I need Computer Tech help

Hitman26 · Jan 6, 2005

Hi guys. I've gotten a virus or spyware that has hijacked my homepage and keeps giving me random popups and trying to force me to sites to pay money to get rid of it. I went to microsoft's site and downloaded their new "beta" Anit Spyware software. I've run it 4 times and it keeps finding and deleting the spyware, but it keeps coming back 2 minutes later. I need help guys.

WTF should/can I do to get my computer clean again?
Hitman

TheGeneral+ · Jan 6, 2005

http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us

http://www.helpwithwindows.com/index.shtml

Go here and use the help section.

Help sections are highly underrated.

Holysmoke+ · Jan 6, 2005

did you try ad aware? if not try it from download.com

Holysmoke+ · Jan 6, 2005

also post the name of the trojan you have

Hitman26 · Jan 6, 2005

I need virus software too. Do you know where I can get it for free?

Holysmoke+ · Jan 6, 2005

http://free.grisoft.com/freeweb.php/doc/2/

michael777 · Jan 6, 2005

try this http://www.spychecker.com/program/hijackthis.html

Holysmoke+ · Jan 6, 2005

also scrap IE and d/l mozilla. since I switched I do not receive worms and trojans, and stay away from those porn sites ; )

Hitman26 · Jan 6, 2005

Holysmoke:

"also scrap IE and d/l mozilla. since I switched"

Could you explain what you were saying here? Are you telling me I should not use Internet Explorer or d/l mozilla? What is d/l moszilla? What browser do you recomend?

Btw: Thanks for the free virus site AVG. It seems to have cured my computer and my blood pressure has come down about 50 points since.

Forgive my stupidity please, I'm just trying to learn
Hitman

WorldRunner · Jan 6, 2005

hitman,

mozilla can be found in google

Use google whenever you need to find something

You'll have to change your forum options to post with mozilla... But it's worth it. And actually I suggest you use firefox although it does have it's own issues that IE doesnt have.

Sometimes Firefox can severly slow your computer on internet pages with animated gifs and other quirky stuff.

DarrylParsons · Jan 6, 2005

Before you run your virus/adware/spyware removal program you should disable the system restore feature. This is because your computer may think your virus program is messing up your system files and so will automatically "restore" your system to the previous state (ie. with the virus). Goes along with my theory which says the more gadgets you have to "protect" you the more stuff will fukk up in the end...anyway...to do that...

go to "my computer" (from the start menu)

then click on "show system information"(*)

then a bunch of tabs come up and you should click the one on the back left entitled "system restore"

Then there will be a check box near the top which says "disable system restore". Click that and when it says "your computer may explode, are you sure?" click "yes". Then run the virus programs again and when everything is cleared go back and unclick the same box. That will turn on the "protection" again.

GL!

(*) these names may be slightly different because my computer is in a different language and I'm translating

quantumleap · Jan 6, 2005

www.trendmicro.com

Free virus scan.

(btw-the answer to the trivia question there is "a stripper from Miami".)

Holysmoke+ · Jan 6, 2005

Hitman26 said:
Holysmoke:

"also scrap IE and d/l mozilla. since I switched"

Could you explain what you were saying here? Are you telling me I should not use Internet Explorer or d/l mozilla? What is d/l moszilla? What browser do you recomend?

Btw: Thanks for the free virus site AVG. It seems to have cured my computer and my blood pressure has come down about 50 points since.

Forgive my stupidity please, I'm just trying to learn
Hitman

I recommend mozilla, it has been great for me and no more worms and I love the pop up blocker.

also recommend a firewall if you have cable internet and it is free as well.

sygate personal firewall is good and it is also at download.com

for surfing the web I have

1. mozilla as browser
2. ad aware for spyware cleaner
3. sygate for firewall
4. pc cillin for antivirus

I have 3 mbps cable internet so I must have a firewall

sherman · Jan 6, 2005

i dont know or else i'd help.....good luck

in fact, i need some help too.....

norton says i have a virus....backdoor.coreflood (save the jokes)

the window that norton pulled up wont let me close the window! what do i do...

thank you!

Holysmoke+ · Jan 6, 2005

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as Backdoor.Coreflood.
5. Reverse the changes that were made to the registry.

Holysmoke+ · Jan 6, 2005

5. To reverse the changes to the registry

Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

1. Click Start > Run.
2. Type regedit

Then click OK.

3. Navigate to the key:

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run

4. In the right pane, delete any value that refers to any files that were detected as Backdoor.Coreflood.

Note: All the variants do not add an entry to this key.

5. Navigate to and select the key:

HKEY_LOCAL_MACHINE/Software/Classes/CLSID

6. Click Edit > Find.

7. In the "Find what" box, type the file name of the .dll file that was detected as Backdoor.Coreflood in section 4.

8. If you find an entry of the form:

"(Default)"="%System%\<detected file name>.dll

in the registry key:

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<random clsid>}\InProcServer32

then write down the <random clsid> value>

Then, in the left pane, delete the subkey:

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<random clsid>}

9. Next, click Edit > Find to repeat the search, as there may be more than one such key. Delete any that are found.

10. Navigate to and delete the key:

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion
\Explorer/Browser Helper Objects/{<random clsid>}

where {<random clsid>} matches one of the values found and deleted in the previous searches.

11. Navigate to and delete the key:

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/
Explorer/ShellIconOverlayIdentifiers/<detected file name>

Note: <detected file name> should match the name of the infected dll file. For example, if abcdwxyz.dll was detected as Backdoor.Coreflood, then delete the registry key:

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/
Explorer/ShellIconOverlayIdentifiers/abcdwxyz

12. Exit the Registry Editor.

13. Restart the computer. If you could not delete any files in section 4, use Windows Explorer to locate and delete them.

WorldRunner · Jan 6, 2005

sherman said:
i dont know or else i'd help.....good luck

in fact, i need some help too.....

norton says i have a virus....backdoor.coreflood (save the jokes)

the window that norton pulled up wont let me close the window! what do i do...

thank you!

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.coreflood.html

sherman · Jan 6, 2005

holy, thanks so much but i cant find HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run

sherman · Jan 6, 2005

things like this are why this is the best website around!

Holysmoke+ · Jan 6, 2005

sherman said:
holy, thanks so much but i cant find HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run

hmm.

click start

then click run

then type regedit

then click the plus sign next to hkey local machine

then the plus sign next to software/ then microsoft plus sign/ then windows plus sign/ then current version plus sign then click run

then the right panel will have its contents