1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ViRUSES.. a lot of them. HELP! important... =(

Discussion in 'Windows XP' started by Lutz1904, Apr 25, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Lutz1904

    Lutz1904 Thread Starter

    Joined:
    Dec 8, 2003
    Messages:
    78
    Everytime I first start my computer, when I go to the Task Manager, I see there are lotsa processes running-- more than usual.

    I wrote them down...:
    - Mqv6jpA.exe
    - uim.exe
    - wtstr.exe
    - awso.exe
    - dp-k13w13.exe
    - Soa8O.exe
    - uQoe41N.exe
    - PiKQWgdx.exe
    - Dmtc.exe
    There are more than that though. They sometimes change everytime I restart.

    The minute I see them, I do the "End Process" thing. But then, when there is two left and then I end them, another one comes up again-- one that has already been ended. I hafta do this REALLY fast to get them to stop.



    -x-x-x-x-x-



    Okies another one is...
    Sometimes [rarely] when I get on Internet Explorer, the homepage is changed. It is changed to http://default-homepage-network.com/newspynotice.html. DO NOT CLiCK THAT LiNK!!. Anyway, then about five pop-ups continually pop up. When I click outta one, it comes back a long time later. About thirty seconds later er so. One of the pop-ups is a big light-yellow screen about SPYWARE.
    Also, these are all either a porn-pop-up er a pop-up about getting rid of spyware.



    -x-x-x-x-x-



    [EDiT]
    OMG I just remembered more....
    For IE, there is this Search thing on the right of the Address Bar. It resembles the Address Bar but it is small and says "Enter the search term". I have never had that there before. I went to View » Toolbars » and unchecked "Search" but when I exit IE and get on again, it comes back up immediatly.

    Then another one is this thing called "eBates Moe Money Maker". It has installed itself onto my computer. When I right click on IE or in any window, there is an option that says "Ebates". Then in my IE, on the top called the "Standard Buttons", there is a button called "Ebates". it has no picture. It*s blank.
    I went to the Control Panel to fine it and try to uninstall it from my computer. When I select it and click "Add/Remove", it has an alert that says "Error: Could not execute Main : The system could not find the file specified." In the Programs Folder, I have went into SafeMode to delete the Ebates folder. The folder is not there anymore but I still see all these Ebates stuff..... HELP!
    [/EDiT]



    -x-x-x-x-x-



    All these weird things starting happening ever since I was searching for a song for my LiL brother. I clicked on a site and then the pop-ups started coming up. Now this has all happened. I did delete one of the viruses already. It was a "Lycos" virus that downloaded itself into my PROGRAMS folder.

    PLEASE HELP! This is very important because it has affected my computer so quickly. My computer has gone slower than usual.

    Thank you
     
  2. rude

    rude

    Joined:
    Mar 8, 2004
    Messages:
    2,326
    It's the old prevention or cure thing-AVG is used to heal an infection,A FIREWALL is used to prevent infection in the first place.

    The FIRST thing you need to do is ensure that you have installed ALL Microsoft Updates.

    SECOND:This is an ABSOLUTE PRIORITY,get a good firewall,read it's documentation so you know how to set it up and make sure it starts on bootup.

    An excellent FREE firewall,called ZoneAlarm,can be found here:
    http://www.uant.net/firewall/zonealarmguide.html

    THIRD:Another ABSOLUTE PRIORITY is to get a good Antivirus program and AVG is as good as it gets.

    (I use these 2 programs on my machine and have had no virus,trojan,worm or browser hijacking in over a year)

    FOURTH:Before running ANY scan for virus,trojan,worm etc. you should ALWAYS turn off System Restore as copies of everything you are trying to get rid of are in System Restore just waiting for you to put them back where they came from in the first place.

    This will delete all restore points on your machine,but if they are infected you don't want them anyway.

    FIFTH:Another good thing to do before running the scans is to clear out your TIF and other temp files.
    In Internet Options, under the General tab click the Delete temporary internet files, choose to delete all Offline content.
    Also, go to Start - Search - Files or folders - in the "All or part of the file name" box, type: *.tmp and choose Edit - select all - File - delete.
    Do the same for "Cookies"

    Empty the contents of the C:\Windows\temp folder and C:\temp folder, if you have one.
    Empty Recycle bin.

    SIXTH:Now you are ready to scan your system using:

    Spybot Search & Destroy is a free program that does a good job and can be found here:http://www.safer-networking.org/index.php?page=download

    Another thing you can do is an online system scan from here: http://housecall.antivirus.com/housecall/start_corp.asp

    Make sure that you update antivirus,firewall and scanning programs on a regular basis,and particularly,just before performing a system scan.

    Once you have cleaned your system and have it running the way it should,turn System Restore back on and create a fresh,clean restore point.
     
  3. Lutz1904

    Lutz1904 Thread Starter

    Joined:
    Dec 8, 2003
    Messages:
    78
    OMG Thanx Rude for all that! I*m going to do that right now.

    But that cleans my computer a little. I was thinking of specific instructions for each of the viruses. I guess while doing this, it WiLL clean some of the viruses. I*m going to do this anyway [first].

    I already do the fifth part. I just don*t ever really clean the cookies cuz I need them sometimes [cuz of laziness to log in haha]. But I guess I will... And I always empty the Recycling Bin as well.

    THANK YOU again!
     
  4. rude

    rude

    Joined:
    Mar 8, 2004
    Messages:
    2,326
    While you are at it ,why not run check disc and defrag before you turn System Restore
    back on and when you turn on System Restore,you can reduce the amount of space allocated for it.2-3% is more than enough to give you a few good clean restore points.

    Just a thought,but have you thought about disabling startup items that you don't need to start on bootup.Having too much stuff in there can slow your system down dramatically.The only things I allow to start on bootup on my machine are my anti virus and firewall.

    Also go here:http://www.blackviper.com/WinXP/servicecfg.htm
    and check out the service configurations,there are a lot of services that you can disable to help your system run better and faster

    There,that should keep you busy for a while but I promise you that it is worth the work
     
  5. Lutz1904

    Lutz1904 Thread Starter

    Joined:
    Dec 8, 2003
    Messages:
    78
    OMG!!!!!!!!!
    I did all that ans it fixed ALL my problems!
    - The search-thing is not there anymore
    - No more Ebates!!!!!!
    - Out of all the nine processes running when I start my computer, only two of them are there now.
    - Golden Casino thing deleted finally [it was hard to get out.. infact I thought I didn*t have it anymore]
    - Lycos virus is not there anymore
    Then a heck lotta other things.

    I hope it*s OK if I didn*t follow your instructions iN ORDER. I think it*s OK though cuz I just put Step Two [about the firewall] at the end. Like it says on the download/instructions page, I should do virus scans BEFORE getting the firewall. I dunno why but it does feel like I SHOULD do that.
    I don*t think it*s a big deal at all though... no problem!

    BTW, in addition to SpyBot, I used AdAware 6.0. It*s really goOd. I saw the reviews/comments people said about it first at download.com. Almost 90% of the people recommended it. It iS goOd. You should try it if you already haven*t but I bet you have already ;D

    BTW, I didn*t turn System Restore back on.... I wanted to do a few more things...

    I don*t get what you mean in your last post... =[ Can you explain it all? Step by step... it doesn*t matter though cuz everything is OK and I*m going to check up regarly.
     
  6. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    First please get Spybot S&D to clear out most of the spyware.

    Short tutorial and download link here:
    http://tomcoyote.org/SPYBOT/

    Fix everything SpybotSD labels in red.

    Then after reboot:
    Download 'Hijack This to its own folder http://www.tomcoyote.org/hjt/
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
     
  7. Lutz1904

    Lutz1904 Thread Starter

    Joined:
    Dec 8, 2003
    Messages:
    78
    i already did the spybot thing.. it had only one virus that was detected.

    and then.. for hijackthis, i did that toO~ damn that was fast. here is what i got... i can*t copy-and-paste cuz something is wrong with my clipboard for internetexplorer only. so here.. i toOk a screencap pic. [sorry~!!]

    [​IMG]
    [​IMG]
    [these will be deleted soOnnn!]
     
  8. rude

    rude

    Joined:
    Mar 8, 2004
    Messages:
    2,326
    Thanks SweetLiLjen,yes I do use AdAware.
    Which part of my last post did you not understand?
    System Restore-when you go back to turn on System Restore,on the left side,under the description(in blue letters) you will see"System Restore Settings",click on it and on the System Properties box that opens up next you will see another button for Settings,click on that.Now another box will open up and you will see a slider,move the slider to the left to 3%,then ok
    By default xp reserves 12% of your hard drive for System Restore and on a large drive,say 100 gigs,that is enough room to install xp several times with enough room left over for a Starbucks!

    If you were having a problem with Blackviper,just look around a bit and you will find the xp 411 service configuration list.Be patient,it takes quite a while to reset the services one at a time but it's worth it for the performance boost.
     
  9. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    First run the peper uninstaller :
    Follow these steps for removing the "peper" trojan:

    1 -- download and run the "uninstaller" here:
    http://home.iprimus.com.au/mbuchan/peperuninst.exe

    (it has to be run while you are still connected online)

    2 -- download and extract the dr peper script from here:
    http://www.mjc1.com/files/mo/drpeper.html
    (it extracts to: C:\drpeper\Find backup and Delete Peper files.vbs)
    Double click on the *.vbs file to run it. You may get a "script" warning; allow it to run.

    Then rescan and remove each of the following:
     

    Attached Files:

  10. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Then reboot into safe mode and delete:
    contents of the temp file,

    C:\Windows\system32\wtstr.exe
    C:\Windows\system32\msmc.exe
    C:\Windows\system32\wdit.exe
    C:\Windows\system32\dp-k13w13.exe
    C:\program files\commonfiles\updated\wupdater.exe

    Then try rescanning and posting a fresh log.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223777

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice