How to get rid of computer viruses?
November 16, 2008 11:50 PM   Subscribe

Infected computer needs help!

I've checked a few previous questions here and tried some of the things suggested, but having very little luck getting my computer back in working order.

The symptoms:
At first google was re-directing me on searches. If I clicked any of the results, I was redirected to spyware looking sites. Then this little red circle with a white X on it appeared on my tool-bar. It says "Your Computer Has been Infected!" and recomends I download spyware software. This seems to be part of the spyware.
Any attempts I make to get to a site that will let me download real spyware detection stuff are somehow blocked. A "Page Load error" comes up. I can navigate around these sites fine, it is just whn I click on the actual dowload links that it gives me the error message.
I managed to get "Ewido", which was suggested on a previous question here. It cleaned up some things, but now I can not log on to my computer on my account, it loads, then freezes (I'm on the guest account right now).
When I use the "Search" option on my start menu, the computer resets.
And finally, I can not start in safe mode, for some reason.

I'm running Windows XP on an Acer Aspire 3610.

And because I'm only able to log in on the guest account now, I can't use any of the Windows anti virus stuff.

Any ideas? And if I can't do it myself does anyone know where I can take my computer in Toronto to get it fixed?
Thanks!
posted by melgy to Technology (12 answers total) 5 users marked this as a favorite
 
Sounds like something I just went through here. (And ironically, the infection came from a link in a posting--since removed--here on The Green.)

In my case, my computer was infected with the brastk virus. I got rid of it all (and its auxillary programs) by using Avenger and Malwarebytes Anti-Malware. Do some Googling for brastk and another file called karna.dat, and you'll find some explicit directions for how to use Avenger and the Anti-Malware program to remove the virus, if indeed brastk is what you have.

Hope this helps.
posted by yellowcandy at 12:23 AM on November 17, 2008


This seems to be getting worse! Clicking those links sends me to the "page load error" message. It seems I can't load pages that might help me.
posted by melgy at 12:27 AM on November 17, 2008


you could always try running

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

this will show everything that runs on bootup, you will be able to remove anything that looks spywareish from running.

Then head to

c:\windows\system32\drivers\etc\ open up the hosts file and delete all entries apart from localhost 127.0.0.1

reboot your computer then download any anti spyware apps you might need.

[folder locations are from memory as I have not run an windows computer in a while]
posted by moochoo at 12:50 AM on November 17, 2008 [1 favorite]


Try running Trendmicro's Housecall, it doesn't require you to download anything manually, it can do a full scan remotely. If you can't click on links, type this in:

http://housecall.trendmicro.com/

If you are unable to do that, you may need to do something drastic like download a live boot image of an anti-malware suite and burn it to disk, enabling you to bypass the crap that is getting loaded when you boot the OS.
posted by Nixie Pixel at 2:28 AM on November 17, 2008 [1 favorite]


I've recommended this site time and time again here. It's a step-by-step guide on how to do an in-depth malware removal on Windows using free and readily-available software. Follow it closely and I think you'll be fine. However, if you're still having trouble after following this guide, you may be too far gone, and I'd suggest biting the bullet and reinstalling Windows.
posted by joshrholloway at 5:13 AM on November 17, 2008 [4 favorites]


Seconding joshrholloway's post. Everything that I would've said is stated in that link.
posted by ThirstyEar2 at 6:44 AM on November 17, 2008


Sounds like you have smitfraud. There is a fix here.

If you cannot log in then you can try logging in as administrator. If you dont have the administrator password then you can reset it with this third-party tool. You can also run this if you boot up with the ultimatebootdisk or BartPE.

Honestly, it sounds like youre hosed. I would focus on backing up your documents, favorites, etc and reinstalling windows from scratch. You can use the ultimatebootdisk or a linux boot disc to boot up with to copy your items to a flash drive.
posted by damn dirty ape at 7:02 AM on November 17, 2008


I've dealt with this type of infection scores of times. Run "Combofix" on your PC, then install Spybot Search and Destroy and scan as a follow up. This has about a 98% success rate in my experience.

It's seldom really necessary to wipe and reinstall. Combofix is really effective specifically against this kind of spyware.
posted by BigLankyBastard at 7:09 AM on November 17, 2008 [1 favorite]


On preview, it looks like you may need to gather the Combofix and Spybot install files from an alternate, uninfected PC, then move them to your infected machine via a flash drive or other medium. The better-written spyware apps will work to prevent you visiting any of the websites you can use to fight them.
posted by BigLankyBastard at 7:11 AM on November 17, 2008


This.
posted by deezil at 6:36 PM on November 17, 2008


I downloaded all of the things that deezil advised (thanks, looks comprehensive), but now my computer will not boot in safe mode, it just resets as window is loading. Anyway around that?

Thanks!
posted by melgy at 9:13 PM on November 20, 2008


That elite-killer page suggests this live CD: "Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer."
posted by Pronoiac at 12:36 PM on November 22, 2008


« Older Don Draper is a litter-bug   |   Whats the best platform and tips for a new band's... Newer »
This thread is closed to new comments.