Virus/help!
Delarosa
Naturally Custom Join Date: 2002-11-29 Member: 10214Members, NS1 Playtester
Naturally Custom Join Date: 2002-11-29 Member: 10214Members, NS1 Playtester
<div class="IPBDescription"> - somehow linked to outwar?</div> ok, here's the deal...
i was on AOL IM (i talk to my hunnies on it, so quiet you!) adn recived a message with 'hey check this out, this is the camera i'ma get so you can see my pictures of camp (___link__)'
which isn't unusual because this person WAS going to camp... so i didn't think anything of it. and clicked the link... now now, i'm not a retard, i looked at the link, it was camera.pdf... so i'm like 'hey a pdf can't hurt!'
now, here's the symptoms of this virus...
on aim messages, other people get the same message about the camera, but i don't see the link, at all, i mean, your on my list, you'll get the link, and i won't even see the friggin window open up...
Task Manager... here's my biggest part about the virus, it's not letting me get into task manager, i mean, it'll blink up, show up in the start menu area, and well, go away.
On shut down, and only shutdown - norton pops up, freaks out, and finds 18 files, that it can't delete, edit, quarentine, or delete... and this only happens on shut down
now, norton doesn't pick it up, and that free online virus scanner doesn't find it... any suggestions?
-and-
any way to get into task manager without 'ctrl + alt + del'?
i was on AOL IM (i talk to my hunnies on it, so quiet you!) adn recived a message with 'hey check this out, this is the camera i'ma get so you can see my pictures of camp (___link__)'
which isn't unusual because this person WAS going to camp... so i didn't think anything of it. and clicked the link... now now, i'm not a retard, i looked at the link, it was camera.pdf... so i'm like 'hey a pdf can't hurt!'
now, here's the symptoms of this virus...
on aim messages, other people get the same message about the camera, but i don't see the link, at all, i mean, your on my list, you'll get the link, and i won't even see the friggin window open up...
Task Manager... here's my biggest part about the virus, it's not letting me get into task manager, i mean, it'll blink up, show up in the start menu area, and well, go away.
On shut down, and only shutdown - norton pops up, freaks out, and finds 18 files, that it can't delete, edit, quarentine, or delete... and this only happens on shut down
now, norton doesn't pick it up, and that free online virus scanner doesn't find it... any suggestions?
-and-
any way to get into task manager without 'ctrl + alt + del'?
Comments
Actually, after thinking this sounds alot like W32.spybot.
If you want to end the task you can use the task kill command in Winxp
When you find out the name of the process thats running (i'll see if i can find the one that closes tskmanager for you) go to run and run cmd.
Then type
taskkill /im nameofexe /f
you should then get a confirmation say it has been shut down.
then exit.
I'll look around to see if i can find some full uninstallation instructions.
Open regedit , go to HKEY_LOCAL_MACHINE->software->microsoft->windows->currentVersion->run
and see if there are any suspicious items in there. That way you can at least stop it from loading, and clean the infected files.
[EDIT]
A good idea would be to do a search on google for the keys you find out of place, if they're from a virus there's a good chance there's a site out there that lists all the altered/added keys
This sounds like you're problem.
<a href='http://www.skywolf.net/fixes/aim.html' target='_blank'>Clickeh here</a>
That should solve it.
Good luck.
it tried to give everyone BigMac.exe i had to go kill it all manually ... it sucked
i didn't click a THING.... so no mouse interaction happened, and BLAM, the ns forums turns into
YOU HAVE JUST BEEN RECRUITED AS XdragoonX'S THUG....
this sukka is going down...
thanks for the help guys
i found it, and once i hit the mouse button once, norton goes crazy... access denied because it's in use, 'ok' cannot clean file 'ok' .... over and over and over again, it won't go away. and it won't let me delete it, because norton is using it....
windows cannot find the process 'taskkill' so it can't run it.
Regedit has the same problem as task manager, closes down as soon as it loads up.
Adaware won't install... i'ma try this one a few more times...
any other ideas?
If it's win2k start up in safemode and follow the instructions from step 10 on the link I posted, or i'll just paste it here
>10) launch windows explorer
>11) goto c:\documents and setting\all users\startmenu\programs\startup
>12) remove dcom.exe
>13) run regedit
>14) click on my computer
>15) press control f (for find)
>16) type winsock2
>17) erase any setting that points to wuaumqr.exe
> only erase files that point to "wuaumqr.exe
>all other files are ok
>18) go back to top, click on my computer and press control f
>19) type wuaumqr.exe
>20) delete anyfiles that point to this location
>21) go back to my computer and press control f
>22) delete any files that point to dcom.exe (if any)
>23) exit registry
>24) click start then run the type msconfig and press enter
>25) uncheck the box pointing to wuaumqr.exe
>26) click apply then exit msconfig (ok)
>27 ) click start then run the type cmd and press enter
>28) type cd\windows\system32
>29) type attrib wuaumqr.exe -h
>30) type del wuaumqr.exe
>31) type cd\
>32) type dir download_me.exe /s
>33) if this file exist on your computer goto that directory and type line 37
>34) attrib *.* -h -a -r
>35) type del.
>36) type cd\
>38) type dir dcom.exe /s /a
>39) if this file exists goto that directory and repeat steps 37 - 39
>40) type exit
>41) reboot system
>42) when system boots a message will pop up telling you that you are using a utility
>check the box marked
>"don't show me this message again, reboot system.
That should remove the taskmanager killing virus.
Then follow the instructions at the top of the link to remove the AIM spammer.