Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: adwight on March 11, 2005, 08:26:43 pm
-
I seem to have contracted a virus, yet it does some strange things. When I push CTL+ALT+DEL the screen doesn't show up, whenever im in google searching for something to get rid of it (spybot etc.) it closes down Mozilla. Don't ask me how this occured, because I don't even know how. Anyone have any ideas. It may have something to do with a Frog getting smashed by a truck that my friend sent me, but the virus scan said it was clean. Now I can't even open antivirus...
-
Here try this. Its the latest Spybot install, renamed to avoid being potentially picked up by the virus.
http://www.penguinbomb.com/rictor/inconspicous.exe
edit: I can also recommend PRCView, to view all process that are running. From there, you can pick out any suspcious ones and Google them to see how to remove them.
[l]AFAIK, it doesn't work on WinXP[/l]
http://www.xmlsp.com/pview/prcview.htm
-
Have you tried booting into safe mode? That might stop whatever it is from loading on startup. Or download spybot on another machine and move it with a floppy or flash drive. It might not cover that...
-
Rictor's inconspicious thing is dling, thank you sir. Lets hope this works.
-
Damned Virus, it stops Spybot from setting up, this thing is smart? How do I boot up in Safe Mode, I'm not very computer savvy.
-
What OS are you running?
Usually, you just keep hitting F8 during startup, and it should allow you to pick which mode to boot up in. It may be different depending on the BIOS, but it should say at some point which button to press.
-
crap, wrong button.
ignore this.
-
Rictor, PRCView doesn't work either, This freaking thing is insane. Im prolly gonna have to take it to the shop to have them take it out.
-
does it let you run msconfig or regedit?
what about hijackthis?
-
Yes I can run msconfig. What can I do in MSconfig that can help me. Regedit, however, it won't let me run.
Would reformatting the computer get rid of it? I just got the strangest popup. It looked like it was opening a file, and in the file name part it said Ha ha I see your Pic.jpg, fat elvis.jpg etc. This thing is really pissing me off, I want to get rid of it NOW.
-
LOL!!!
guys, you can't "trick" a virus by renaming the file. hahaaaaahhaaha. they're a lot smarter than you :p
E for Effort though
-
i've had this problem before just like you adwight, its probably a virus like you said, it installs it self in the C:\WINDOWS\SYSTEM32 folder, Run
avast antivirus, it will most likely find the virus, then you have to delete some lines in the registry that virus made, but first you have to know what is the name of the virus. And runt the msconfig, see if there is any strange program that installed it self under the Autostart tab.
-
Originally posted by Stealth
LOL!!!
guys, you can't "trick" a virus by renaming the file. hahaaaaahhaaha. they're a lot smarter than you :p
E for Effort though
Depends on how well the virus is written. You should really know these things, Stealth...you do after all run a hosting server. :)
-
if it lets you run MSconfig that seems like a glaireing mistake on the virus writers fault, disable everything in the startup tab for start, and run in safe mode (you can do that from msconfig).
it also might be a good idea to disconect frome the internet whaile fighting this thing. you don't know what it's doing
-
Spybot from Safe Mode didn't do a thing, I was able to install it, but it doesn't detec the virus. Im probably just going to take it to the store and have them clean it out.
-
www.trend.com
Try the online scan there, it's not too shabby ;)
-
Scan won't work, because the virus closos the window as soon as that pops up. Any of you guys ever caught a thing this smart??? It's insane.
-
A format would kill it....
Can you still burn CD's? Then see if you can grab Knoppix. It's a Linux version on CD. You don't have to install anything, but it'll boot from the CD. You can have some working safe net acces, allowing you to use one of those internet scans without the virus interfering.
I haven't heard of a virus that can defeat Knoppix, since Knoppix won't even touch the hard drive unless you tell it to.
-
Check your PMs Adwight.
-
if you were able to install spybot in safe mode then maybe it doesn't load up in safe mode (they usualy don't)
try the virus scan mentioned when in safe mode.
if that doesn't work, run hijackthis and report what it finds. _do not do anything untill one of use tells you to_. hijackthis will report everything that _could_ be a virus, includeing things that arn't, things that might very well be critical to your computer running. it is a nuke.
I have had virus/spyware programs nearly/as smart as this one, as soon as you are able to figure out a way to run the computer without wakeing it up you are half way to killing it. it does not wake up in safe mode, you have managed to boot into safe mode, if you can find were it is hideing now it will not come back.
-
In Firefox, use the "Confirm Closing Multiple Tabs" option of the TabBrowser Preferences extension. Then make sure you have a couple of tabs open when you go to the online scan thing. This should allow you to cancel the "Close Browser" command the virus seems to be sending when you try to run an online scan.
That said, try this program (http://www.neuber.com/taskmanager/). It's a 3rd-party task manager that the virus might not catch on to. It rates the threat level of all your running processes.
-
hmm, is that able to close multable processes simotaniusly?
-
Yup.
-
If that doesn't work try this (http://safsquad.com/Files/EndItAll2.zip), its basically the same thing.
-
I've killed all the stuff, yet it still seems to be there. Sandwich could you lead me through the process to do that option thing, I can't seem to find it.
At least end it all is letting me do an online virus scan, lets hope it finds this thing and kills it. Thanks Kie to referring me to it.
-
No problem, glad I could help.
-
Originally posted by adwight
I've killed all the stuff, yet it still seems to be there. Sandwich could you lead me through the process to do that option thing, I can't seem to find it.
At least end it all is letting me do an online virus scan, lets hope it finds this thing and kills it. Thanks Kie to referring me to it.
If you're already doing an online virus scan then mission accomplished - that's all the Confirm Close Tabs thing was supposed to allow you to do. :)