Computer Virus - any ideas?
#1
Account Closed
Thread Starter
Joined: Jul 2003
Posts: 853
Computer Virus - any ideas?
My husband's computer has picked up a virus(trojan we think). We took the computer in to the local computer tech shop after failing to eliminate it. They kept it for 2 days. The computer is still in the same state when he started it up this morning. I wonder if any of the computer experts out there can throw any light. Here are the details husband passed to me:
"About 20 minutes after starting computer, even after no activity a Red x on yellow shield at
right button bar appears.
Yellow balloon over this says Your Computer might be at risk...(etc)
When clicking on the button one of two things happens
1. An official looking box headed "Windows Security Center" opens saying: Warning: Windows
Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information such as credit card numbers, electronic mail accounts financial data or passwords. Do you want to learn how to protect your computer? yes and no buttons.
No shuts it off. but it returns later. Yes takes it to a download option for a file named
chmhelp.chm
2. Browser opens directly and the download option for file named chmhelp.chm.
info on web page
http://www3.ca.com/securityadvisor/v....aspx?id=43005
scan results this morning after return from the Tech Shop:
Scan Results: 61080 files scanned. 8 viruses were detected.
File Infection Status Path
ntud32.exe Win32.Winshow.CZ cannot delete C:\WINDOWS\system32\
rmmzzy.dat Win32.Winshow.CZ deleted C:\WINDOWS\
atljo.exe Win32.Winshow.CY cannot delete C:\WINDOWS\
qydose.dat Win32.Winshow.CY deleted C:\WINDOWS\
djyzjy.dat Win32.Winshow.CY deleted C:\WINDOWS\
vkqmei.dat Win32.Winshow.CZ deleted C:\WINDOWS\
applq32.exe Win32.Winshow.CY deleted C:\WINDOWS\
FILE0000.CHK Win32.Winshow.CZ deleted C:\FOUND.018\ "
We are going out just now, so won't be able to respond to any suggestions for a few hours . Thanks in advance!
I
"About 20 minutes after starting computer, even after no activity a Red x on yellow shield at
right button bar appears.
Yellow balloon over this says Your Computer might be at risk...(etc)
When clicking on the button one of two things happens
1. An official looking box headed "Windows Security Center" opens saying: Warning: Windows
Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information such as credit card numbers, electronic mail accounts financial data or passwords. Do you want to learn how to protect your computer? yes and no buttons.
No shuts it off. but it returns later. Yes takes it to a download option for a file named
chmhelp.chm
2. Browser opens directly and the download option for file named chmhelp.chm.
info on web page
http://www3.ca.com/securityadvisor/v....aspx?id=43005
scan results this morning after return from the Tech Shop:
Scan Results: 61080 files scanned. 8 viruses were detected.
File Infection Status Path
ntud32.exe Win32.Winshow.CZ cannot delete C:\WINDOWS\system32\
rmmzzy.dat Win32.Winshow.CZ deleted C:\WINDOWS\
atljo.exe Win32.Winshow.CY cannot delete C:\WINDOWS\
qydose.dat Win32.Winshow.CY deleted C:\WINDOWS\
djyzjy.dat Win32.Winshow.CY deleted C:\WINDOWS\
vkqmei.dat Win32.Winshow.CZ deleted C:\WINDOWS\
applq32.exe Win32.Winshow.CY deleted C:\WINDOWS\
FILE0000.CHK Win32.Winshow.CZ deleted C:\FOUND.018\ "
We are going out just now, so won't be able to respond to any suggestions for a few hours . Thanks in advance!
I
#2
Guest
Posts: n/a
Re: Computer Virus - any ideas?
Reformat the bugger and resinstall windows (and everything else)
#3
Country Member
Joined: May 2003
Location: Moved from Georgetown to Round Rock, Texas. 15 miles closer to civilization.
Posts: 936
Re: Computer Virus - any ideas?
Originally Posted by ImHere
Reformat the bugger and resinstall windows (and everything else)
#4
Guest
Posts: n/a
Re: Computer Virus - any ideas?
Originally Posted by g1ant
Don't give up your day job. :scared:
#5
Re: Computer Virus - any ideas?
Try doing a system restore (programs-accessories-system tools-system restore) to a time before you picked up the virus.
or this is the uninstaller for winshow http://www.spyany.com/program/articl...m_Winshow.html
but I can't vouch for the damage that might occur by running it
or this is the uninstaller for winshow http://www.spyany.com/program/articl...m_Winshow.html
but I can't vouch for the damage that might occur by running it
Last edited by vegas; Jul 15th 2005 at 6:45 pm.
#6
Re: Computer Virus - any ideas?
Login in safe mode and run a full virus scan.
Running safe mode will ensure that certain processes are not running.
Whichever virus software you run, tell it to delete infected files and NOT quarantine. Nortan has a habit of creating a bigger mess if you quarantine. Just delete all infected files.
Failing that, take ImHere's advice. Back up anything important and then reformat and reinstall. Just make sure you don't back up any infected files else your problem will come back.
Running safe mode will ensure that certain processes are not running.
Whichever virus software you run, tell it to delete infected files and NOT quarantine. Nortan has a habit of creating a bigger mess if you quarantine. Just delete all infected files.
Failing that, take ImHere's advice. Back up anything important and then reformat and reinstall. Just make sure you don't back up any infected files else your problem will come back.
#7
Forum Regular
Joined: Apr 2004
Location: Austin, TX
Posts: 169
Re: Computer Virus - any ideas?
They must be a pretty incompetent lot down at the computer store. I hope you didn't pay them anything!
You are correct, you have a trojan.
This one, probably:
http://securityresponse.symantec.com...ndspyware.html
Print out the instructions from the link above.
The fact that you have the yellow shield in your taskbar means that you have Symantec's Norton Antivirus installed. I'd run it, set LiveUpdate to On, download all latest virus definitions and perform a full system scan.
Then follow the instructions you printed out to (hopefully) delete the virus.
Then download the free application Ad-Aware from Lavasoft and run that too,
Then download Spybot Search and Destroy (also free) from here: http://www.safer-networking.org/en/download/index.html and run that.
Then report back with progress!
PM me if you get stuck.
You are correct, you have a trojan.
This one, probably:
http://securityresponse.symantec.com...ndspyware.html
Print out the instructions from the link above.
The fact that you have the yellow shield in your taskbar means that you have Symantec's Norton Antivirus installed. I'd run it, set LiveUpdate to On, download all latest virus definitions and perform a full system scan.
Then follow the instructions you printed out to (hopefully) delete the virus.
Then download the free application Ad-Aware from Lavasoft and run that too,
Then download Spybot Search and Destroy (also free) from here: http://www.safer-networking.org/en/download/index.html and run that.
Then report back with progress!
PM me if you get stuck.
Originally Posted by Dimsie
My husband's computer has picked up a virus(trojan we think). We took the computer in to the local computer tech shop after failing to eliminate it. They kept it for 2 days. The computer is still in the same state when he started it up this morning. I wonder if any of the computer experts out there can throw any light. Here are the details husband passed to me:
#8
Re: Computer Virus - any ideas?
Does this look familiar
http://sarc.com/avcenter/venc/data/adware.livechat.html
Have you got an out of date anti-virus system
Or as britdrinker says..
http://sarc.com/avcenter/venc/data/adware.livechat.html
Have you got an out of date anti-virus system
Or as britdrinker says..
#9
Re: Computer Virus - any ideas?
Computer Cops is a good forum to ask questions on. Many a time we've got out of a scrape thanks to them.
#10
Account Closed
Thread Starter
Joined: Jul 2003
Posts: 853
Re: Computer Virus - any ideas?
Oh, thanks guys!! Just got in and read through the messages.
I'mHere: Thanks, yes, that will probably be what has to be done. We'll try anything else first though.
Vegas: thanks for the link - seems a little risky - but will keep that in mind .
Rincewind - He has tried to get into safemode, but system automatically selects to "Boot by floppy" which is not how it was set. Virus seems to have infected that too, and changed the setting.
Britdrinker: Many thanks. Agreed, computer shop is incompetent and will get told as much, if not by husband, then by me !! The snag in all this is that husband uses McAfee not Norton. the shield which comes up is part of the Microsoft Security Centre - a red shield with a white X.
So sadly the links you kindly gave will not be appropriate as they refer to Symantec. We will search for similar info for McAfee, and if not found will PM you. Thanks again for helping.
Ray: Yes, McAfee is thoroughly up to date. The warnings etc shown on your link do look familiar, but again refers to Symantec (I think) Will look at it again in more detail, as have skimmed through all, and husband will look now, himself.
Thanks again. Will let you know of any success (or not!)
I'mHere: Thanks, yes, that will probably be what has to be done. We'll try anything else first though.
Vegas: thanks for the link - seems a little risky - but will keep that in mind .
Rincewind - He has tried to get into safemode, but system automatically selects to "Boot by floppy" which is not how it was set. Virus seems to have infected that too, and changed the setting.
Britdrinker: Many thanks. Agreed, computer shop is incompetent and will get told as much, if not by husband, then by me !! The snag in all this is that husband uses McAfee not Norton. the shield which comes up is part of the Microsoft Security Centre - a red shield with a white X.
So sadly the links you kindly gave will not be appropriate as they refer to Symantec. We will search for similar info for McAfee, and if not found will PM you. Thanks again for helping.
Ray: Yes, McAfee is thoroughly up to date. The warnings etc shown on your link do look familiar, but again refers to Symantec (I think) Will look at it again in more detail, as have skimmed through all, and husband will look now, himself.
Thanks again. Will let you know of any success (or not!)
#11
Guest
Posts: n/a
Re: Computer Virus - any ideas?
Originally Posted by Dimsie
Oh, thanks guys!! Just got in and read through the messages.
I'mHere: Thanks, yes, that will probably be what has to be done. We'll try anything else first though.
Vegas: thanks for the link - seems a little risky - but will keep that in mind .
Rincewind - He has tried to get into safemode, but system automatically selects to "Boot by floppy" which is not how it was set. Virus seems to have infected that too, and changed the setting.
Britdrinker: Many thanks. Agreed, computer shop is incompetent and will get told as much, if not by husband, then by me !! The snag in all this is that husband uses McAfee not Norton. the shield which comes up is part of the Microsoft Security Centre - a red shield with a white X.
So sadly the links you kindly gave will not be appropriate as they refer to Symantec. We will search for similar info for McAfee, and if not found will PM you. Thanks again for helping.
Ray: Yes, McAfee is thoroughly up to date. The warnings etc shown on your link do look familiar, but again refers to Symantec (I think) Will look at it again in more detail, as have skimmed through all, and husband will look now, himself.
Thanks again. Will let you know of any success (or not!)
I'mHere: Thanks, yes, that will probably be what has to be done. We'll try anything else first though.
Vegas: thanks for the link - seems a little risky - but will keep that in mind .
Rincewind - He has tried to get into safemode, but system automatically selects to "Boot by floppy" which is not how it was set. Virus seems to have infected that too, and changed the setting.
Britdrinker: Many thanks. Agreed, computer shop is incompetent and will get told as much, if not by husband, then by me !! The snag in all this is that husband uses McAfee not Norton. the shield which comes up is part of the Microsoft Security Centre - a red shield with a white X.
So sadly the links you kindly gave will not be appropriate as they refer to Symantec. We will search for similar info for McAfee, and if not found will PM you. Thanks again for helping.
Ray: Yes, McAfee is thoroughly up to date. The warnings etc shown on your link do look familiar, but again refers to Symantec (I think) Will look at it again in more detail, as have skimmed through all, and husband will look now, himself.
Thanks again. Will let you know of any success (or not!)
Well good luck. Suprisingly a reformat isnt as painful as it seems as long as you cut a CD with all your docs and any other data you need. (as Rince says make sure nothing you back up is infected)
I find after a reformat I can be pretty much up and running per normal within half day. And the pc will run like a new machine afterwards.
#12
Re: Computer Virus - any ideas?
Originally Posted by ImHere
Well good luck. Suprisingly a reformat isnt as painful as it seems as long as you cut a CD with all your docs and any other data you need. (as Rince says make sure nothing you back up is infected)
I find after a reformat I can be pretty much up and running per normal within half day. And the pc will run like a new machine afterwards.
I find after a reformat I can be pretty much up and running per normal within half day. And the pc will run like a new machine afterwards.
#13
Re: Computer Virus - any ideas?
Originally Posted by Dimsie
the shield which comes up is part of the Microsoft Security Centre - a red shield with a white X.
I'm going to go out on a limb here and say you don't have a virus and are just simply getting messages saying you MAY have one as you need software to combat them. Maybe just adds.
I turned all my auto updates off for XP as I don't want SP2 screwing up my machine. I depend on it too much.
Like I say, I bet you don't have one if McAfee (crap by the way) is up to date. It's just a scare tactic to get you to update things.
#14
Re: Computer Virus - any ideas?
bunch of ****ing geeks!
take it to best buy let them sort it out!
take it to best buy let them sort it out!
#15
Account Closed
Thread Starter
Joined: Jul 2003
Posts: 853
Re: Computer Virus - any ideas?
Originally Posted by rincewind
Personally, I think you may not have a Virus and the shield sounds like the update centre for XP and not a Virus thing.
I'm going to go out on a limb here and say you don't have a virus and are just simply getting messages saying you MAY have one as you need software to combat them. Maybe just adds.
I turned all my auto updates off for XP as I don't want SP2 screwing up my machine. I depend on it too much.
Like I say, I bet you don't have one if McAfee (crap by the way) is up to date. It's just a scare tactic to get you to update things.
I'm going to go out on a limb here and say you don't have a virus and are just simply getting messages saying you MAY have one as you need software to combat them. Maybe just adds.
I turned all my auto updates off for XP as I don't want SP2 screwing up my machine. I depend on it too much.
Like I say, I bet you don't have one if McAfee (crap by the way) is up to date. It's just a scare tactic to get you to update things.
It seems that way, and yet the stuff it wants him to download is not microsoft stuff. And his computer seems to be affected in other ways too - eg can't boot up in safe mode.
I suppose there could be 2 problems.
Anyway, we shall leave it for tonight and look again tomorrow. Thanks again for your help ....much appreciated.