Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus and Spyware..


  • Please log in to reply

#1
brad3458

brad3458

    New Member

  • Member
  • Pip
  • 5 posts
Hi there, would be much appreciated if I may have some advice in this matter. Yes, I am one of the unfortunate ones that tonight got sucked in to executing a file which was sent to me through msn. As you know, my one is the version that said on one line "Rofl, is this you?", and the next line contained a link which which downloaded a file, which this silly man tapping these keys double clicked, the file then ate itself and disappeared and then of course started spamming all my contacts with the same thing.

Things I have noticed since i 'obtained' this virus:

1. Disabled NAV - a red cross appeared over icon in system tray therefore auto protect is not running and can no longer be enabled.
2. I have a windows desktop password. On reboot, the section just before your windows user name comes up prompting for a password, where a box says (something like) 'Windows now loading', it used to blink past that and prompt me for my password, now it hangs there for around 30 seconds.
3. When I right click on 'My Computer' it no longer shows my CPU and its mhz under where memory amount is shown.
4. When I attempt to obtain "System Information" in accessories i get a message saying "Cannot access Windows Management Instrumentation software. Windows Management files may be moved or missing".
5. system32 folder opens up on desktop on reboot [seem to have resolved this by unchecking two items in msconfig named simply with two quotation marks -> "" ]

Have now reinstalled Norton but it was troublesome. Were errors and freezes during installation but on the 3rd attempt it is now reinstalled, updated and auto protecting.

Measures I have taken since obtaining virus:

1. Ran full updated: Spybot, Ad Aware SE, CWS Shredder, housecall at trendmicro, NoAdware.net, Spyware Doctor, ewido security, latest mcafee avert stinger, ran cleanup40 and the Panda online scan, SYSTEM RESTORE OFF [*SEE REPORT BELOW* - it has detected W32/gaobot.fyg.worm and HackTool/gendel.a], ran NAV2005, SYSTEM RESTORE OFF, no detections, NAV isnt detecting the C:\gendel32 file which panda detected as a virus.


*Panda Online Scan Report*
Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\dupe fork bags wipe\readmeaxis.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\dupe fork bags wipe\stupidpart.exe
Virus:W32/Gaobot.FYG.worm Disinfected C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\default.eog\Cache\2DC2D7B7d01
Virus:HackTool/Gendel.A No disinfected C:\gendel32.exe

I have deleted the "C:\Documents and Settings\All Users\Application Data\dupe fork bags wipe" folder which contained the two files readmeaxis.exe and stupidart.exe and the C:\gendel32.exe file but have not attempted to do anything with that SaveNow Windows Registry entry.

What would u like me to do next (ps. i have HJT installed on my hard drive and not the temp folder, ready to go)

Thanks and a big HI! from New Zealand :tazz:

*edit, apart from the problems above still existing, have noticed also that I am having trouble installing software. When i went to run O&O Defrag it said it would not run as the target machine actively rufused it, I uninstalled it, which was pretty dodgy as it froze at a certain point so i left it and came back about 15 mins later and it appeared to have uninstalled. On attempting to reinstall the program it would get so far and stop installing. I restarted and tried 3 to 4 times, it would get to the same point and stop installing, so i went and downloaded a newer version of the program, O&O Defrag 8. Same thing, it would get so far and stop installing, so i left it for half an hour and came back and there was a message saying windows installer had not completed the task, its icon was on the desktop though and when i ran it, it said what it did originally that the target machine has actively refused it, please help !!

Edited by brad3458, 10 May 2005 - 04:55 AM.

  • 0

Advertisements


#2
brad3458

brad3458

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I am also now getting messages, WMI might be corrupted. I get this when i attempt to open the advanced tab on local area connection properties.

Edited by brad3458, 10 May 2005 - 04:55 AM.

  • 0

#3
brad3458

brad3458

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
/closed

found help elsewhere :-)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP