Computer infected - what now

C

c1aro

Registered User
Messages
60
Hi Guys
I’m hoping you can help me (if this post appears twice forgive me)
Last night at about 9:30 I got a pop up balloon from the taskbar in the lower left hand side of my computer telling me that my computer was infected and to click on the balloon to be taken to a site to install updated spy ware. My Windows Defender (Beta2) was running at the time (start time 9pm) so I wasn’t directed anywhere. I also did a full system Norton scan. Both programmes ran until well after 12 and both told me the computer was clean.
I checked the software explorer on Defender and looked at programmes which were on autostart which were unclassified. I identified two which had been installed that evening and removed them.
I then did a search for the files and deleted them at source. I tried to download Spybot last night but during the download when one of the files tried to access the internet I became completely paranoid and disconnected the computer from the internet entirely and went to bed. I didn’t get much sleep dreaming of having my bank balances cleared out and my credit cards maxed.
I opened the computer this morning and looked at Defender again, only to find the file “winstal” once again in the autostart along with two other unidenfied files. I again disabled them and looked for them through the explorer. I deleted “winstal” at source on the c/drive. And did a search once again for it only to find it in a folder called Prefetch. All files in this folder has a modified date of either last night or this morning when I opened my computer again. I then connected to the internet again - a virus scan of “contactcoll” came up in Norton and Prefetch is shown on the Windows Task Manager as running. Norton dealt with the virus and I ended the Prefetch task. However, it keeps coming back on and I keep ending it, but I want to get this message up to see if this is a legitimate programme.
If I have run Defender and Norton and both tell me everything is ok, but this unidentified application keeps running - am I safe or not. Do I want to take the chance of logging onto banking etc. - at the moment I’m stressed (apols if this post is all over the place).
I did a system restore back to the 15th, but the Prefetch folder is still there with the dates of last night and today.
Can anyone advise. Thanks
 
The Prefetch folder is part of the operating system, and is just trying to keep your most used programs close to hand. More info on it here - http://mywebpages.comcast.net/SupportCD/XPMyths.html
 
Hi Guys
I’m hoping you can help me (if this post appears twice forgive me)
Last night at about 9:30 I got a pop up balloon from the taskbar in the lower left hand side of my computer telling me that my computer was infected and to click on the balloon to be taken to a site to install updated spy ware. My Windows Defender (Beta2) was running at the time (start time 9pm) so I wasn’t directed anywhere. I also did a full system Norton scan. Both programmes ran until well after 12 and both told me the computer was clean.
Click to expand...

Spyware, get Javacool spywareblaster and spybot search and destroy from security.kolla.de

Install Both
Update Both
Scan with both


I checked the software explorer on Defender and looked at programmes which were on autostart which were unclassified. I identified two which had been installed that evening and removed them.
I then did a search for the files and deleted them at source. I tried to download Spybot last night but during the download when one of the files tried to access the internet I became completely paranoid and disconnected the computer from the internet entirely and went to bed. I didn’t get much sleep dreaming of having my bank balances cleared out and my credit cards maxed.
Click to expand...
you are not a mug and your computer is not wide open either but I would be the same if I were hit.

have you considered backing up everything and installers you want snd simply scrubbing the computer, it would be the quickest solution if its a 2ghz + machine and you have BB


I opened the computer this morning and looked at Defender again, only to find the file “winstal” once again in the autostart along with two other unidenfied files. I again disabled them and looked for them through the explorer. I deleted “winstal” at source on the c/drive. And did a search once again for it only to find it in a folder called Prefetch. All files in this folder has a modified date of either last night or this morning when I opened my computer again. I then connected to the internet again - a virus scan of “contactcoll” came up in Norton and Prefetch is shown on the Windows Task Manager as running. Norton dealt with the virus and I ended the Prefetch task. However, it keeps coming back on and I keep ending it, but I want to get this message up to see if this is a legitimate programme.
Click to expand...
pernicious spyware is hard to remove and you need to throw a few programs at it, if norton and ms defender and the ones i mentioned above cannot shake it then the scrub is maybe the best idea.

If I have run Defender and Norton and both tell me everything is ok, but this unidentified application keeps running - am I safe or not. Do I want to take the chance of logging onto banking etc. - at the moment I’m stressed (apols if this post is all over the place).
Click to expand...
you are not safe once you are well infested and you are well infested. In 6 months time the detectors will be able to find and remove your infestation but not now.

there could be a backdoor or a keylogger or both, also try this program

http://www.rootkitdetector.com/

and

[broken link removed]

on the other hand you may be ok but I dont know and its too much hassle to check nowadays


 
Thanks guys
I am on the other computer in the house now because I am so stressed. Got another recommendation from another friend to install Firefox instead of Explorer.
So as of now am going to go back to the laptop and start downloading all above mentioned - am presuming it will take a while
Will get back to you later.
Still don't know if I would feel safe with the banking though.
Will see what these other applications throw up.
Talk later
 
c1aro said:
Thanks guys
I am on the other computer in the house now because I am so stressed. Got another recommendation from another friend to install Firefox instead of Explorer.
Click to expand...

Very sound advice BEFORE you are infected. My oul fella is even running a virtual browsing appliance in vmware player nowadays. I'm sick cleaning up ****e .


This means that if he is hit he simply deletes the virtual machine and he is safe.
 
Hi
Have installed Firefox now and am using that to access internet.
Have downloaded the Rkdetector2 and uncompressed the files and opened it and haven't a clue what to do now.
 
Hi Guys
Thank you all for the wonderful information.
After a day of downloading (I'm sure if I wasn't such a novice that it would all have gone a bit quicker) I think I am infection free.

First downloaded Firefox and am using that for internet browsing at the moment (perhaps Car could tell me what is meant by having IE as well as Firefox - read that in the clean pc posts).

I then downloaded Spybot, successfully this time and also a free scan called XoftSpy.

I ran and re-ran my Norton and Defender while all this was happening. Both were still saying there wasn't a problem.

The XoftSpy did a system check and identified lots of low risk cookies and two severe risk Registry Keys - Vendor Wild Tangent (only problem Defender was still showing at this stage was the XoftSpy having been installed!).

I had Spybot check for problems and it came up with 63 "real threat" items - didn't notice Wild Tangent in there, but however removed all of them. Did XoftSpy scan again and no severe threats left.

I think I was probably in the school of "that'll never happen to me". I was actually looking at jewellery when I was directed to the suspect site. So that's how easy it happened. I've read posts before on this site about all the precautions people were having to take, but again thought my Anti-Virus and Anti-Spyware were adequate ("why would I need more than one application of each?"). Thankfully, I've lurked long enough on the sidelines to immediately come to this forum when the unthinkable happened - your experiences with dealing with these problems have been invaluable.

Just one more question from the more knowledgeable than myself: having run the three Spyware applications now, if it was your computer would you access your bank/credit card accounts online?

Thanks.
 
what is meant by having IE as well as Firefox
Click to expand...

It just means having MS Internet Explorer there as well (as you will have). Some badly written websites rely on "features" of IE to display correctly. Therefore you will have to revert to IE for these sites rather than use Firefox. That said these are becoming more and more scarce.

if it was your computer would you access your bank/credit card accounts online
Click to expand...

If it were me then as a final check I'd validate all the running processes in the task list (right click the task bar and click Task Manager) before giving it the all clear, but the chances are you've successfully cleaned everything up. If you're still unsure then install a personal firewall (e.g. ZoneAlarm) and only allow applications you're 101% sure are safe access to the internet.
 
Hi C1aro,
Yes, as dearg doom says, having IE and firefox isnt a problem, you can use either of them for the same thing, ie, the internet. Firefox is widely accepted as being more secure for a lot reasons, suffice to say just use it unless you hit a site that doesnt support it and then use IE.
My office laptop is pretty secure with the office AV software but my home use laptop has been clean for a long time now by with just AVG constantly running. Help youself out by getting the additional popup blockers for firefox, click [broken link removed] for the firefox plugins. Id suggest getting noscript and adblock. Get stumbleupon too, my fav plugin for the web.
Also go to this popup [broken link removed] site to see if your popup blocker is doing all it should be.
I would say yes to the online bank usage. Again, check the processes.
 
Just for any future reference. I was badly hit by spyware once despite having a subscription to McAffee and always having the latest of the latest. This thing was soo new though that even the really good firewalls etc did not block it up. I didn't have the first idea what to do and never knew one bit about registry keys and whatever else makes your computer run, so I was quite stuck. I found www.spywareinfo.com on the net and they have a forum where they babysit you through the process, you have to send them a logfile and then they tell you exactly what software to download and what to do, and after a couple of days mailing back and forth I was back in business. Even if your PC is running slow, they will help out. Absolutely excellent. Costs nothing (other than time) and they guys really know their stuff... and I'm a hell of a lot wiser when it comes to spyware and stuff...
 
You must log in or register to reply here.
Back
Top