Welcome Guest [Log In] [Register]
Thanks for checking out our board!

You are currently viewing our forum as a guest. This means you are limited to reading the board and there are features you can't use, such as posting or viewing member profiles.

If you join our community (or log in, if you're already a member), you'll be able to access member-only features such as creating a profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.

Sorry that we have to require registration, but it keeps out the hit-and-run spammers.

Join us!

If you're already a member please log in to your account to access all of our features.

Username:   Password:
Add A Reply
BIG-G-G-G PROBLEM!; i need you techies!
Topic Started: January 3, 2009, 9:35 am (54 Views)
Blue Phoenix
Member Avatar
Administrator-For-Life!
ooookay... somehow, a trojan got on my computer. *grumble*

Last night i got a Windows notification that no firewall was turned on, which was suspicious. Then other things started to happen, like, a very convincing window telling me i had a virus, click here to begin cleaning. i clicked the red delete 'X' and another window popped up, also convincing. i clicked "no" and things continued to happen on their own, with new windows opening. It was the beginning of the trap! It was one of those viruses that, no matter what you click, it starts the infiltrating programs running... a 'clicker' virus!

i did a control-alt-delete to open the window where you can highlight and delete windows and programs that are not responding, and i deleted the unwanted windows. Then i opened my antivirus (free AVG) and started it running. AVG immediately told me i had "trojan horse clicker.VSE" at c:\\windows\system32\prunnet.exe . i let the antivirus continue checking, and it found FIFTEEN spots where that damn trojan had set itself up, all in system32 or in \local settings\ or in 'temp' or 'temp files'.

While the antivirus was checking the computer, at random intervals more "click here for cleaning" and even a "this is a legal document. if you click here, you are liable for payment for cleaning..." window from "powerfulvirusremover2008.com" came up as well as one or two others. i deleted them as they popped up, through the control-alt-delete window. At least i got that part right, lol!




Well, i've been really tired lately, and by now it was 1:30am, and i THINK there was a button to just 'clean' the viruses, but i clicked "quarantine uncleaned virus" or something close to that (which i think was a mistake)...

all 15 places that noted the trojan were moved, except two trojans that had the words "reboot to finish" in my AVG window. So i did...




...and when the computer rebooted, everything booted up normally, the icons appeared on my desktop, the bar at the bottom of the screen started to show running icons... and then everything disappeared! All i had was the background picture, as if my screen were a photo frame! No icons, no bar! The icons flickered on again, then disappeared again, and that's how it stayed.

my son (damn kids know everything! and yeah, he was still up in the middle of the night, of course) says system32 is one of the really important sections, lol. i think i quarantined parts of it!

i rebooted again, and this time i clicked on an internet window and found (it looks like) everything is still in the computer, i just don't have any way to navigate to it. i turned off the computer and prayed, lol. i needed sleep.

well, sleep helps, not that i got much (i hate aggravation) and this morning i clicked for several windows (BC, c:drive, Outlook) and got responses (except i lowered the windows to get to this one, and without the bar on the bottom i can't bring them back up, LOL) so i would say everything IS still there. After i clicked for several windows, the icons winked on/off around 6 times instead of only twice, so it's trying to be 'normal' again, and here i am!



i also got into my program list long enough to see there's a 'virus vault' in AVG, so i'll start there and see if it will let me clean and return anything.

if not, i'm stuck, bigtime. i don't want to reformat the hard drive. That's a MAJOR pain in the butt. And it looks like everything is there, i just can't navigate, as i said.






any techies out there?
Posted Image
Come with me and you'll be in a World of Pure Imagination
Offline Profile Quote Post Goto Top
 
Blue Phoenix
Member Avatar
Administrator-For-Life!
...gee, thanks for all the responses! :p


to let you know, here's the end of the story! (i hope!)

what started this was when a VERY convincing window popped up that said my firewall was turned off. this window has the usual buttons to turn several things on and off, and i clicked it to turn the firewall back on, but what i actualy did was turn the firewall OFF and let the virus in (i'm told).




My tech support finally called back, and he showed me how to use the Start-Run-CMD prompt to copy my Favorites, Desktop icons, and Outlook to my spare harddrive. that command is outside Windows, and it worked fine.

Then he gave me a website to go to in order to download a malware-checking tool, but this trojan was smart, it wouldn't let me go to microsoft.com, any antivirus sites, or to this site either, so i had to go to my son's computer and download the malware-checker to a flash drive, then get it to start in between the many flashes of my desktop icons appearing and disappearing!

About 5 minutes into the check, the screen froze and so did the flashing icons and the viruschecker; i had to reboot and repeat the process, this time it ran all the way through!

When AVG had checked for infected files, it found 15. This program found 23!!! And after i clicked to remove them all, MY COMPUTER WORKED FINE!!!

HALLELUIAH!!!



i would suggest you guys DL this to your desktop, and ALSO put it on a flash drive, in case things ever get as bad for you as they did for me. Our next step was going to be using the rescue disk and starting over, losing everything on my harddrive, and that would have been a BIG pain in the Royal...

download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

keep that download safe somewhere, you may need it! My tech support says they've been running into this trojan for MONTHS and most of the time they have to wipe the hard drive...

oh, by the way, the name of the site that was trying to get my credit card number was powerfulvirusremover2008(dot)dom, and two of the infected files said

Rogue.Virus Remove HKEY_CURRENT_USER\SOFTWARE\virusremover2008 perhaps that was the removal tool this ripoff site would have used to cure my machine for a steep price (and steal my credit card number too)?


Posted Image
Come with me and you'll be in a World of Pure Imagination
Offline Profile Quote Post Goto Top
 
Blue Phoenix
Member Avatar
Administrator-For-Life!
hmmm... maybe Holy was right about it being AIM that caused my problem. i turned on AIM tonight and this is what i saw:





AIM may have encountered a problem loading AIM plugins.

AIM recommends you sign in with AIM Plugins disabled (Safe Mode). You will still be able to IM your Buddies.

X Disable AIM Plugins



AIM is now in "Safe Mode'; this means you will be unable to use AIM Plugins. To find out which plugin(s) are causing the problem, try deactivating any plugins you may have recently installed or updated and restarting AIM.

AOL Radio
AOL Mobile
Mail
Games.com
AIM chat
Notes

i never used any of those things... and never wanted them on. wtf?



Posted Image
Come with me and you'll be in a World of Pure Imagination
Offline Profile Quote Post Goto Top
 
Blue Phoenix
Member Avatar
Administrator-For-Life!
update on the trojan:

Before i went to sleep, i ran my new Malwarebytes software on a full scan, telling it to check all three drives i have on this machine, plus the flash drives i had stored some of my computer files on. Before i left, a window popped up "Virus Found Fake Alert" and a button to move it to the vault. So i clicked it, then wondered if that was the right thing to do, not knowing for sure if it was an alert from Malwarebytes or another ruse from the trojan (ACK!). That's when i noticed the Malwarebytes said to not do ANYthing till it was done checking and had a report to offer.

When it was done checking, it said there was ONE trojan hiding and i quarantined that too, then did ANOTHER full scan to see if i had made a mistake earlier, but the entire system shows clear this time, so i started my AVG antivirus search and neither program reports a problem.

i HAD noticed that there were two fewer icons on my desktop, and the Malwarebytes log says they were a Rogue.installer i don't remember those on my desktop, but the name of the site was familiar... maybe those two icons were masquerading. Anyway, they're quarantined.

Maybe i'm clear now.


Posted Image
Come with me and you'll be in a World of Pure Imagination
Offline Profile Quote Post Goto Top
 
LightSlayer
Member Avatar
Screaming Naked Hot Stuff!!! (Emoticon Guru)
Lets hope so. I HATE computer problems, I'm glad you've gotten it worked out so far.
"I reject your reality, and substitute my own!" ~Adam Savage
Posted Image
Offline Profile Quote Post Goto Top
 
Blue Phoenix
Member Avatar
Administrator-For-Life!
THAT was a real pain in the rump, but so far, so good!


Posted Image
Come with me and you'll be in a World of Pure Imagination
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · The Road Less Travelled · Next Topic »
Add A Reply