aughhhhh no no no no no
September 28, 2015 4:34 PM Subscribe
What the hell is going on with my computer help help help
Ugh, so when I got home today I turned on my computer (cheap Dell desktop running Windows 7, no bells or whistles, using a TV as my monitor and a wireless keyboard/trackpad) there was something funny up. It was one of those windows firewall messages that you get saying such-and-such is blocked by the firewall, do you want to allow it. I didn't really pay much attention to it (in retrospect, dumb) because sometimes my dog steps on my keyboard when I'm out and pulls up funny stuff. Near as I can remember, the thing windows firewall said it was blocking was something that was not but looked quite a bit like blddldbbbld. Basically--gibberish heavy with lowercase Bs and Ds. I thought "yeah, the dog walked on the keyboard," clicked cancel (the only option other than "allow"), and didn't think much of it.
And then a few seconds later, another message popped up saying that vcwodk.exe had stopped running. I don't know what that is and the internet doesn't seem to, either. And then I got yet another message saying that rundll32.exe had stopped running. My computer was being very laggy. I just want to watch some TV so I pulled up one of the episodes of Dead Like Me I downloaded last night (which may turn out to be unfortunately relevant, though it's just a bunch of .avi files) but it was super choppy and laggy. Task Manager showed that 90% of my physical memory was being used. Nothing obviously nefarious was popping up in the processes list, but there's always a pile of stuff there and most of it is gobbletygook I don't care about or pay any attention to, so who knows.
Anyway, hoping this was all some fluke that would go away, I restarted my computer (shut down and started up just fine) and opened task manager again for a fresh look. A few weird things stood out this time: there were four instances of conhost.exe (which I know is a thing), two of which were taking up a lot (like, Chrome levels) of memory. And there are probably 5 or 6 of something called mopi.exe which isn't anything I (or the internet, apparently) know anything about.
So I open my browser with the intent to download and run AVG, when all of a sudden windows helpfully pops up a little notification from the system tray being all "hey, windows defender isn't running" and then a second later "hey, there's no antivirus program running" which I didn't click on or acknowledge, because obviously there's something hinky up with the machine.
At this point, AVG is just a few minutes away from being downloaded at which point I'll run it and hope it'll figure out what's happening.
Do any of you have any idea what's going on? wtf is mopi.exe and how screwed am I? I know about deezil's profile page and that's where I'm headed next, I was just really hoping someone could be like "yes, I know exactly what this thing is" and save me from an evening of being sad.
Please no shaming about me doing something stupid here. It's been since I was a teenager that I've had a virus on one of my machines and I feel bad enough as it is.
Ugh, so when I got home today I turned on my computer (cheap Dell desktop running Windows 7, no bells or whistles, using a TV as my monitor and a wireless keyboard/trackpad) there was something funny up. It was one of those windows firewall messages that you get saying such-and-such is blocked by the firewall, do you want to allow it. I didn't really pay much attention to it (in retrospect, dumb) because sometimes my dog steps on my keyboard when I'm out and pulls up funny stuff. Near as I can remember, the thing windows firewall said it was blocking was something that was not but looked quite a bit like blddldbbbld. Basically--gibberish heavy with lowercase Bs and Ds. I thought "yeah, the dog walked on the keyboard," clicked cancel (the only option other than "allow"), and didn't think much of it.
And then a few seconds later, another message popped up saying that vcwodk.exe had stopped running. I don't know what that is and the internet doesn't seem to, either. And then I got yet another message saying that rundll32.exe had stopped running. My computer was being very laggy. I just want to watch some TV so I pulled up one of the episodes of Dead Like Me I downloaded last night (which may turn out to be unfortunately relevant, though it's just a bunch of .avi files) but it was super choppy and laggy. Task Manager showed that 90% of my physical memory was being used. Nothing obviously nefarious was popping up in the processes list, but there's always a pile of stuff there and most of it is gobbletygook I don't care about or pay any attention to, so who knows.
Anyway, hoping this was all some fluke that would go away, I restarted my computer (shut down and started up just fine) and opened task manager again for a fresh look. A few weird things stood out this time: there were four instances of conhost.exe (which I know is a thing), two of which were taking up a lot (like, Chrome levels) of memory. And there are probably 5 or 6 of something called mopi.exe which isn't anything I (or the internet, apparently) know anything about.
So I open my browser with the intent to download and run AVG, when all of a sudden windows helpfully pops up a little notification from the system tray being all "hey, windows defender isn't running" and then a second later "hey, there's no antivirus program running" which I didn't click on or acknowledge, because obviously there's something hinky up with the machine.
At this point, AVG is just a few minutes away from being downloaded at which point I'll run it and hope it'll figure out what's happening.
Do any of you have any idea what's going on? wtf is mopi.exe and how screwed am I? I know about deezil's profile page and that's where I'm headed next, I was just really hoping someone could be like "yes, I know exactly what this thing is" and save me from an evening of being sad.
Please no shaming about me doing something stupid here. It's been since I was a teenager that I've had a virus on one of my machines and I feel bad enough as it is.
mopi.exe looks like it's a shitty trojan but all the sites that come up in a google search for "get rid of mopi.exe" look hella fucking shady and i don't really want to click on them.
posted by poffin boffin at 4:44 PM on September 28, 2015 [1 favorite]
posted by poffin boffin at 4:44 PM on September 28, 2015 [1 favorite]
Response by poster: It took AVG about .02 nanoseconds of running before it found whatever the fuck mopi.exe is and zapped it. It was lurking in App Data/Roaming. Still no idea wtf it is. My computer was hunky dory last night.
On preview, that's a good idea pbo but I'm going to have to wait until AVG is done. My computer is craaawwwling right now.
posted by phunniemee at 4:45 PM on September 28, 2015
On preview, that's a good idea pbo but I'm going to have to wait until AVG is done. My computer is craaawwwling right now.
posted by phunniemee at 4:45 PM on September 28, 2015
Have you tried just doing a system restore? Go to start and search for "system restore" and go back before Truman did the deed.
posted by desjardins at 4:46 PM on September 28, 2015
posted by desjardins at 4:46 PM on September 28, 2015
Response by poster: I don't actually think he walked on the keyboard this time. I know that in the past he has and used that as my reasoning for why my computer was doing a funny thing, but now I'm pretty certain this has nothing to do with him and has more to do with some dumb thing I don't remember clicking on the internet.
In my defense, I was really sick this weekend.
posted by phunniemee at 4:48 PM on September 28, 2015
In my defense, I was really sick this weekend.
posted by phunniemee at 4:48 PM on September 28, 2015
Response by poster: OK, AVG isn't quite half through with its scan, but now the top 3 memory suckers as per task manager are (one of four) conhost.exe, presentationhost.exe, and ...notepad.exe. That can't be right.
posted by phunniemee at 4:53 PM on September 28, 2015
posted by phunniemee at 4:53 PM on September 28, 2015
Response by poster: And it says access is denied when I try to force close any of them.
posted by phunniemee at 4:53 PM on September 28, 2015
posted by phunniemee at 4:53 PM on September 28, 2015
notepad.exe
That is probably a virus of the genus "Trojan", something nasty trying to hide as a standard utility.
Follow the directions in deezil's VIRUS FIGHTING TOOLKIT it's time consuming but very very effective.
Then go thank him in this thread!
posted by sammyo at 5:00 PM on September 28, 2015 [22 favorites]
That is probably a virus of the genus "Trojan", something nasty trying to hide as a standard utility.
Follow the directions in deezil's VIRUS FIGHTING TOOLKIT it's time consuming but very very effective.
Then go thank him in this thread!
posted by sammyo at 5:00 PM on September 28, 2015 [22 favorites]
Seconding deezil's tried and tested multi-stage removal plan at this point - sammyo you beat me to it on preview.
posted by Chairboy at 5:03 PM on September 28, 2015
posted by Chairboy at 5:03 PM on September 28, 2015
Response by poster: I'm busy downloading all of deezil's great stuff for the next phase of the attack, but AVG just found another thing, an "exploit rogue scanner" which sounds like something from Star Wars. How exciting.
posted by phunniemee at 5:22 PM on September 28, 2015 [1 favorite]
posted by phunniemee at 5:22 PM on September 28, 2015 [1 favorite]
Ah, sounds like you have one of the fake-antivirus-viruses. These are always a pain in the ass and are... almost all i see anymore on friends/families/clients machines.
Deezils instructions are awesome, and skimming that new revised version(which i hadn't seen before!) seems like it should nuke this just fine.
In the future, buy eset nod32 antivirus. If you plan on erm, acquiring media through the internet it's pretty close to infallible for stopping crap like this from infecting you. I've gotten essentially every person who i've removed stuff like this for to get it and i don't get any callbacks.
posted by emptythought at 5:41 PM on September 28, 2015 [7 favorites]
Deezils instructions are awesome, and skimming that new revised version(which i hadn't seen before!) seems like it should nuke this just fine.
In the future, buy eset nod32 antivirus. If you plan on erm, acquiring media through the internet it's pretty close to infallible for stopping crap like this from infecting you. I've gotten essentially every person who i've removed stuff like this for to get it and i don't get any callbacks.
posted by emptythought at 5:41 PM on September 28, 2015 [7 favorites]
Another recommendation for Deezil's instructions. It saved my bacon about a month ago! Just a quick note, when I was going through the process, and after running the million and one things, there was only one virus found, toward the end of the process. It was removed, but even after deleting it and restarting, my computer was still CRAZY slow, and the task manager showed the CPU working at almost 99% the whole time. I finally did a system restore to 3-4 days before the event, and that finally worked. My computer-illiterate guess is that the virus had left some remnant in the system that wasn't removed by the program and was still slowing it down. So the combination of all of the anti-virus programs + system restore did the trick for me.
posted by Bella Sebastian at 10:17 PM on September 28, 2015
posted by Bella Sebastian at 10:17 PM on September 28, 2015
Best answer: AVG is going to start selling your web-browsing activity to third parties in the near future, so you might want to uninstall & replace it with something else once you’ve finished scanning your computer.
posted by pharm at 3:11 AM on September 29, 2015 [3 favorites]
posted by pharm at 3:11 AM on September 29, 2015 [3 favorites]
Response by poster: Thank you guys for comforting me in my time of need.
deezil's page once again saved a computer in my life! Everything seems to be more or less back to normal this morning, though I didn't have a whole lot of time to screw around with it.
The various scans turned up maybe 10 or so trojan style baddies and a few dozen little crapwares and now they are all gone. Hooray!
posted by phunniemee at 6:57 AM on September 29, 2015
deezil's page once again saved a computer in my life! Everything seems to be more or less back to normal this morning, though I didn't have a whole lot of time to screw around with it.
The various scans turned up maybe 10 or so trojan style baddies and a few dozen little crapwares and now they are all gone. Hooray!
posted by phunniemee at 6:57 AM on September 29, 2015
This thread is closed to new comments.
posted by prize bull octorok at 4:43 PM on September 28, 2015