Computer Help forum

General discussion

AHH! MY COMPUTER IS INFECTED!!

by IASKYOU / June 2, 2008 9:11 AM PDT

ok so recently... my computer is being bombarded with spyware... and i scan my computer then delete all the traces and infections then scan again and ill have tons more!? i dont know how to stop it!

can someone please help
thanks

Post a reply
Discussion is locked
You are posting a reply to: AHH! MY COMPUTER IS INFECTED!!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: AHH! MY COMPUTER IS INFECTED!!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
We'll Need A Lot More Information Than You've Given..
by Grif Thomas Forum moderator / June 2, 2008 9:23 AM PDT

Which operating system? EXACTLY what are you seeing as far as popups and what types of spyware have been detected so far? Which antispyware programs are you using?

Can you still access the internet using the infected computer? If so, please start like this:

First, Download Smitfraudfix.exe to your desktop from the link below.

http://siri.geekstogo.com/SmitfraudFix.php

Once that's done, download the free tool below, install it, then update it.. Once that's done, restart the computer into Safe Mode..

Please download Malwarebytes' Anti-Malware from Here

Once in Safe Mode, run Smitfraudfixe.exe, select Option #2. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually.

After restarting the computer into "normal" Windows, Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Hope this helps and let us know how it goes. Exact malware names and the names of infected files would help.

Grif

Collapse -
Well...
by IASKYOU / June 2, 2008 9:39 AM PDT

well... i have windows XP, and i use AVG antispyware... and what its found is mostly tracking cookies... as well as a few trojan's (which have high threat risk) and ill try ur suggestion... what have i got to lose hehe Silly will this also protect me from spyware? and also im getting constant annoying reminders saying my computer is infected

Collapse -
Un-installing Webcam Driver & install
by mathews42 / June 2, 2008 10:28 AM PDT
In reply to: Well...

I am using Windows XP - was using Logitech webcam - scanned the computer with anti-spyware and re-started, found webcam not operating- tried to install the software again , but the following msg appears "audio tuning wizard has encountered a problem and needs close down" then tried to un-install the existing driver which process could not complete and computer freezes - someone can help me with advise how to overcome this problem

Collapse -
Since Your Post Has Nothing To Do With An Infected Computer
by Grif Thomas Forum moderator / June 2, 2008 11:53 AM PDT

..which is the topic of the thread you've hijacked, please start your own topic by opening the main forum page and click on the "Create a new thread" button.. Your question will get lost in this thread and you'll get appropriate answers by starting a new topic.

Hope this helps.

Grif

Collapse -
ok...
by IASKYOU / June 2, 2008 10:01 AM PDT

regarding what u have posted... will this completely wipe like every downloaded thing or anything? or will it simply wipe all infected things?

Collapse -
It Will Only Clean The Infected Things
by Grif Thomas Forum moderator / June 2, 2008 11:43 AM PDT
In reply to: ok...

That's why I suggested it.

Hope this helps.

Grif

Collapse -
AAHH!!!!
by IASKYOU / June 2, 2008 12:30 PM PDT

gahhhhhhh!!!!! my keyboard isnt working! omg im screwed!

Collapse -
???
by IASKYOU / June 2, 2008 12:32 PM PDT
In reply to: AAHH!!!!

does this have to do with turning off SR?

Collapse -
!!
by IASKYOU / June 2, 2008 1:52 PM PDT

omg i used that malwarebytes thing and i turned off system restore and scanned and i havnt gotton the message that im infected! i hope this really worked Silly

Collapse -
To Restart In Safe Mode..
by Grif Thomas Forum moderator / June 2, 2008 2:38 PM PDT
In reply to: !!

Please follow the instructions in the link below:

How To Start In 'Safe Mode'

Once you get started in Safe Mode, please run a full system scan with Malwarebytes and with AVG.. If they still find nothing, then it's possible all the infected items are gone. Restart in normal Windows and scan one more time.. .

Instead of panicking, please give us specific information about the things you are seeing.. Is your keyboard working?

Hope this helps.

Grif

Collapse -
Reinfection can take place easily
by 4Denise / June 2, 2008 9:40 AM PDT

from a System Restore point or (if you have one installed) a third party similar program. You need to turn off System Restore to delete all restore points before you can consider your computer clean. If you have a similar program installed, follow the instructions to clear any backup copies of an infected system.

It is possible that this is the step you have been leaving out.

Denise

Collapse -
Ummm...
by IASKYOU / June 2, 2008 9:44 AM PDT

ummm... how do i do that Silly

Collapse -
To turn off System Restore
by 4Denise / June 2, 2008 10:06 AM PDT
In reply to: Ummm...

Go to control panel. Click on "system" (or system properties). Click on the "System Restore" tab. Under this tab, there is a box to check labeled "turn off System Restore for all drives." Check that box. Proceed to clean your system. When you reboot, check your system to see if it is still clean. If this does it, then go back and uncheck the box. You will need to reboot and let the system make a restore point to complete the process.

If this doesn't do it, check out all the other helpful suggestions. You will need to remember to clear all system restore points every time you clean something more serious than a tracking cookie off of your system, though. Once the infection has been backed up in a restore point, it can just reinfect your system over and over.

Denise

Collapse -
Bad stuff!
by Phil Crase / June 3, 2008 12:23 AM PDT

Sounded as if Grif pretty much covered the gambit but my suggestion would be, when you get Windows running normally, bite the bullet and buy a good security software package, don't download the freebees. Something like Trend Micro, the REAL AVG, with anti spyware included. There is a lot of good stuff available, also CA, Kaspersky or Panda but get the real deal, yes you have to pay a subscription fee but there can be some functionality issues with the free stuff. And as Grif has mentioned get prior loads of the free things out of the system and that can be tricky depending on what you have loaded or downloaded. Good luck!

Collapse -
Personally, I'd Wait to Disable System Restore Till After...
by Grif Thomas Forum moderator / June 2, 2008 11:47 AM PDT
In reply to: Ummm...

...you've run those scans.. If the scans don't find any infected items in the system restore volumes, then they may come in handy if a bad infection causes corruption after cleaning.. I have had some instances where I needed System Restore to get the computer running again...even if there were infected items in it.

System Restore won't cause issues as long as you don't use it.. So, in my opinion, I run the scans first, delete everything that's infected, maybe even run repeated scans, then go from there.. If you have to, yes, disabling SR may be necessary, but there's no need to jump the gun.

Hope this helps.

Grif

Collapse -
:(
by IASKYOU / June 2, 2008 12:34 PM PDT

only prob is i dont know how to get on safety mode

Collapse -
In my experience
by 4Denise / June 2, 2008 3:10 PM PDT

and in the experience of a lot of other people, the restore points can cause you to be instantly reinfected. This was a major problem right from the start, and many people suggested permanently turning off system restore for that very reason. I still see it suggested from time to time.

I don't consider this to be a reason to dump system restore entirely (and many people had to agree later, when they started thinking about it instead of just reacting) since it can be such a valuable tool. But the high possibility of reinfection has to be considered when cleaning malware off of a computer.

The second time I ever got a virus, I was instantly reinfected three times before I figured out that my system restore points were causing the problem. Once I cleared out all restore points (before cleaning my system the fourth time) the problem was solved.

The checkbox that allows for turning off system restore was put into Windows XP specifically because of all the trouble people were having trying to clean infected systems running Windows Me, which was the first Windows OS to have system restore. They hadn't considered the need to delete restore points when they originally created the feature. Turning off system restore required that you know exactly how it was done, and this information wasn't readily available.

Denise

Collapse -
You Can NOT Be Reinfected From System Restore Unless...
by Grif Thomas Forum moderator / June 3, 2008 12:31 AM PDT
In reply to: In my experience

...you use System Restore, assuming that there is no other infection on the computer except in the SR volumes. Simple as that. There's simply no way for the files to move from SR to the normal Windows files unless you cause them to do so. SR LOCKS those files. If you got reinfected after attempting to remove a virus, you either allowed SR to run...OR...you didn't clean out the virus completely from the normal Windows files.. The second option is the most common, primarily because many viruses and trojans aren't that easy to get rid of when using the tools available to us.. Last week I cleaned out a badly infested computer.. Because they wanted to save all the personal files, our normal routine of wiping the drive and reinstalling was not an option. It took a day and a half of running scans and manually removing infected files. Eventually we disabled System Restore, because there were infected files in it but not at first because there was concern with the ability to restart the computer. And even AFTER disabling SR, there were still infected files remaining which caused the computer to reinfest itself.. Eventually, with the help of a number of different tools, I removed them all but it took some searching.

Turning off system restore does have its advantages but most are for reasons such as resource/memory usage and saving space. And YES, I also frequently have to temporarily disable System Restore to finish up virus./trojan/spyware removals.. It is frequently necessary.. That's not my point here.

By the way, the Windows XP and Windows ME versions of System Restore are quite a bit different, with XP being more robust with fewer problems.

Hope this helps.

Grif

Collapse -
You can argue with me all you like
by 4Denise / June 3, 2008 3:24 AM PDT

but this is a known problem. It isn't like restore points are important. All you need is one to do the job. That one is the one made automatically when you turn system restore back on.

Denise

Collapse -
Not The Point...
by Grif Thomas Forum moderator / June 3, 2008 4:31 AM PDT

..and I'm sorry you consider this an "arguement". It's not for me. On these forums we try to verify/clarify statements so all can learn.

You stated: "the restore points can cause you to be instantly reinfected" and "Reinfection can take place easily...from a System Restore point or (if you have one installed) a third party similar program. You need to turn off System Restore to delete all restore points before you can consider your computer clean." and "I was instantly reinfected three times before I figured out that my system restore points were causing the problem. "

It is NOT a "known problem" if you mean that you can automatically get reinfected from System Restore without actually causing a System Restore to take place. Restore points don't automatically/instantly infect your machine unless you cause it to do so. Is that what you're saying or did I misunderstand your statements?

To paraphrase what I stated before, infected Restore points can only reinfect your computer if you allow System Restore to run.. They CAN'T automatically run if you reboot your computer.. If that were to occur, who knows what havoc would be caused every time you start your machine.

Hope this helps.

Grif

Collapse -
From your posts ...
by Edward ODaniel / June 4, 2008 1:35 AM PDT

it appears that you don't know that there is a MAJOR difference between an "infection" and a file containing the viral code.

An infection is ACTIVE and means that it got past all your defenses. If that is happening you need to change your defenses. An Anti Virus application catches the viral signature BEFORE the virus gets activated so you get the alert. The alert does NOT mean that you are "infected", only that if you execute the file containing the signasture you will be.

Contaminated files in the Restore points CANNOT "re-infect" a computer unless the computer is restored with that restore point (at which point in time they will again be capable of actually infecting the system if they are executed) BUT the files will indeed continue to show up in scans until they are removed.

Malware on the other hand is generally "discovered" after it has been activated but if removed except for copies in the restore points will not reactivate unless the system is restored to a restore point containing the file.

In either case though as long as it is found in the restore points only, you could continue computing forever without worrying about them UNTIL you need to restore.

Collapse -
Some info
by Caddy / June 2, 2008 9:44 AM PDT

A reputable Anti-spyware program should do a good job of removing. I'd suggested you give it a few more scans run its in Safe Mode (if you haven't done that already)

Well, go here for more info and good security programs

Spyware, viruses, & securityTools and Removal Resources



If that still doesn't do the trick I would just re-format the computer. (sorry if I can't be any help lol)

Caddy

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.