ATTN: VIRUS:Newb needs help!!

S

Sokretys

New Member
OK:

i purchased my desktop 6 weeks ago:

HP: 6gb ram, amd quadcore, nvidia gt 9800, 1.75 Tb HD, 64 bit vista

Needless to say i was constantly using my entire bandwidth on Vuze. I decided t o get a better antivirus and downloaded BitDefender AntiVirus 2009. After the install it requested that i reboot. after the reboot all hell broke lose. The main screen would not fully load. the sidebar never shows up and the thinking circle is constantly spinning. i disconnected from the internet apprx 20 minutes later.

i have tried to install AVG antivirus in safemode but it wont let me. safemode seems to be working fine...a bit slow tho. i have scanned with malwarebytes anti-malware and all is well.

i dont know what else to include or ask for...please help me out.

thanks so much,

-Nate
 
Allright. First, calm down. Safe mode is still working, so you can act.

Every virus needs to make sure that it starts when Windows starts. So waht we are going to do, is to stop it from starting.

1. Download SpyBot Search & Destory
2. Install it. Update it, and scan.
3. Mode --> Advanced
4. Go to Tools (bottom left of the screen).
5. Click "Resident" and check the box saying "Resident TeaTimer"

What we are going to do, is changing the Windows Registry. The Windows registry contains, amongst other things, a list of programs which start at boot. We are going to remove the viruses from the list.

The problem is however, that some viruses detect that it has been deleted from the list, and put themselves back in. That is why we need the TeaTimer. The TeaTimer allows you to Accept or Deny any change to the registry. So, if the virus tries to get back on the list, you can just deny it.

No go to start -> Run. Type regedit and hit enter. Then go to HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Run. Then, delete anything (right screen) which looks suspicious. Google if you are unsure.

Then do the same for HKEY_CURRENT_USER -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Run.
 
i am trying to install it on my desktop in safe mode. when i do so by creating a desktop icon and "use system settings protection(tea timer)" i get...

File Download:

error sending request

the server name or address could not be resolved.

what now...thanks so much!!
 
i just ran spybot on my laptop to have a practice run. i have optiontialcomponents after thefirst "run" which has IMAIL, MAPI, MSFS.

name type data
IMAIL: (default) REG_SZ
installed " 1

MAPI: default "
installed " 1
NoChange " 1

MSFS: default reg sz
installed regsz 1
 
hkey current user: much more came up in the search. now that i know how to set up the opperation i need to know how to actually install it on my desktop. im going to try and install spybot on my laptop and update it etc. and then try moving the spybot.exe and all of its files over the desktop and see what happens.
 
k so i ran malwarebyte's and it found a hyjak somthin or other. i deleted it and it automatically rebooted. it asked for my permission for malwarebytes to continue and then it acted like it got the virus again. thats if it ever got rid of it.
 
got it to work...had to go into c drive and pull up the "spybot-s&d security center launcher". it is performing a scan. cannot update even when on safemode with networking.

i went into regedit and did as advised. nothing looked strange but i deleted one file that was a bitdefender file.
 
K. so i was able to run spybot without the updates on safe mode from my flash drive. it was able to remove some things. so when i boot up normally it will allow me open some things. have the time the applications dont respond. the other half of the time they come up but 5-15 minutes later. aim comes up automatically and it came up almost 2 hours after booting up.

So, there is clearly still something wrong. but not as bad as it was. malwarebytes found a hijak as well. i posted my hyjakthis log on bleepingcomputers.com. '

im currently trying to install spy-bot and get the updates. its actually recognizing the internet now... any thoughts?

Thanks again,

-Nate
 
Not sure if this will make a difference, but BitDefender has a 32 bit and a 64 bit version. maybe you installed the wrong version of BitDefender? It would depend on what version of OS you installed.
 
Bliepo said:
Allright. First, calm down. Safe mode is still working, so you can act.

Every virus needs to make sure that it starts when Windows starts. So waht we are going to do, is to stop it from starting.

1. Download SpyBot Search & Destory
2. Install it. Update it, and scan.
3. Mode --> Advanced
4. Go to Tools (bottom left of the screen).
5. Click "Resident" and check the box saying "Resident TeaTimer"

What we are going to do, is changing the Windows Registry. The Windows registry contains, amongst other things, a list of programs which start at boot. We are going to remove the viruses from the list.

The problem is however, that some viruses detect that it has been deleted from the list, and put themselves back in. That is why we need the TeaTimer. The TeaTimer allows you to Accept or Deny any change to the registry. So, if the virus tries to get back on the list, you can just deny it.

No go to start -> Run. Type regedit and hit enter. Then go to HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Run. Then, delete anything (right screen) which looks suspicious. Google if you are unsure.

Then do the same for HKEY_CURRENT_USER -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Run.
Click to expand...

I had Spybot Search and Destroy on my infected computer, but when I downloaded Kaspersky Security, it alerted me that it was not compatible and must be deleted first. I'm on a 30-day trial with Kaspersky.

Should I re-download Spybot even with Kaspersky? Should I reinstall Spybot and delete Kaspersky? Is one of these two clearly the better choice? Does Kaspersky have the TeaTimer-like capability?

Thanks.
 
You must log in or register to reply here.
Back
Top