 |
 | Viruses found |  |
|
sina
|
|
Hi,
Yesterday, while on the internet, a window popped up with "Warning Spyware Detected on Your Computer!" written on it. It basically froze my computer. The window wanted me to download some program to remove viruses. I didn't download any. I shut down the computer by pressing on the power on button and holding it. I then started my computer going into the safe mode by pressing f8 repeatedly. In safe mode I downloaded the clamwinportable program and I found 4 viruses. I deleted the 4 viruses and also emptied the recycle bin trying to get rid of them. My first question is : Is deleting these viruses ok? Then I tried to start my computer the ordinary way and the same irritating window "warnig spyware ..." showed up on my desktop. I ran clamwinportable again, it found 1 virus. This time I didn't delete the virus. It is sitting in the quarantine folder. Below is all the report I got when I ran ClamWin. Can you please help me? What should I do now? I have a Toshiba laptop and is running windows xp media center edition. I am worried that I shouldn't have deleted those 4 infected files. How can I get rid of the problem of this window poping up and freezing my system? How can I get my computer to run smoothly again? Any help is very much appreciated. Sina Scan Started Wed Sep 10 15:02:47 2008 ------------------------------------------------------------------------------- C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\interchk.chk: Permission denied C:\Documents and Settings\M Tajdari\Local Settings\Temp\.tt2F4.tmp: Trojan.Peed.IG FOUND C:\Documents and Settings\M Tajdari\Local Settings\Temp\.tt2F4.tmp.exe: Trojan.Peed.IG FOUND C:\Documents and Settings\M Tajdari\Local Settings\Temp\nsn6.tmp: Permission denied C:\pagefile.sys: Permission denied C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP105.tmp\System.Web.dll: Trojan.Hupigon-11337 FOUND C:\WINDOWS\system32\blphc7d7j0er3t.scr: Trojan.FakeAlert-536 FOUND C:\WINDOWS\system32\config\default: Permission denied C:\WINDOWS\system32\config\SAM: Permission denied C:\WINDOWS\system32\config\SECURITY: Permission denied C:\WINDOWS\system32\config\software: Permission denied C:\WINDOWS\system32\config\system: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 415764 Engine version: 0.94 Scanned directories: 8392 Scanned files: 88052 Infected files: 4 Data scanned: 16521.12 MB Time: 5761.468 sec (96 m 1 s) Scan Started Wed Sep 10 17:04:39 2008 ------------------------------------------------------------------------------- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP105.tmp\System.Web.dll: Trojan.Hupigon-11337 FOUND C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP105.tmp\System.Web.dll: moved/scheduled to 'C:\clamwinportable\Data\quarantine\infected.System.Web.dll' ----------- SCAN SUMMARY ----------- Known viruses: 415764 Engine version: 0.94 Scanned directories: 1 Scanned files: 1 Infected files: 1 Data scanned: 2.94 MB Time: 12.594 sec (0 m 12 s) Scan Started Wed Sep 10 17:07:59 2008 ------------------------------------------------------------------------------- C:\WINDOWS\system32\blphc7d7j0er3t.scr: Trojan.FakeAlert-536 FOUND C:\WINDOWS\system32\blphc7d7j0er3t.scr: moved/scheduled to 'C:\clamwinportable\Data\quarantine\infected.blphc7d7j0er3t.scr' C:\WINDOWS\system32\config\default: Permission denied C:\WINDOWS\system32\config\SAM: Permission denied C:\WINDOWS\system32\config\SECURITY: Permission denied C:\WINDOWS\system32\config\software: Permission denied C:\WINDOWS\system32\config\system: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 415764 Engine version: 0.94 Scanned directories: 342 Scanned files: 4262 Infected files: 1 Data scanned: 910.38 MB Time: 360.312 sec (6 m 0 s) Scan Started Wed Sep 10 17:15:24 2008 ------------------------------------------------------------------------------- C:\Documents and Settings\M Tajdari\Local Settings\Temp\.tt2F4.tmp: Trojan.Peed.IG FOUND C:\Documents and Settings\M Tajdari\Local Settings\Temp\.tt2F4.tmp: moved/scheduled to 'C:\clamwinportable\Data\quarantine\infected..tt2F4.tmp' C:\Documents and Settings\M Tajdari\Local Settings\Temp\.tt2F4.tmp.exe: Trojan.Peed.IG FOUND C:\Documents and Settings\M Tajdari\Local Settings\Temp\.tt2F4.tmp.exe: moved/scheduled to 'C:\clamwinportable\Data\quarantine\infected..tt2F4.tmp.exe' ----------- SCAN SUMMARY ----------- Known viruses: 415764 Engine version: 0.94 Scanned directories: 0 Scanned files: 2 Infected files: 2 Data scanned: 3.32 MB Time: 12.078 sec (0 m 12 s) Scan Started Wed Sep 10 21:14:55 2008 ------------------------------------------------------------------------------- C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\interchk.chk: Permission denied C:\Documents and Settings\M Tajdari\Local Settings\Temp\nsb18.tmp: Permission denied C:\hiberfil.sys: Permission denied C:\pagefile.sys: Permission denied C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll: Permission denied C:\WINDOWS\system32\blphc7d7j0er3t.scr: Trojan.FakeAlert-536 FOUND C:\WINDOWS\system32\blphc7d7j0er3t.scr: moved/scheduled to 'C:\clamwinportable\Data\quarantine\infected.blphc7d7j0er3t.scr' C:\WINDOWS\system32\config\default: Permission denied C:\WINDOWS\system32\config\SAM: Permission denied C:\WINDOWS\system32\config\SECURITY: Permission denied C:\WINDOWS\system32\config\software: Permission denied C:\WINDOWS\system32\config\system: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 415764 Engine version: 0.94 Scanned directories: 8297 Scanned files: 85934 Infected files: 1 Data scanned: 16063.44 MB Time: 5891.031 sec (98 m 11 s) |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
I think you are okay with deleting those four files you mentioned. They are all temp files, so they are probably not important, and you probably didn't do any harm to your machine by switching off the power. It appears that you may also have Sophos antivirus and/or Symantec antivirus on your computer--is that correct? It would be best to only use one of them. Have you run any scans with them? What were the results?
I suggest that you run a ClamWin scan in Windows Safe Mode (if possible). Then run a regular ClamWin scan afterwards and see if all is okay. If you are still finding the same viruses, download Dr. Web's Cureit from http://www.freedrweb.com/cureit/ on the web. Download it to your desktop--you don't have to install it--just download and then run it. It will attempt to "cure" any infections it finds. Let it do so, and then choose to run a Complete scan if it fnds anything. Plan C: contact one of the free malware removal assistance services listed on the ClamWin Antimalware page. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
sina
|
|
Dear GuitarBob,
Thank you so much for your suggestions. You were correct in your recommendations. I ran Dr. Web's cureit and it found 10 or so viruses. After several times going back and forth shutting the system down and restarting in safe mode, my machine is back to normal and working and that annoying window doesn't appear anymore. I'm grateful for your help. The only thing that I notice is different is my desktop background. Apparently the virus killed the desktop backgrounds that I could choose from. I used to right click on the desktop and click propeties and be able to pick out a collection of backgrounds. When I do this now, I only get a display properties window with 3 tabs Themes, Appearance, Settings. I think I used to have couple of more tabs. But I don't think this is a big issue, do you? Thanks again, Best wishes, sina |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
It's sometimes hard/impossible to get your computer back exactly the way it was before an infection. On Windows XP, you might try running Windows System File Checker (I don't know if Vista has something similar). Go to Start, Run, you type: sfc /scannow, hit OK. NOTE there is a space after the sfc before the slash. When the scan starts, you will see a progress bar. The scan will take about 45 minutes. Babysit it while it runs--you may have to insert your Windows CD-ROM.
To prevent future infections: Because ClamWin is not yet an on-access\full-time\resident antivirus, you should use it as a backup scanner. If you do not have a resident antivirus, here are some good free ones: Avast (from Alwil), and AntiVir (from Avira). Schedule a daily automatic scan with each AV--at different times. The ThreatFire behavior blocker (from PC Tools) is also a good choice--it is a good complement to ClamWin, and you don't have to schedule any scans. You should also use a resident antispyware (AS) program. Windows Defender from Microsoft is free, it's pretty good, and it's full-time/resident--most free AS programs are not resident. Also make sure you are using a firewall program, and learn how to configure it for maximum protection. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
sina
|
|
Hi again,
Unfortunately, I don't have my Recovery disk from Toshiba right now and I would rather not install the windows xp media edition operating system and have to reinstall my programs again. Do you know of any way I could just install the right files so that my diplay properties windows will have the tabs desktop and screensaver in additon to the other three that is already there now? Perhaps from the Microsoft website? Hmmm..... Thanks for your help, sina |
|||||||||||
|
|||||||||||||
|
 | Viruses found | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.