Virus Alert!

captain_70s

Forum Addict
Joined
Aug 6, 2008
Messages
6,531
Location
Glasgow, Scotland
Car(s)
Three Triumphs and a Volvo estate
Right my computer is playing up, again.

It starts and runs seemingly fine but IE and Firefox windows keep opening up on their own accord, I'm getting pop up windows for advertising and links from Google are re-directing to shitty scam websites.

I've ran AVG and Avira but they can't find anything, Spybot won't start, and its website is blocked so I can't reinstall it.

Any ideas?
 
It's hard to tell exactly what it is at this point, but try this first:
MalwareBytes It is good against worms and some trojans.

If it doesn't help, we'll pull out the big guns.
 
crapcleaner and malwarebytes
 
If you have another computer, use it to get the .exe for Malwarebytes Anti-Malware. Put it on a thumb drive or something and rename it to something like "cats.exe". Install it (remember to disable autorun before putting the thumb drive in the infected PC so the thumb drive isn't infected), try to get the latest updates and run a full scan. Malwarebytes tends to be good at picking up stuff other AVs miss. The renaming helps it to get past the blocking scripts in the virus (if there is one)

Also, check out some dedicated sites like bleepingcomputer.com- they have dedicated members who will help you step by step with an issue.
 
It's hard to tell exactly what it is at this point, but try this first:
MalwareBytes It is good against worms and some trojans.

If it doesn't help, we'll pull out the big guns.

That won't start, just flickers the hourglass symbol and then gives up, same with Spybot before I tried to re-install it.

If you have another computer, use it to get the .exe for Malwarebytes Anti-Malware. Put it on a thumb drive or something and rename it to something like "cats.exe". Install it (remember to disable autorun before putting the thumb drive in the infected PC so the thumb drive isn't infected), try to get the latest updates and run a full scan. Malwarebytes tends to be good at picking up stuff other AVs miss. The renaming helps it to get past the blocking scripts in the virus (if there is one)

I'll give that a go, see if I can actually get the program to work...
 
Try what brydie76 said. If that doesn't work, try getting Spyware Doctor although that is shareware and you probably have to buy it if you want to remove the virus.
 
Sounds like a version of Antivir malware. It stops all .exe files running excepot for browsers. One of my colleagues picked it up last week and we're waiting for IT to get down here to deal with it but it's a sod to get rid of. Good luck.
 
Mineworksfine might be right on this one. However, I don't think it blocks all .exe apart from browsers.

Open "services.msc" and "msconfig" (Start->Run) and look for suspicious objects. If none, try other antivirus software, even if shareware. If you can at least find the infected files (hopefully not system files), you can delete at boot some of them and then trying the antivirus thing again.

At the end...there is always Format C:
 
malware bytes helped me out when my computer got infected last year. it was either that or introduce the computer to a chainsaw, in the long run i think i saved a bit of money.
 
Well I've managed to get Malwarebytes to actually run by following brydie76's advice, now just got to see if the scan actually finds anything.

Avira AntiVir is also repeatedly finding a virus and blocking it every 5-10mins or so, I'm guessing whatever has gotten in first as ruined all the defence systems in place. Argh, this is so annoying, its been ages since I've had a virus this persistant and hard to get rid of, last time I did it was a re-format job. Hope it won't come to that.

Also opened Task Manager and deleted anything that I haven't seen before.
Anyone heard of Cdecua.exe? I've never seen it before and it hogs alot of memory and grows the longer its there, doesn't seem legit.
Deleting it doesn't seem to affect the system but it just restarts itself anyway...
 
Right, the scan finished and found 4 problems which I removed and the computer re-started but the Spybot website is still unaccessible and Google links are still begin re-directed (although so far I've had no pop-up windows).

Gah, it seems being Microsoft Certified doesn't help me very much! :lol:
 
Try logging into the built in admin account and creating a new profile.

If it's the virus I'm thinking it is, it's profile specific.

Well I'm on a new test account now, the Google redirecting problem seems to be gone but the Spybot website still isn't working and Malwarebytes still won't run from the C: drive.
 
I personally don't trust a computer that has had a virus. Suck it up, format the hard drive, and restore from a backup.
 
Well I asked a Beepingcomputer but the post was ignored and just dropped down so I'm guessing I did something wrong regards posting rules.

Looks like it'll have to be formated, and this computers never been backed up so I'm going to loose alot of stuff. :(
 
Well I asked a Beepingcomputer but the post was ignored and just dropped down so I'm guessing I did something wrong regards posting rules.

Use this guide (http://www.bleepingcomputer.com/forums/topic34773.html) to post in this (http://www.bleepingcomputer.com/forums/forum22.html) sub-forum. I daresay you have posted in the "am I infected?" sub-forum, which I don't find does as well with quick and direct virus removal instructions. If you already posted in the logs subforum, edit your post to fix it up/wait a few days if you only posted within the ast 24 hours. Everybody on there are volunteers from memory, they do a great job but they don't have enough people to do super-quick responses (it takes them up to a week to get to some problems). An example of the advice and help you will get is a thread like this (http://www.bleepingcomputer.com/forums/topic325046.html)- it looks pretty daunting but they tend to get to the bottom of problems eventually.

(post a link to your thread if you want so people can give you better advice than I can :))

Looks like it'll have to be formated, and this computers never been backed up so I'm going to loose alot of stuff. :(

You can still back your stuff up, but it is still risky as you have to assume that the virus/trojan can execute itself through removeable media on other computers. So disable auto-run on both the infected and receiving computer (i.e. the computer you are transferrin the backup to- can be the same PC after you format it), move singular files (not folders, I have accidentally taken virus files over to backups by being lazy) over to the removable media (can use CD-Rs, thumb drives, etc) and do a virus scan on it all on the receiving PC before moving it from the media over to that. If you can get hold of another operating system (eg a Linux dist), that may also be good as the virus will be less likely to infect that.

Again, I'm pretty novice, so take my advice with a huuuuuge pinch of salt. There are a lot more experienced people posting in here that can help you, my advice just comes from cleaning up family PCs.
 
once got this kinda virus off customers pc, 30min job.
1. boot to safe-mode, instand windows on hit ctrl+alt+del and goto taskmanager.
2. find a program that is mostly giberrish "11sd12fb212m3?324b324h43.exe" <- like that, and stop it before windows is properly booted.
3. goto explorer (if that works) and try to find its folder under the *appdata in users folders (and delete it ofcource, but antivir can do this).
4. go to registery and find and remove the registery from that "11sd12fb212m3?324b324h43.exe"

with these you should be able to prevent it from starting, so reboot to normal windows to test and run your antiviruses.

if this help then good.
 
Last edited:
You can still back your stuff up, but it is still risky as you have to assume that the virus/trojan can execute itself through removeable media on other computers. So disable auto-run on both the infected and receiving computer (i.e. the computer you are transferrin the backup to- can be the same PC after you format it), move singular files (not folders, I have accidentally taken virus files over to backups by being lazy) over to the removable media (can use CD-Rs, thumb drives, etc) and do a virus scan on it all on the receiving PC before moving it from the media over to that. If you can get hold of another operating system (eg a Linux dist), that may also be good as the virus will be less likely to infect that.

^ This.

Assuming you don't have a second computer to do this on (or you don't want to risk infecting it), the following steps should work for making a backup:
1) Find an external hard drive (Buy one from your local electronics store and use it for backups from now on (or return it when you're done if you're broke and don't mind living dangerously)).
2) Burn a linux (Ubuntu or Knoppix are good choices) live CD and boot from it.
3) Copy the files you want. Audio/video/archives should be safe, word docs/pdfs somewhat more risky (make sure to virus scan them before restoring them to the computer), exe's should be assumed to be infected and not brought over.
4) Delete your internal HD's partitions
5) Turn off computer, unplug external HD
6) Reinstall Windows, update it completely, install antivirus, turn off autorun.
6) Plug in external HD, scan it for viruses.
7) start doing regular backups.
 
Last edited:
Right, I managed to get a stronger anti-virus to work by using Brydie76's cat.exe plan and got rid of the problems. So in the short term everything is back to the norm, thanks everyone.

In the long run I'm going to follow PacketCollision's advice though, my computer is due a clean out anyway so I'll scan everything I want to keep, back it up and re-format the drive (might move to Windows 7 while I'm at it). That and I don't quite trust the PC anymore, so might as well completely clear it.
After that I'll keep regular backups, I don't want to end up having to worry this much in the future! :lol:
 
Top