Virus?

[BB_622]

I keep getting these annoying pop up's about viruses on my computer and everytime i start internet explorer up it goes to an Internet Security site instead of my homepage. The site includes details of my computer and says it's liable to viruses??

 

I've used adaware and norton anti-virus to scan my computer but it doesn't find anything?? This is getting really annoying as there must be something wrong with the computer but it can't find it

[martwisely]

take a print screen of the popups and post them up.

 

 

[BB_622]

If you go here then what is posted there is what's happening to me

[martwisely]

what to do is ctrl + alt + del

 

then go to processes and go through that list and see if there is anyting on there that u dont recognise type it into google and itl tell u what it is and if its a virus itl tell u. So end that process then scan your computer again and it should pick it up.

 

Hope this helps

[BB_622]

There was nothing that i didn't notice.

 

This is the page im getting everytime i start internet explorer. I keep getting a small yellow triangle in my tray box (by the time) saying about viruses on my computer and I must go and download some virus software but i think thats part of the virus?

[Rikard]

Im recon its spyware, its trying to "scare" you into downloading their software by pretending you have a Virus on your PC.

 

Can be tricky to get rid of this as i had something similar once. Best thing is to do an Adware scan, make sure you do a full system scan and not just a "Smart Scan" if it picks nothing up then you can either wait for new updates to be released and hope the more advace updates catch it, or you could try other free spyware scans like "Spybot Search and Destroy" you can search for it in Google.

 

In the mean time you can use a different Internet Browser, such as Fire fox, this is a more safer browser, as hackers don't bother hacking it much as they'd rather hack Microsofts Internet Explorer for obvious reasons, plus its used more world wide and so would be more targets.

 

You can read about adn download Fire Fox >>here<<

 

[martwisely]

i had similiar to that to... ill search the forum for link and post it..

 

Edit: http://forum.kev149.com/index.php?showtopic=11576 ..

 

Have a look at above link that was a virus that a few people got.

 

Try the suggestions made there.

 

Martin

Edited July 30, 2006 by martwisely

[BB_622]

Tried all them, but i've still got this crappy page coming up when i start internet explorer???

 

This is a popup i get alot aswell

Edited July 30, 2006 by BB_622

[wrighty496]

its definitely 'scamware' m8.

 

i did a google search on system error 384 and got loads of stuff back on it. good info on removal seems to be here (which includes links and instructions for Smitrem, which i've used before and its very simple and very good) and here, with more here.

 

best wishes ........ wrighty

Edited July 30, 2006 by wrighty496

[BB_622]

Very simple you say? Could be chinese for all I know lol, i can't make any sense out of any of that, which is probably why i've still got this virus

[wrighty496]

Very simple you say? Could be chinese for all I know lol, i can't make any sense out of any of that, which is probably why i've still got this virus

 

ok i've have a read through a successful removal and its as follows; (save all of this below to a notepad document and save it on yr desktop, that way you can refer to it without having to connect to the net)

 

1: download and install Hijackthis, you'll need this to remove some bits

 

2: download Smitrem to your desktop.

 

3: Run Hijack This and click on scan. The following items need to be fixed -

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

 

Close all windows other than Hijack This. Tick the boxes next to above items and click on Fix checked.

 

4: Delete the file - c:\secure32.html.

 

5: Next, reboot your computer in SafeMode by doing the following:

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, press F8 repeatedly.Instead of Windows loading as normal, a black screen should appear with options to start in safe mode, safe mode with networking, 'last known good' format etc. Select the first option, to run Windows in Safe Mode.

 

6: Go into hard drive and delete the files -

 

C:\WINDOWS\SYSTEM32\paytime.exe

C:\WINDOWS\system32\TFTP3992 (if its there)

C:\WINDOWS\SYSTEM32\scmt16.exe

C:\WINDOWS\tool2.exe

C:\WINDOWS\country.exe

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll (if its there)

C:\drsmartload1.exe

C:\winstall.exe

 

7: On the desktop open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

Wait for the tool to complete and disk cleanup to finish (this can take a while, but must run to finish).

 

8: reboot. This should clear it all... set a system restore point if you're happy that everything appears back to normal and reset your internet home page.

 

takes a while but should do the trick, best wishes ..... Wrighty

Edited July 30, 2006 by wrighty496

[BB_622]

How do i start the computer in safe mode?? It says press F8 but when i do that there's no option for safe mode

[BB_622]

Nope, still no luck

 

I dunno what im doing wrong as it seems to work for everyone else??? My computer can't even find any of they files i've to delete

[wrighty496]

Nope, still no luck

 

I dunno what im doing wrong as it seems to work for everyone else??? My computer can't even find any of they files i've to delete

 

k, not sure where to go from here m8 tbh, but if hijackthis is working ok you can still get a log from that, then join hijackthis's forum and submit the log for analysis. If there's something more to sort too (why there isn't a safe mode option from F8 for instance), they'll be able to help you with that too.

 

Join Tech Support Forum, this section is all for hijackthis logs and more general queries by the looks.

 

best wishes, sry ...... Wrighty

[BB_622]

Oh well, thats my online racing down the pan again. No good with the techy side of computers so whatever they tell me will still be double dutch to me

 

Thanks for the help people

[Ranny]

BB

 

Might be worth doing an online scan from this

 

http://housecall.trendmicro.com/

 

They normally find all the nasties.

 

Ranny

 

[BB_622]

Says it found nothing, but somethings obviously still wrong

[Pedz 212]

try this one BB

Panda

[big al 515]

BB, I had something just about identical about 3 months ago, and I know how desperate you will be feeling!

 

I tried a few things without success and Adaware etc will never clear your problem in a million years I'm afraid, it's beyond that.

 

Eventually I had to shell out about £20 for a program called Spyware Doctor but it's absolutely first class. I downloaded it and installed it, ran a scan on it and it found the Malware that was doing the big damage along with about 3 or 4 hundred other ones as they all start piling in once they have hold of your pc. It cleared the lot no problem. Afterwards my pc worked perfectly again with no ill effects.

 

I would seriously consider getting this package, as well as sorting your pc out now there is an on-line guard and stuff to stop it happening again but you can turn it off for racing if you wish.

 

Obviously I can't promise you anything but it was twenty quid very well spent on my part - I was just about to reinstall everything in desperation at the time, in fact I tried that but couldn't even manage that lmao and I know what you mean about trying to follow some of those instructions for fixing stuff your self, I didn't fancy that either.

 

This is their homepage m8:

 

http://www.pctools.com/en/spyware-doctor/

 

[BB_622]

Went down your route Al, it found all the files but then the programme died ( i pressed ctrl alt del and it said the cpu usage was 100 ) it's fine without Spyware Doctor running, but with it running it just kills everything as the cpu usage is at 100

 

How do i get round this??

[MiNi_TeTz]

tried windows defender yet? on microsoft.com totaly free and totaly accurate on spyware and adware

 

[BB_622]

Well for the first time since Saturday, i've opened Internet Explorer and it has actually put me straight to my homepage and no annoying security website, so fingers crossed!

 

I did a scan and it found another 12 infections, I deleted them and scanned again and it found the same 12 files, so done it again another couple of times and same 12 again lol. So im still not 100% that it's gone, but somethings certainly went away for the time being.

 

Thanks for the help

[BB_622]

Spoke too soon! lol. The pop up's etc are still happening. I've done umpteen virus checks and fixed them but it keeps picking up the same files no matter how many times i do the check and im sure the file is the "trojan pop-up" which is the main cause of whats happening.

[Jarry164]

Hi BB sounds like your looking for a shotgun now

 

Follow this should get you back up to speed m8

 

smitrem

 

I suggest you print out instructions as you wont be able to read them from safe mode....good luck

[big al 515]

Went down your route Al, it found all the files but then the programme died ( i pressed ctrl alt del and it said the cpu usage was 100 ) it's fine without Spyware Doctor running, but with it running it just kills everything as the cpu usage is at 100

 

How do i get round this??

 

Sorry to hear that BB. I know when these Spywares have got hold they can send the CPU usage skyhigh. Not sure why Doctor isn't able to keep going and zap them for you though. I aren't technical mate so hope someone else's advice sorts you.

 

[BB_622]

I've managed to get it running, it just finds the same 12 infections time after time even though i fix them etc, thats the confusing part lol.

 

Thanks Jarry, will try again but it confused the hell outta me last time and i didn't even know how to get my computer started in safe mode lol

[F2-Fan]

You might find that the files keep reoccuring because they are living in your system restore part of the operating system, that is why deleting them isn't necessarily fixing them. Every time you reboot they will reappear. Try switching off system restore and doing your scan and see what happens then.