• Welcome to BirdForum, the internet's largest birding community with thousands of members from all over the world. The forums are dedicated to wild birds, birding, binoculars and equipment and all that goes with it.

    Please register for an account to take part in the discussions in the forum, post your pictures in the gallery and more.
ZEISS DTI thermal imaging cameras. For more discoveries at night, and during the day.

Hijacked virus laden computer driving me mental !! (1 Viewer)

Chosun Juan

Chosun Juan

Given to Fly
Australia - Aboriginal
My Vista running laptop seems to have developed a recalcitrant mind of its own ..... and it's driving me mental !! :scribe: :h?: :storm:

I am plagued by some sort of unwelcome mal /'adware', such that most pages are unusable ..... :-C

Data allowance disappears at a frightening rate (100's of MB), while the pages and computer sit there locked up .... usually with a 'long script running' notification window at the bottom.

Is there any way of finding out the details of these scripts so that I can target them better?

I also get (in order of annoyance) unwanted
* google adservices ads
* double click ads
* new tabs opening when I click on a post, that briefly show something like "tedir.com" before switching to any number of ad pages
* data sucking ads top and bottom which freeze the scroll cursor and page, with something like "sin1.g.adnxs....." shown in the bottom window when you hover over them.

I have followed the 4 steps on "malwaretips.com" to try and rid the system of unwanted nasties http://malwaretips.com/blogs/ib-adnxs-popup-virus/
with no lasting joy - it did get up and flying for a short time - (first time through they did find a few undesireables and nuked them, and the data drain seems to have slowed) -- but now they're back just as bad as ever.
What are the ramifications of following step 5 ??

I've even tried running concurrent scans of Malwarebytes Anti-malware, Hitman Pro, and Microsoft Security Essentials ...... with the nasties still remaining hidden |=(|

They seem to be slippery little suckers!

Any help greatly, greatly appreciated ! :t: |:d|


Chosun :gh:
 
Hi, I know you have already tried Malwarebytes (free) but I would download the latest version and run it again.

http://www.malwarebytes.org/

also try Junkware removal tool from Bleeping Computer:

http://www.bleepingcomputer.com/down...-removal-tool/

And AdwCleaner from Bleeping computer:

http://www.bleepingcomputer.com/download/adwcleaner/

another programme I have found useful is Superantispyware (free):

http://www.superantispyware.com/

There is always a possibility that after running some of these programmes you may need to re-enter your passwords to access sites such as Birdforum.

I would also consider changing your default anti-virus from MSE to Avast free to give greater protection. It may be necessary to run all these programmes one after the other until you have a clean machine. A further complication may be that your malware infection may prevent you from downloading some or all of these programmes. See how you get on.


Dave
 
Hi,
You do have all important data backed up ??
If you try all that Dave has suggested above run them in "Safe Mode", keep tapping F8 at boot time and choose safe mode from the menu that will come up.
Honestly when you get nailed that bad the best course of action is to format and re install the OS.
You can muck round for days and think you have nuked everything then they reappear again from hidden installers.
It's a fun challenge trying to clean up a heavily infested drive but not time effective or usually even effective.
:)
 
Thanks for the advice so far Dave and Grahame.

Reinstalling the OS is not really an option since the old girl's optic drives went to heaven long ago. Worst comes to worst I can pay a computer shop I know to do that.

** I haven't backed up in a long time (naughty, silly me). Will saving my files, photos, and favourites links, be likely to also harbor hidden viruses etc ??

I thought I had the problem licked, but then it popped up again, and further scans with the methods I posted netted no problems found.

I will try these suggestions tonight, if I can access webpages.

Fingers crossed.


Chosun :gh:
 
Grrrrrrr

Ultra frustrating !

So far can't even download any killers .... :storm:
Mystery scripts seem to jam up the system.
At least I have the pages in the history. :cat:
Will try again after dinner ..... :eat:


Chosun :gh:
 
It's probably the infection preventing the download of any malware fighting programmes. If you have access to another computer try downloading portable versions of the anti-malware programmes mentioned onto a USB drive then plug it into the infected computer and run them from there.

Alternatively, if you decide to do a factory reset you can do this most likely from a recovery partition already on the computer. Continually tap F10 or F11 (depends on make of computer and version of windows) and select 'restore to factory settings'. No need for an optical drive. However, ALL DATA INSTALLED AFTER PURCHASE WILL BE LOST.

Dave
 
Thanks Dave,

It's those bl**dy long running scripts that jam the system up.

Your first link from bleeping for junkware came up with a 404 error. If you could check and post again would be great. :t:

The adware and junkware tools that I originally used from malwaretips found some trojans, but removal was not permanent it seems.

I have managed to download Super AntiSpyware and it found 135 aware tracking cookies which were removed, but nothing more sinister yet.

Not really wanting to do anything too drastic just yet. Will try again tomorrow night. Will try the USB method for ad and junkware tools if the system is still jammed up. Posting this on my phone. Thanks.


Chosun :gh:
 
Still no #^@%*&! good .....

Ok, seriously annoyed and/or depressed now :storm: :-C

Managed to find a Window of opportunity and downloaded tools as suggested by Dave in post #2.

Ran them and cleaned up some minor tracking cookies and registry anomalies. Good for 10 seconds - Now still back to square one.

There's long running scripts, all sorts of ad clicks addresses upon hovering over the ads, terdir. com new tabs opening, and the same sin.g.adnxs.....

Like Grahame said - hours spent and I'm like a dog chasing it's tail ...... grrrrr !!

Computer is pretty much useless in this condition.

Any advice?

If I save all of my files, photos and favorite bookmarks and links to USB do I risk an infection of what is obviously a fast moving and very good at hiding from detection, lot of viruses ???

Any way forward greatly appreciated.



Chosun :gh:
 
 
Last edited:
Sometimes it may be best to send the computer back to a factory state if the computer still has the recovery partition. The only drawback is that any data and programs installed since purchase will be gone. You will have to back up any important data including your browser bookmarks and email if you use an email client to an external or USB flash drive (there is also a risk of including infected programmes at the same time). Any programs you purchased and installed would need their serial keys/passwords. After a factory reset you would also need to update Vista again through Windows Update. I did this a couple of months ago on a Vista PC and it does take a while.

Dave
 
d.steeley said:
Sometimes it may be best to send the computer back to a factory state if the computer still has the recovery partition. The only drawback is that any data and programs installed since purchase will be gone. You will have to back up any important data including your browser bookmarks and email if you use an email client to an external or USB flash drive (there is also a risk of including infected programmes at the same time). Any programs you purchased and installed would need their serial keys/passwords. After a factory reset you would also need to update Vista again through Windows Update. I did this a couple of months ago on a Vista PC and it does take a while.

Dave
Click to expand...

And if you go down this road, make sure you have good, working antivirus and antimalware installed before reconnecting any USB devices.

Niels
 
You seem to be coming up against a well know prob.
When the crap installs itself it makes a child installer in a file with a random name.
This then looks at boot to see if the parent is still there, if not it re installs the parent.
All the anti anythings in the world can not solve this problem, they only know where to look for the parent and delete that.
The child keeps cloning it's parent.
Very sneaky very annoying.
The child is findable but is really only a geek intellectual exercise.
As to the other questions.
I assume you have no back up partition and only have restore on cd / dvd.
A new optical drive is cheep, usually free, find a mate with a dead lappy and canabalise that.
It's only a couple of screws on the bottom of the lappy to remove the cover and literally slide out and slide in.
The lappy should recognise the new drive at next boot.
Yes you can remove files from the infected lappy, but only files you trust, ie your images and docs you have created.
Software you have dloaded bin it and redload unless it was from a "trusted" source.
Bookmarks should be OK, it's where they lead that could be suss :)
In someways it's good you don't have a full bkup, you could have bked up the nastie.
Honestly a re install is the only way to go with this one.
Your lappy will love you for it, it'll be faster than you remember and you get the fun of only putting on it what is important not the yrs of accumulated cruft.
:)
 
It is tempting to suggest:

1. Copy the data files off the PC.
2.Overwrite the entire system with a version of Linux, (Lubuntu is my current preferred option). Linux Mint seems to work well for beginners.
3. restore data

Benefits would be:
Operating system would be an improvement on Vista
Guarantee the virus would be gone, and very unlikely to return
It's free

But this only works for someone with a "spirit of adventure"!
Disadvantage would be the learning curve to switch OSs, and linux versions of applications.


Just a thought,
Peter
 
Hello Chosun,

How frightful!

I cannot add anything to help but please accept my best wishes in your attempt to salvage something.

Happy bird watching,
Arthur Pinewood :Hi:
 
Thanks for the good wishes Arthur.

Peter, thanks - though my spirit of adventure is not quite that adventurous! :)

Dave, thanks for the bleepingcomputer.com forum links - much appreciated. They are really helpful, as I just don't have the capacity to do a lot of information searches like that. I'm sure the people there could help eventually, but that looks like a very involved and time consuming process - so I may pursue other options first.

Grahame - thanks. Your explanation makes perfect logical sense and seems to gel with the experience so far.

Computer still limping. Various small GIF's that I have downloaded (for eg. of CFD aerodynamics simulations) seem to be affected, and come up with request boxes to run ActiveX controls etc. These files were fine before the latest malpisode .....

I have to attend to some family matters this weekend ( the mental break will be good :)
But, next week I will drop by the computer shop and see if they can sling me an old optical drive or hook up another one like last time and reinstall the operating system (I think IE may have some corruption as well).
I think this may be the quickest option and last time they rescued a locked up and dead computer for 30 bucks.

This is indeed the worst infection I have had. It doesn't help at all that you can't even ring up Microsoft for assistance as they stopped supporting Vista long ago. The old girl just needs to get through another year ..... I will keep you all posted as to the outcome. Many thanks.


Chosun :gh:
 
Only just stumbled across this thread, Hope you got it all sorted, if not it is very simple to resolve. From what I can work out you have some sort of malware,( do you run google chrome by any chance) these viruses can and will prevent you from downloading software that combats them directly from the web/ security provider so the remedy has to be disguised.
Firstly restart in safe mode, as you are running vista that will be F8.
you will get the advanced boot options screen.
Select start up settings then select safe mode with networking.
Connect to the internet. You will now have a screen that looks rather funny (larger print etc).
type in RKILL. and down load as per instructions. This program will hide its self from the malware, usually as iexplorer or something similar. let the program run its coarse (takes a while ) when its completed the clean of your hd close the program as instructed and download a paid version of an anti virus software , this will give you a lot more protection than any free antivirus software. Please consider leaving a donation for the Rkill developers on the site as they do this for free and put a lot of time in helping people out. Any problems please pm me and I will help as much as I can.

Regards
Brian
 
Warning! This thread is more than 9 years ago old.
It's likely that no further discussion is required, in which case we recommend starting a new thread. If however you feel your response is required you can still do so.

Similar threads

Vectis Birder
Computer crippled by virus
Replies
18
Views
4K
Raptor 01
R
J
Computer Graphic Woes
Replies
5
Views
1K
d.steeley
D
Tanny
Dr Manjeet Singh's Malasian patch revised
Replies
5
Views
18K
christineredgate
christineredgate
DaveN
Sobig virus wreaks e-mail havoc
2 3 4
Replies
74
Views
16K
Tony_InDevon
Tony_InDevon
Rich Bonser
Israel December 2005
Replies
2
Views
17K
Bubbs
B

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Back
Top