on remove Vundo. 6,7 & 8 did not happen. Nothing happened I can only think that it's because it found no files after it scanned?? the screen did not go blank after I clicked remove Vundo and it never prompted me to shutdown my pc. I sat and watched a show for over 20 minutes and nothing happened. Did I not wait long enough for it to remove it and ask me to shut down my pc??
Before I turned the modem back on and my router, I went to my control panel and clicked on add/remove programs and I did not see Vundo but it was still on my desktop where I saved it.
I made sure I went back and hid my files and folders and rechecked the other boxes that I had unchecked before getting online to post.
I use AVG and it's 7.5 and always updated, I check for updates several times when I'm online. (So I'm good on this part)
I stopped at this point because I'm not sure Vundo did what it was suppose to do and i wasn't sure at what point do I go back to hide files and folders and recheck the 2 boxes in the first part of these instructions???
Is it safe to go online and download the AVG spyware you told me to with with boxes unchecked and files and folders unhidden?
Do I leave them unhidden and checkes removed for the 2 boxes through the rest of the instructions, all the scans in safe mode?
i don't know at what point I am suppose to change these settings back?
I know when I unchecked #8. Remove the checkmark from the checkbox labeled Hide protected operating system files. You get a box that tells you if you change anything it can cause your system to not work or something to that effect. That concerned me.
It was a learning experince to find where I needed to go to even locate the folder and file info, so that was a positive although it took a while but I learned where things were in Vista as it is not like XP.
I don't know if Vundo did what it was suppose to do.
I need to know at what stage of the above instructions, do I go back to change the settings for #6,7 & 8 in the beginning of instructions??
I wanted to say again I did not feel safe leaving them changed to go online and download the AVG spyware.
I hope I remembered everything., It's very late and my head hurts. I am at a stand still until I hear from you.
oh and I only have AVG, ADaware and Spybot. should I download asquared or any or program to use as maintenance like the 3 I do use?
I think that's everything. i wanted to tell you in detail what I did and what happened. I will wait on your reply. Thank you Repa.
I'm sorry I could not start on it sooner. We had errands to run and I have a migraine that wants to cling on. I layed down from 5-8 pm and got back up to eat some soup and get started.
Thank you for your help and patience and the great detailed steps you give, I need them.
_________________
Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller
|
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Sat Feb 16, 2008 11:43 am Post subject: |
|
|
| willin_601 wrote: |
Repa, please advise, I'm stuck
First, Vista is no way like WindowsXP even in simple things which I guess it would not be since it's a different OS. ANYHOO I could not find how to get into my hidden files per the instructions above. it doesn't say "my computer" like XP. When you double click on computer, it just brings up the drives. If you right click, it just allows you the options of defragging, etc. I spent hours searching for a simple thing. I then clicked on control panel, clicked classic view and clicked on the Folder Options Icon. this brought up the box with the tabs: general, view and search. I clicked view and saw where my hidden files and folders were and selected the radio button and removed the checkmarks on #7 and #8 of the first part of the instructions above. I followed the rest. I typed in the link to download VundoFix.exe. Saved it to my desktop. I disconnected my router and turned off the modem.
Linda, I’m sorry about the confusion concerning the Folder Options settings, but as I mentioned before, I don’t have Vista and have never seen it. The way you got to Folder Options through the control panel is one way to do it in WinXP also. Thanks for the feedback on that - I'll take that into account if I ever have to deal with Vista questions again.
I suggest you don’t reset these settings back to what they were because if you have trouble again in the future, you will need to see the hidden files to resolve other problems. Hiding them is just protecting you from yourself, no other reason. I wanted them available, depending on the results you get after running the scans. It is always possible we may have to do manual deletes, and if so, most malware will hide their files and folders, and you need those settings to find them. Having the files and folders unhidden in no way puts your computer at any greater risk. Just leave the settings so you can always see the "hidden" files and folders.
I followed step#1, Step #2 and #3 did not appear A box came up and gave me the option of only choosing "Scan for Vundo" and "Remove Vundo" so I clicked on Scan for Vundo. It scanned for a while and went through 2 phases of scanning. At least it showed this as you could see it scanning. It said Phase 1 and later it changed to Phase 2. when it had finished scannning it said "no files were found, VundoFix V6..7.8 will now close" I had to click ok. I then clicked on remove Vundo. 6,7 & 8 did not happen. Nothing happened I can only think that it's because it found no files after it scanned?? the screen did not go blank after I clicked remove Vundo and it never prompted me to shutdown my pc. I sat and watched a show for over 20 minutes and nothing happened. Did I not wait long enough for it to remove it and ask me to shut down my pc??
Before I turned the modem back on and my router, I went to my control panel and clicked on add/remove programs and I did not see Vundo but it was still on my desktop where I saved it.
The instructions 1 – 8 for running VundoFix.exe assumes that the Virtumonde Trojan is on your machine. The version you downloaded is newer than the one the instructions pertain to. What you did was correct. I am surprised that the scan didn’t find the Trojan – did you have Spybot fix or remove it earlier?
VundoFix.exe is an application that was placed on your desktop, which is a folder like your download folder where you place your downloads. The difference is that the contents are permanently displayed on your desktop - you don't have to go to Windows Explorer and click on the folder to see what's in it. VundoFix.exe is a stand-alone executable application that is not installed on your computer. When you are done with it, you can either delete it from your desktop, or move it to your download folder.
I stopped at this point because I'm not sure Vundo did what it was suppose to do and i wasn't sure at what point do I go back to hide files and folders and recheck the 2 boxes in the first part of these instructions???
Is it safe to go online and download the AVG spyware you told me to with with boxes unchecked and files and folders unhidden?
Do I leave them unhidden and checkes removed for the 2 boxes through the rest of the instructions, all the scans in safe mode?
oh and I only have AVG, ADaware and Spybot. should I download asquared or any or program to use as maintenance like the 3 I do use?
Linda, leave your files and folders unhidden – you don’t need to go back and reset them to hidden. It is ok to go on the internet. Download AVG Anti-spyware per the instructions, and since you don’t have a-squared, download and install that too. You will find the download for a-squared Free 3.1 at:
http://www.emsisoft.com/en/software/download/
Since you asked, another really good program to have for running when you do your maintenance scans is AVG Anti-Rootkit. AVG Anti-Rootkit is a free, powerful tool with state-of-the-art technology for detection and removal of rootkits. Rootkits are used to hide the presence of a malicious objects like trojans or keyloggers on your computer. If a threat uses rootkit technology to hide itself it is very hard to find the malware on your PC. AVG Anti-Rootkit gives you the power to find and delete the rootkit and to uncover the threat the rootkit is hiding. Download it at:
http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0
Do a scan while in Normal Mode. It does not run in Safe Mode.
After you finish all the downloads, installing of the scanners, and updating the scanners for the latest definitions, here’s what I suggest you do:
1. Turn off you modem and router.
2. Set a new restore point.
3. Rerun Spybot as you did before when you found the Trojan and see if it finds it again. If it does, put a check mark in the box beside whatever it finds and click the “Fix selected problems” button on the menu bar and let Spybot try to fix whatever it finds. Then….
4. Continue with the instructions I gave you before, beginning where it says
“Reboot your computer into Safe Mode”
If you find problems in any of the scans, write down or do a screen print of whatever you find and post the results after all scans are complete. Let the scanners "fix" or "delete" whatever they find. Post the results of that too - i.e., did the scanner fix or delete the problems found or not?
If you have any other questions, please post them here.
|
_________________
Repa
Older than dirt! |
|
| Back to top |
|
|
willin_601
Royal Geek
User is Offline
Joined: 25 Dec 2006
Posts: 343
Location: Iowa
|
| Posted: Sun Feb 17, 2008 12:29 pm Post subject: |
|
|
Repa,
I actually understand what you are saying. I must have grown...lol
these were the 3 steps I was wondering when I changed them back:
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. I understand, leave this so it shows the hidden files so we can see them in case we have need depending on what I find.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Is this safe left unchecked while on the internet and leave it unchecked as well as the hidden files?
8. Remove the checkmark from the checkbox labeled Hide protected operating system files. This is the one that concerns me the most because it warns you when you uncheck it, is it to be left unchecked as well as I follow the steps and will it be safe while on the internet?
the one thing that ALWAYS intimidates me is when a program finds something that is in the registry. I think I am looking at it coorectly because like Spybot had this icon and it referred to the registry.
IF, I delete it if it can't fix it, won't this cause problems with the performance of my pc?
Worse case scenario, I do have the recovery discs and a copy of Windows Vista so if it did mess it up, there is still hope because a what I call "A destructive recovery" would fix it by taking it back to factory condition like new..is this correct?
Are there some trogans, viruses, worms, etc that can hide themselves and ARE NOT removable even with doing a recovery???
I just want to ask to learn while on the subject.
I didn't do anything. i wasn't sure what to do with spybot so I closed it out. Probably not a good idea but if it's till there, it will still be here. I didn't do anything because I saw that the file was in the registry. I just installed Spybot because my pc is not working as it should and was so slow. I scanned with all the programs I listed and do those daily and it never finds anything. I am not familiar with Spybot, however I did read the tutorial, twice. I understood what it said but the registry thing still scared me so I didn't do anything until I posted.
I DO have AVG 7.5 on all our pcs and they are always kept updated so I don't have to install it.
Vista is quite different than Windows XP. I learned a lot about Windows Xp and got comfortable with it and all the new pcs have Vista. My sister bought my laptop for me due to my disabilities. it allows me to spend more time because I can sit comfortably and elelvate my legs. However, I do prefer Windows XP over Vista at this point. I do see benefits of having Vista and I'm sure one day I will feel as comfortable with Vista as i do WindowsXP.
Thank you Repa. I'm on to follow through.
God bless you. THANK YOU [/b]
_________________
Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller
Last edited by willin_601 on Mon Feb 18, 2008 12:28 am; edited 1 time in total |
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Sun Feb 17, 2008 5:49 pm Post subject: |
|
|
| willin_601 wrote: |
Repa,
I actually understand what you are saying. I must have grown...lol
these were the 3 steps I was wondering when I changed them back:
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. I understand, leave this so it shows the hidden files so we can see them in case we have need depending on what I find.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Is this safe left unchecked while on the internet and leave it unchecked as well as the hidden files?
8. Remove the checkmark from the checkbox labeled Hide protected operating system files. This is the one that concerns me the most because it warns you when you uncheck it, is it to be left unchecked as well as I follow the steps and will it be safe while on the internet?
Again, Linda, leaving these setting with the files and folders unhidden is OK. They are set that way to protect you from yourself, not from some kind of malware or hacker attack on the internet. If it makes you feel better when you get done with everything, you can set them back to their original setting.
the one thing that ALWAYS intimidates me is when a program finds something that is in the registry. I think I am looking at it coorectly because like Spybot had this icon and it referred to the registry.
IF, I delete it if it can't fix it, won't this cause problems with the performance of my pc?
That is why you set a restore point before you begin procedures like this where changes in the registry are possible. You cannot get rid of malware without taking out the registry entries it creates, as well as the files and folders it creates. If something gets messed up, you can recover back to where you started by restoring to the point you saved. You may have to go into Safe Mode to do it if your system becomes unstable. And, even if - worse case - you can't get to Safe Mode, you still have the option hitting the F8 key during reboot like you were going to go into Safe Mode, but then you choose "Last known good configuration" instead of Safe Mode to continue the reboot. This gives you the last good registry settings where everything worked ok. So you see, you have a lot of built-in redundancy to recover if you make a mistake or something gets messed up while removing malware.
Worse case scenario, I do have the recovery discs and a copy of Windows Vista so if it did mess it up, there is still hope because a what I call "A destructive recovery" would fix it by taking it back to factory condition like new..is this correct?
Are there some trogans, viruses, worms, etc that can hide themselves and ARE NOT removable even with doing a recovery???
Yes, your recovery disk would restore your computer to factory condition. There are some malware that can hide themselves and can only be found with an anti-rootkit program. That is why I suggested you download and run AVG Anti-Rootkit. Most of the time malware can be cleaned from your computer with a variety of anti-malware tools. Sometimes it is difficult, and occasionally you just have to reformat the hard drive and start over. Let's hope that doesn't happen to you.
It is very possible that Spybot detected a "false positive." I have researched to find if there are reports of this since VundoFix.exe didn't find anything. There are reports by others of the problem you are having, and Safer Networking (maker of Spybot) has confirmed that these are false positives. Check the following link out and see if this is what you were getting:
http://89.238.64.41/showthread.php?t=23651
This problem with Spybot should be fixed with the latest updates.
So, here's what I suggest you do:
1. Go ahead and download those scanners that I mention in my other posts (AVG Anti-Spyware, a-squared Free, and AVG Anti-Rootkit), install them, and run updates to get the latest definitions. These are excellent scanners, and you should have them in your anti-malware "toolkit" and run them periodically. BTW, a-squared Free has a "free" resident guard and is an excellent scanner.
2. Set a new restore point.
3. Run an update to obtain the latest definitions for Spybot and then turn off your modem and run Spybot as you did before and see if it still finds the Vitromonde. If it doesn't find it, you can skip running the scanners you downloaded (AVG-Anti-Spyware and a-squared Free), in Safe Mode if you want to, or you can do it just to be sure nothing has been missed - your choice. If Spybot still finds Vitromonde, have Spybot fix or delete it, and then reboot and go into Safe Mode and run it again, along with all the other scanners except AVG Anti-Rootkit. Have the scanners fix or delete whatever they find.
4. Turn your modem back on, reboot and report back to me what you find. If anything is found, be sure to copy files and registry entries found by the scanners exactly. Hopefully, Vitromonde was a false positive and you won't find anything else.
4. Run AVG Anti-Rootkit in Normal Mode just to be sure you don't have any hidden malicious objects on your computer. If it finds anything, have it fix or delete it and report what it found, and the location.
5. When you think your system is clean, do the Windows tweaks and tuning tips listed in Sticky #14: Improve Shutdown & Startup Times, & Performance in the tutorials forum to speed up and improve the performance of your computer. Remember to use the links I gave you to augment those instructions since you have Vista and those instructions are for XP. Here's the 3 links that you can go to for the indicated actions for Vista. Set a new Restore Point before beginning just in case you mess something up:
Windows Vista Services Configuration: http://www.blackviper.com/WinVista/servicecfg.htm
Windows Vista Tips and Tweaks: http://www.blackviper.com/WinVista/supertweaks.htm
Vista Tips and Tweaks Guide:
http://forum.notebookreview.com/showthread.php?t=166532
And, don't forget to do your Hosts File!
I would suggest that you check for updates weekly for all your scanners, and try to run each of them weekly in Safe Mode if you have the time. AVG Anti-Rootkit doesn't change very often, but check it anyway and run it once weekly in Normal Mode. It will not run in Safe Mode.
|
_________________ Repa
Older than dirt! |
|
| Back to top |
|
|
willin_601
Royal Geek
User is Offline
Joined: 25 Dec 2006
Posts: 343
Location: Iowa
|
| Posted: Mon Feb 18, 2008 12:24 am Post subject: |
|
|
Hi Repa
this is where I'm at so far. I ran spybot again and it still showed Vitromonde so I clicked on fix and it did but just to be sure. I ran it again and it was gone. Nothing was found.
I saved AVG rootkit and then tried to run it it and it said "the installer you are trying to use is corrupted or incomplete. It said a few other things but I deleleted it and tried to save it again and run and got the same thing. I tried a 3rd time and then noticed in red, system requirements. I looked at requirements in red on the site for AVG rootkit, free version and it is not compatible with Vista so I'm sure that is why I got the message. It had red x's by Vista OS. So I can't use this rootkit on Vista. Are there any other rootkit programs that are trusted and good that are free?
I did so many things over and over that I messed up on the instructions a tad. I'm sorry. I saved and ran AVG Spyware, I updated it first but, I missed steps #5, 6, 7 and 8 from your first original post at the very top regarding AVG Spyware. I don't know how I did this. i was cooking supper and running the scans inbetween and it's just been an upsetting day for me in general, I just messed up. It did find some med risks tracking cookie items and a high risk dropper.small. the action it had listed to next was "delete" next to all tracking cookies and it had "taking action" next to the dropper.small. I clicked on "apply all actions" at the bottom and it gave me a pop up box that gave me the entire path and name of the exe file and said it could not be quarantined because it is embedded in the archive file. It repeated the path name and asked if I wanted to quarantine the whole archive and gave me 4 choices to click on"
1-yes
2-yes to all
3-no
4- no to all
I am so tired that I believe I clicked NO. In any case, I ran AVG Spyware again and followed the instructions this time and changed the things you listed in the beginning instructions that I missed #5, 6, 7 & 8 and it still said the same thing minus the med tracking cookies as it deleted them. teh dropper.small is still there. I did take screen shots but I don't know how to post them on the forum. I saved them in a word document.
Everything is slow. Like on this forum, when I click on a thread, I have to watch the green bar feel up slow before bringing that thread up and it does the same on my craft forum and it's small. Everything is slow. could this dropper.small be part of that?
I ran a square and found nothing. I ran AVG antivirus and found nothing. I ran spybot again and found nothing once it fixed Vitrumonde. I think I spelled that wrong. the only thing I'm showing now is this Dropper.small when I ran AVG spyware. [b]How do I get rid of this?
have not gone to the latter steps in #14 tutoruial yet because pc is nto clean yet.
[b] Is it possible that I may have remnants of Symantec on my pc that is interfering with AVG Antivirus? By this I mean when I got the laptop I knew I DID NOT want to use the 90 free trial period of Norton so I immediately went into my control panel, remove programs and deleted Norton. I remember seeing Symantec too I THINK and can't remember if I removed it or not. I know when I was using Norton that I paid for on my desktop and wanted to uninstall it, it kept giving me problems and I contacted them and they sent me instructions and it removed Norton and Symantec files as well. I don't see either in my programs when I went back to uninstall programs. I just wonder if I DID delete Symantec and it is now interfering with my system working properly? 
I would like to learn how to show a pic of the screenshot I took and saved in a word document like Sheila showed for her screenshots and what do I do now?
I ran the scans more than once as I stated above. I ran them all in safe mode and ran them again in normal mode. My hidden files and folders are still showing but I have trouble finding files so when I ge this fixed, i will hide them again just to protect them from ME..lol I rather be safe than sorry and I know how to change it when needed now.
My eyes are tired and so am I. I need to get in bed. we had a major winter storm here, freezing rain all night, then sleet and then lots of wet snow and high winds. Winds are roaring now. I think we now have 4 ft of snow just from the last 3 times and more to come this week. It's been a very active winter here. Sorry, I am tired and rambling.
I will wait on further instructions from you Repa. Thank you.
_________________
Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller
|
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Mon Feb 18, 2008 8:50 am Post subject: |
|
|
[quote="willin_601"]I saved AVG rootkit and then tried to run it it and it said "the installer you are trying to use is corrupted or incomplete.
Sorry, Linda, I'm so used to WinXP that I forgot to check the system requirements for AVG Anti-rootkit. There is another one, I'll tell you later as I don't have much time right now.
I saved and ran AVG Spyware.... It did find some med risks tracking cookie items and a high risk dropper.small. the action it had listed to next was "delete" next to all tracking cookies and it had "taking action" next to the dropper.small. I clicked on "apply all actions" at the bottom and it gave me a pop up box that gave me the entire path and name of the exe file and said it could not be quarantined because it is embedded in the archive file. It repeated the path name and asked if I wanted to quarantine the whole archive and gave me 4 choices to click on"
1-yes
2-yes to all
3-no
4- no to all
I am so tired that I believe I clicked NO. In any case, I ran AVG Spyware again and followed the instructions this time and changed the things you listed in the beginning instructions that I missed #5, 6, 7 & 8 and it still said the same thing minus the med tracking cookies as it deleted them. teh dropper.small is still there. I did take screen shots but I don't know how to post them on the forum. I saved them in a word document.
Linda, dropper.small is a dangerous backdoor trojan. As a precaution, if you do any banking or have a paypal account with ebay or any other financial institution, stop using this computer for any such activities immediately! Contact your financial institution(s) for any unusual activity on your accounts that wasn't initiated by you.
I want you to run AVG Anti-Spyware again in Safe Mode and this time allow it to quarantine the entire archive. Choose Yes or Yes to All in whatever selections you are given. I want you to write down the exact, full path of dropper.small that AVG Anti-Spyware gives you and post it here. I will give you further instructions later today.
_________________
Repa
Older than dirt! |
|
| Back to top |
|
|
|
|
|
|
|
|
All times are GMT - 7 Hours
Goto page 1, 2, 3, 4, 5, 6, 7, 8 Next
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Affiliates and Friends:
    
  
| |
|
