01-06-2008, 09:45 PM
|
#1
|
|
Powerplay Quarterback
Join Date: Mar 2004
Location: Portland, OR
|
Spyware/Virus Issue
I woke up this morning and found my computer acting very odd. I ran AdAware and it found 13 trojan horses along with a bunch of other stuff. I had the program take care of those, but there is still something seriously wrong and I'm not sure how to go about fixing it.
First, there is a yellow triangular sign with an exclamation mark in the system tray that repeatedly pops up with a balloon saying:
"Windows Antivirus.
Spyware detected. Click here to download the most up-to-date spyware removal software."
It's paraphrased, but that's the jist of it. I know it's fishy, because when I hover the mouse over that icon, it says "Windows Security Allert." Learn to spell hackers... I recently got rid of it temporarly by picking off processes one by one in the task manager, but I'm not sure which one it was. Of course, it will almost assuredly be back when I restart the computer.
Secondly, and this is the real bad one, I'm using WinXP and I'm the sole user of the computer. As such, there is only one user account; mine, and it's admin account. However, something has now made my account act like a guest account. I could not access anything of use on the control panel, like System Properties, Add/Remove Programs or antyhing of the sort. On my most recent restart, the control panel has completely disappeared. I cannot access from the start menu or windows Explorer, and yes, I do have the option "Show Control Panel in My Computer" on (option is in Windows Explorer). Now, I do not have anti-virus software. I was using Avast (an online, active scanner) but it's since been disabled. I have tried using the online scan at Trend Micro but the last time I tried, it stoppped about halfway through it.
Thirdly, and this is of minor importance, my desktop instead of having Flames Wallpaper, now has what looks like an error message, stating "Active Desktop has encountered an error" with some troubleshooting suggestions.
Anyone have ideas on what I can do to remedy this?
|
|
|
|
01-06-2008, 09:52 PM
|
#2
|
|
Threadkiller
Join Date: Oct 2003
Location: 51.0544° N, 114.0669° W
|
Try restarting in safe mode, and see if you are able to get more details. I think I know which virus you picked up and it is nasty! I worked on a friends computer over an entire weekend - the end of it was I had to remove his HD, and install it into another computer to scan it.... If you get the exact phrase of what the taskbar message and program name says, you can google it and get the help you need, but you will probably have to do what I did and install it into another computer...
As far as the account thing, it seems like the virus has gotten hold of your admin privleges to keep you out.
The active desktop thing is not an issue right now, its there, but your system is messed up, thats why its showing. Dont worry about it right now.
Once you get everything sorted, dont disable your antivirus! Use AVG free and Avast when you want to scan online. There are lots of good spyware progs you should be using too, such as Spyware terminator and spybot
|
|
|
|
|
01-06-2008, 09:58 PM
|
#3
|
|
Threadkiller
Join Date: Oct 2003
Location: 51.0544° N, 114.0669° W
|
Also, I dont think you would be able to, but if you DO get in, try and run a system restore back to a date before all this happened...
|
|
|
|
|
01-06-2008, 11:30 PM
|
#4
|
|
Atomic Nerd
Join Date: Jul 2004
Location: Calgary
|
The active desktop is an issue. What's happened is that Spyware has hijacked your computer. The yellow triangle in your tray warning you of spyware is spyware itself trying to fool you into downloading more bogus anti-spyware software. That your desktop is even in active desktop mode means that some spyware has tried to turn your desktop to direct http feed to something without you knowing it, which could transmit more spyware to your computer or simply broadcast anything it wants on your desktop without you knowing it.
First thing, get combofix and run it, this is a serious tool though without much of an interface, it's mostly command prompt, but I can't recommend it enough for serious issues
http://freewarewiki.com/ComboFix
Next thing, get spybot S&D and immunize right away, then scan and fix:
http://www.safer-networking.org/index2.html
These should take care of your problems, if not come back to CP. Straight antivirus's are not really neccessary these days, most issues are purely spyware related or within the domain of free programs that will take care of both.
Last edited by Hack&Lube; 01-06-2008 at 11:35 PM.
|
|
|
|
|
01-08-2008, 06:04 PM
|
#5
|
|
Powerplay Quarterback
Join Date: Mar 2004
Location: Portland, OR
|
Update:
Well, i finally got the TrendMicro scan to finish and it found 18 more infections. I think I got them all. I'm not having the spyware system tray thing pop up anymore, but I still cannot access the control panel. If this helps, these were some of the files that I needed to can (All were the c:\windows directory):
shell.exe
\system32\spoolvs.exe
\avp.exe
\mgrs.exe
\xpupdate.exe
\Temp\win6f.exe
I'm not done tinkering, and I will try some of the suggestions here to see if I can fix the admin problem.
Re: System Restore... I tried this, and unfortunately, I had no restore point aside from one that was after the bugs hit.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 06:51 AM.
|
|
