I need help!! Virus on Laptop

I

insanepyro36

New Member
I believe i have a virus, i was talking to someone else and they said it might be something with a dos prompt? im not that great with computers so i am not sure. but this is the story so far...

about six months ago i started having problems with my lap top, any time i would try to click on a program to open it, like internet explorer instead of opening a black box would pop up for a second and then disappear and the program wouldnt open. Slowly it started to happen to every single program i have on the computer to the point where nothing would open just a black box that pops up for a second.

I recently decided i wanted to fix the lap top, and when i restarted the computer as soon as the desk top loads a whole bunch of these boxes pop up for no reason without me opening anything it must be 20 or so of these black boxes that pop up and then quickly disappear.

i tried installing a norton antivirus but once i put in the cd and click on install now the same thing happens, a black box that pops up and then quickly disappears. i tried restarting the computer with the cd in and clicked the start from cd, it says it finds no virus but there has to be something.

i have a dell latitude D810 lap top with Windows Xp, any ideas?
 
bkribbs

bkribbs

New Member
rwm19 said:
if you dont have anything of importance, reinstall operating system?
Click to expand...

No. We can help. Hold on just a minute and I will post back with what you need to do.

EDIT- Credit goes to Johnb35 for this. Do it, and he will help you out, I am just getting you started.

Please download Malwarebytes' Anti-Malware from here and save it to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Last edited:
I

insanepyro36

New Member
bkribbs said:
No. We can help. Hold on just a minute and I will post back with what you need to do.

EDIT- Credit goes to Johnb35 for this. Do it, and he will help you out, I am just getting you started.

Please download Malwarebytes' Anti-Malware from here and save it to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
Click to expand...

the only problem is i dont think i will be able to download anything let alone get onto the internet, im on a completely diff lap top right now..so how will that work? or can i do it in safe mode?

i just tried to click on internet explorer or fire fox and it wont let me access the internet so how will i download the program?
 
Last edited:
bkribbs

bkribbs

New Member
insanepyro36 said:
the only problem is i dont think i will be able to download anything let alone get onto the internet, im on a completely diff lap top right now..so how will that work? or can i do it in safe mode?

i just tried to click on internet explorer or fire fox and it wont let me access the internet so how will i download the program?
Click to expand...

Download it on the computer you are on, then use a flashdrive. But be careful, because that could infect the flashdrive after you put it in the infected computer.

EDIT- Oh and yeah, use safe mode. And try these, they supposedly temporarily stop the virus, but I have never gotten to use it. This is a different place then where I usually get it from, but they are the same thing. http://forums.cnet.com/5208-6132_102-0.html?threadID=365993 It is in the second post, try all four until one works.
 
Last edited:
johnb35

johnb35

Administrator
Staff member
Just to add,

It seems this laptop is extremely infected. For now I wouldn't even try malwarebytes as you probabaly wont even get it to run even with rkill. So try this procedure,

Download combofix from a working computer and put it on a flash drive. Boot to safe mode on the infected machine and then transfer combofix to your desktop and run it from there, do not run it from the flash drive. If you can't get get combofix to run then redownload the file but this time save it as combo-fix instead of combofix.

If it still won't run download and run hijackthis and post the logfile from it, the instructions are in bkribbs post. That way we can see whats actually running on startup.

Get combofix here.

http://www.bleepingcomputer.com/download/anti-virus/combofix
 
I

insanepyro36

New Member
johnb35 said:
Just to add,

It seems this laptop is extremely infected. For now I wouldn't even try malwarebytes as you probabaly wont even get it to run even with rkill. So try this procedure,

Download combofix from a working computer and put it on a flash drive. Boot to safe mode on the infected machine and then transfer combofix to your desktop and run it from there, do not run it from the flash drive. If you can't get get combofix to run then redownload the file but this time save it as combo-fix instead of combofix.

If it still won't run download and run hijackthis and post the logfile from it, the instructions are in bkribbs post. That way we can see whats actually running on startup.

Get combofix here.

http://www.bleepingcomputer.com/download/anti-virus/combofix
Click to expand...

i am in the process of trying this, but i just wanted to add that when i go into task manager i see alot of svchost.exe and when i try to end them they just come back..so if that helps pin point anything...and could i just reinstall an operating system disc for windows xp? would that work or no, cause my friend has one he could give me just wondering..thanks for all the replies i have to give out reps
 
johnb35

johnb35

Administrator
Staff member
Having a lot of SVChost entries in task manager is normal. I have 8 running right now. You may have to reinstall the OS. The only way that you can use your friends cd is if your running the same version of windows for that cd he has. So right now you are running a Dell laptop that has an OEM version of XP installed, so your friend must have an OEM XP install cd. The only problem I can see is that you won't be able to activate XP with your dell key as microsoft has deactivated all the preactivated keys. You would have to call microsoft and explain the situation and see if they will give a new reactivation code.

However, lets see if we can't clean up your system and save you the hassle.
 
I

insanepyro36

New Member
johnb35 said:
Having a lot of SVChost entries in task manager is normal. I have 8 running right now. You may have to reinstall the OS. The only way that you can use your friends cd is if your running the same version of windows for that cd he has. So right now you are running a Dell laptop that has an OEM version of XP installed, so your friend must have an OEM XP install cd. The only problem I can see is that you won't be able to activate XP with your dell key as microsoft has deactivated all the preactivated keys. You would have to call microsoft and explain the situation and see if they will give a new reactivation code.

However, lets see if we can't clean up your system and save you the hassle.
Click to expand...

but it will cure any problem correct?, im just nervous to download any of that softer you guys mentioned on my girlfriends computer cause i dont want to mess up her lap top too lol
 
johnb35

johnb35

Administrator
Staff member
Trust me, it won't. I use these programs on a daily basis on my clients computers and users here at the forum. I'm a moderator and wouldn't have you run software that would ruin a system. I'm here to help users, not make their lives miserable.

:)
 
I

insanepyro36

New Member
johnb35 said:
Trust me, it won't. I use these programs on a daily basis on my clients computers and users here at the forum. I'm a moderator and wouldn't have you run software that would ruin a system. I'm here to help users, not make their lives miserable.

:)
Click to expand...

okay so download the combofix on this computer put it on a flashdrive, start the infected computer in safe mode and put the combofix onto the desk top correct?..will the flash drive then be considered infected and should i not use it again after that?
 
johnb35

johnb35

Administrator
Staff member
Yes, do exactly that. After you get done we will scan the flash drive for infections. It's possible it could get infected but not probable.
 
I

insanepyro36

New Member
johnb35 said:
Yes, do exactly that. After you get done we will scan the flash drive for infections. It's possible it could get infected but not probable.
Click to expand...

okay so another issue, my girlfriends computer is windows vista and the combofix cant install on a vista, i can download the installation to the flash drive, but i cant install combofix onto this computer and put it on the flash drive so now what??
 
johnb35

johnb35

Administrator
Staff member
Is it vista 64bit? If so combofix won't run on a 64bit OS. I was hoping it wasn't. Now it looks like you'll have to install malwarebytes in safe mode.
 
I

insanepyro36

New Member
johnb35 said:
Is it vista 64bit? If so combofix won't run on a 64bit OS. I was hoping it wasn't. Now it looks like you'll have to install malwarebytes in safe mode.
Click to expand...

im sorry for bothering you so much, i really appreciate you bein so helpful

will combofix download on a mac? and can i transfer it onto the flash drive to the infected computer? or will that not work cause theres a mac computer in the house too
 
johnb35

johnb35

Administrator
Staff member
Wait a minute....You aren't trying to install it on the computer your downloading it from are you? You don't need to. Just download the file onto the flash drive and then move the flash drive to the infected computer, transfer the combofix file to the desktop after booting to safe mode and run it.
 
I

insanepyro36

New Member
johnb35 said:
Wait a minute....You aren't trying to install it on the computer your downloading it from are you? You don't need to. Just download the file onto the flash drive and then move the flash drive to the infected computer, transfer the combofix file to the desktop after booting to safe mode and run it.
Click to expand...

ohh okay i thought i had to download and install it onto the working computer, and then transfer it to the flash drive and just run it on the infected computer, so i should be able to open and install it on the infected computer in safe mode?
 
johnb35

johnb35

Administrator
Staff member
Combofix is a stand alone program and will not install. You just run it.

Depending on the type of infection you have it may or may not run. If it don't I'll have you download a different file to download and run before trying combofix. When you download it, remember to save it as combo-fix not combofix. You just can't rename it after downloading it, you have to change it before you download it.
 
I

insanepyro36

New Member
johnb35 said:
Combofix is a stand alone program and will not install. You just run it.

Depending on the type of infection you have it may or may not run. If it don't I'll have you download a different file to download and run before trying combofix. When you download it, remember to save it as combo-fix not combofix. You just can't rename it after downloading it, you have to change it before you download it.
Click to expand...

whats the other file i will have to download i think i will just download both now so i can just try both methods right away if the first doesnt work
 
johnb35

johnb35

Administrator
Staff member
Rill.scr

http://download.bleepingcomputer.com/grinler/rkill.scr

This program should disable any active infections that would stop combofix and malwarebytes from runnning. However, do not reboot the computer after running rkill or you'll have to run it again as rebooting will reactivate the infection. Just run rkill and then try running combofix if it won't run the first time.
 
You must log in or register to reply here.
Top