Very bad virus!!

  Mjones68 21:09 23 Jan 2009
Locked

Hi, Could someone please help us, as I think that there is a very nasty virus on my wife’s computer. It started tonight, when everything went crazy in Firefox. I was called over and noticed that the firefox was minimised and shown as open around 50 times at the bottom of the screen. I tried to close this down, but as quickly as I closed it, it started opening again. Nothing would work, so I ended up switching the computer off by holding down the power button.

When I rebooted, I tried opening ccleaner, but this then just opened multiple times up to around 35, again as soon as I tried to close it, it just kept opening again. I then did Ctrl-alt-delete and it allowed me to open this, but not do anything as it immediately minimised itself and wouldn’t let me maximise it, so that I could close ccleaner down. At the same time, something came up on the screen re ‘remote access’, as if someone was trying to take over the machine. I immediately switched it off by holding down the power button.

I then tried to switch on the machine in safe mode, but it wouldn’t let me do this and it just kept opening up the machine in normal mode (I pressed F8 and it took me to the menu, but when I pressed safe mode, it just opened the machine in normal mode). Too my horror, on the last occasion I tried this, I see that my wife is now not the administrator, and the administrator now has the symbol of someone in a karate suit, doing a high kick.

It’s very annoying as you can imagine, especially since we’ve an up to date version of McAfee and felt that we were generally pretty careful with regard to having a firewall in place and not searching weird sites.

Does anyone have any idea what we can do?

  Mjones68 21:18 23 Jan 2009

Sorry, I meant to say that My wife's machine is running Windows XP

  Technotiger 21:41 23 Jan 2009

Disconnect the problem machine from the Internet completely. Then try your measures again.

  rdave13 23:38 23 Jan 2009

As Technotiger, disconnect from Internet.
Check remote assistance is not set to on.
Control panel--Performance and Maintenance--System--remote tab-- make sure "Allow remote assistance invitation to be sent from this computer" box is unticked. While still unconnected try a system restore.

  Mjones68 09:16 24 Jan 2009

Hi Guys,

Thanks very much for your feedback. I had actually managed to get the machine into safe mode last night without realising it, prior to your message Technotiger and when I saw your message, I immediately disconnected the machine from the internet and carried out a full scan. This took hours to run in safe mode and came back showing no errors.

I then checked if “Allow assistance invitation to be sent from this computer” box was unticked, but it WAS ticked. I don’t ever remember previously ticking this box and wondered if the virus had done this. I immediately unticked the box. We have 3 machines at home, one directly connected to the modem and two on wifi. My wifes machine (connected by wifi) is the only machine misbehaving at the moment, however I also noticed that my machine (also connected to wifi) had this box ticked but that the other machine didn’t. I removed the tick from my machine just in case.

Following this, I tried a system restore, but it came back saying that this wasn’t successful. I don’t know if I did something wrong, however I do remember trying systems restores from time to time over the last 10 years or so on numerous computers and I seem to remember that they NEVER seemed to work for me..

Anyway, after doing all of the above, I’m still very worried that there is a nasty virus for the following reasons:

1) In safe mode, there is still this strange ‘Karate person’ symbol for the administrator and I don’t ever remember setting someone other than my wife as administrator and certainly not with that symbol (my wife has her own symbol/name below the ‘karate’ administrator)
2) The administrator also needs a password, again I don’t ever remember setting any kind of password on my wifes computer.
3) The McAfee virus program, when looked at in the safe mode, states that ‘Action is required’ to fix lots of issues as all of the security things have been switched off

When I now start the machine in normal non safe mode, McAfee seems fine (none of the security measure have been switched off) and I’m also able to do a ccleaner scan, however I’ve still not connected the machine to the internet again, as I was hoping for some feedback from you guys before doing this.

Thanks very much again for your help

  rdave13 10:27 24 Jan 2009

So you've ended up with only two accounts. Karate admin and passworded and your wife's limited account?
If you have no other admin account to delete karate then have a look here, I'd print it out first before trying it; click here

  Mjones68 13:28 24 Jan 2009

Hi rdave13,

Thanks again for all of your help and suggestions and for coming back to me again.

I’ve been playing around with our 3 computers all morning now and I’m sorry to say that I think (due to my lack of computer knowledge!!) that it might not have been a virus, but a problem with firefox.

The reason for thinking this is that I have actually been able to log onto the Karate Administrator on both my and my wifes machine, with a password that I use in numerous places although I certainly don’t ever remember setting either machine up this way and they’re both only 18 months old!! I’ve also noticed McAfee on all 3 machines, seems to state ‘action required’ and have lots of features turned off in Safe Mode, so I presume that this is possibly always the case?

I’ve uninstalled Firefox and gone back to using Internet Explorer on my wifes machine and we’ll see how this runs for a few days. Everything seems to be running fine now.

This whole exercise has made me look at security again and of course there is still the possibility that there is something nasty in our computer(s). Could you possibly advise me on any additional steps that we could take to check that there isn’t a virus lurking on the machines and for future protection.. We currently have the following in place:

1) McAfee – which is kept up to date with automatic updates and runs a scan once per week.
2) I have windows firewall turned on, but also McAfee firewall and wondered if it was necessary or advisable to have both
3) I use ccleaner frequently and also delete the tmp files
4) I used to use ad-aware, but I just don’t find the new version (ad-watch) so good and rely on McAfee for deleting spyware

Would you advise anything else to the above?

Thanks again

  hiwatt 13:52 24 Jan 2009

Do an online scan with Eset(using internet explorer)
click here then download and update malwarebytes and run a full scan and see what it finds.click here

  ambra4 13:58 24 Jan 2009

Install SpywareBlaster and update

click here

SpywareBlaster is a prevention program, unlike most anti-spyware programs which utilize a

"Removal" approach after your system is already infected.

SpywareBlaster effectively prevents ActiveX-based spyware, dialers, browser-hijackers and

other Malware or potentially unwanted programs from ever installing on your system in the first

place.

Many users employ a multi-layered "prevent and remove" strategy by using anti-spyware

removal utilities in combination with SpywareBlaster protection


Download update and run the following programs

a-squared Free 4.0

click here

Malwarebytes' Anti-Malware

click here

SUPERAntiSpyware Free Edition

click here

  Jak_1 14:27 24 Jan 2009

You should only be running one firewall at a time otherwise they will conflict with each other. The same rules apply to antivirus. You can have as many antispyware programs running though.

  rdave13 16:17 24 Jan 2009

As above and I'd add Spybot S&D; click here . This acts as a scanner and blocker. I originally thought that the PC had been hacked lol.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

What is ransomware and how do I protect my PC from Petya?

Microsoft Surface Studio – the artist's hands-on review

Original iPhone review

Comment mettre à jour Kodi ?