Computer Help forum

General discussion

Downloaded Virus from This Site?

by Blazin65 / March 3, 2013 11:03 PM PST

I need help. On Saturday I dowloaded from CNET Downloads what I thought was HJSplit. Apparantly it was not HJSplit but I have since come to find that it is something called Imminent or White Clould Search? There may be other names involved? Maybe these programs are covering for something else?

This has basically destroyed my computer or very near it. I can barely get anything to work. Everytime I restart the computer it's OK for about 2 minutes and then it basically just goes into a lock up mode.

When I was able to get to restore before a lock-up, Windows restore says it can't find any restore points? So restoring it seems as if it's not going to be possible. I don't have a restore on a disk.

I also was able to get to Malwarebytes and ran it, and it seemed to help, but basically I'm still only at what I would call 15% fixed.

Everything I have been able to do has only been after restarting and trying to do something before the freeze up, so I have restarted umpteen times.

What else can I do, what should I do?

Post a reply
Discussion is locked
You are posting a reply to: Downloaded Virus from This Site?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Downloaded Virus from This Site?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
What often happens
by Jimmy Greystone / March 3, 2013 11:53 PM PST

What often happens, is people get careless and just blindly click the "next" button during installs, and don't see that in an effort to generate a little cash, some kind of search toolbar or whatever else has been tossed into the installer. Unless you specifically opt not to install it, it will be installed along with the program you intended to install. So make sure going forward that you are careful to watch for these things.

Collapse -
So basically what you are saying is........
by Blazin65 / March 4, 2013 1:24 AM PST
In reply to: What often happens

This site places malicious software in it's downloads that could destory a computer. Because that's the situation I'm in right now. This is not just a toolbar, this is something that is disabling my computer.

Collapse -
Before anyone gets mad..
by Blazin65 / March 4, 2013 1:35 AM PST

I know this site is not developing the software, but it's a portal for downloads. The link that I clicked on to get hjsplit is still out there, ready for anyone to download. Ready for the next potential victim. Right now I just need help in resolving this from anyone that can help.

Collapse -
Try pressing F11 during bootup
by glb613 / March 4, 2013 2:11 AM PST

and see if you have the option to do a factory recovery. Be advised, it will erase all data on the hard drive. You may also have the option to repair Windows.

Collapse -
(NT) Thanks for this info.
by Blazin65 / March 4, 2013 2:43 AM PST
Collapse -
No
by Jimmy Greystone / March 4, 2013 12:59 PM PST

No, I'm saying that they might include some program which isn't malicious, but many people may find annoying, in order to cover things like bandwidth costs. I don't like it, but "free" services have to be paid for somehow, so think of it like a necessary evil. Of course if you and a few thousand of your closest friends all want to chip in a few bucks on a regular basis, CBS might consider offering a premium version of the site without those programs.

Collapse -
Grif has some scans for us at link.
by R. Proffitt Forum moderator / March 4, 2013 2:16 AM PST
Collapse -
Thanks for asking
by Blazin65 / March 4, 2013 2:40 AM PST

It's a Samsung rv711 running Windows 7 Home Premium. 64 Bit Operating System, 4G Ram, intel core I3 processor. I've had it @ 2 years. I also run the pay version of ZoneAlarm Extreme Security, which obviously is trash, since this happened.

I'm on the computer now (home for lunch). It's a little better, but there is still something on it. It freezes up about every 3 or 4 minutes, and then un-freezes.

Collapse -
Tell me about
by R. Proffitt Forum moderator / March 4, 2013 2:44 AM PST
In reply to: Thanks for asking

Tell me about using canned air on the vents.

I don't write more about that since your answer determines what I write next.

-> At the link to Grif's scans, the output of RKILL is always interesting. I'd like to see that.

Hang in there. Maybe we can avoid the reload.
Bob

Collapse -
(NT) I guess you lost me there. I don't know what that means.
by Blazin65 / March 4, 2013 2:57 AM PST
In reply to: Tell me about
Collapse -
If you never cleaned the vents with canned air.
by R. Proffitt Forum moderator / March 4, 2013 3:01 AM PST
Collapse -
Oh that kind of canned air.
by Blazin65 / March 4, 2013 3:41 AM PST

Interestingly enough, This computer is vey quiet, never makes much sound, so I've wondered if there was even a fan on it.

I'm back at work now. I'll have the Rkill info later today.

Collapse -
See the results below........any info appreciated.
by Blazin65 / March 4, 2013 7:45 AM PST

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/04/2013 12:57:43 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\BestBuy\Desktop\rkill\rkill-03-04-2013-12-57-48.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Management Instrumentation (Winmgmt) is not Running.
Startup Type set to: Automatic

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/04/2013 12:58:09 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

Collapse -
GOOD TO SEE THAT!
by R. Proffitt Forum moderator / March 4, 2013 8:50 AM PST

Nothing seems bad there. HOWEVER there is a slim clue in there so let's check a few things.

1. The canned air was used and the work is done.

2. With step one out of the way and the scans completed as shared by Grif let's try a simple test.
Head to the control panel, users and create a new user account. Make it an Admin one.
Log out and then into that new account and test drive the machine a while.

Any change?
Bob

Collapse -
OK This is where I'm at:
by Blazin65 / March 4, 2013 11:20 AM PST
In reply to: GOOD TO SEE THAT!

The Super Anti Spyware found 347 threats, which I'm not surprised at because I've never ran one on this computer, even though I probably should have. All of those were removed.

I tried your simple test, and unless it's takes a very long time to create the desktop of the new user account, that's not working. The computer freezes up while trying to create the account. It says it's preparing the desktop, but the mouse pointer is in constant rotation freeze. I've tried it 2 times. The only message I do get when trying to create this new account is that Windows Media Player is having trouble registering.

During all of these operations, the computer freezes up constantly. I've had to restart is no less than 10 times because anything can make it freeze up. For example, just going into the control panel. So this is not just about the browser. In fact, the browser is better now than before. I did blow it out,not with a can but with a shop vac.

So at this point malwarebytes has supposedly did everything and all the spybot stuff is deleted using those tools. And a new user account can't be created because doesn't have the firepower to get much of anything done without freezing up.

What is your analysis now? And thank you for your advice.

Collapse -
Combofix
by pyrrhus55 / March 4, 2013 2:28 PM PST

The combofix & SuperAntiSpyware scan was in safe mode with networking right??

Collapse -
(NT) No
by Blazin65 / March 4, 2013 10:43 PM PST
In reply to: Combofix
Collapse -
CHKDSK /F
by pyrrhus55 / March 4, 2013 2:43 PM PST

Have you checked your hard drive for errors?? Run > CHKDSK /F shut down restart.
At 347 threats your machine was already sick. Highly doubt downloads.com had anything to do with it.

Collapse -
I'll try this later
by Blazin65 / March 4, 2013 10:51 PM PST

Thanks for the advice. I don't know what things to try so I'll take any advice I can get. What I have done so far is as technical as I have ever gotten.

What if the hard drive says it has errors? Does it give me the option to fix them with the simple press of a key.

I did go ahead and order an additional 4 Gig of Ram last night just to be on the safe side. I honestly didn't realize it only had 4 Gig until this happened. I probably would have installed it a long time ago.

Also, another poster said press F11 contstantly to get the system to restore, but that didn't work. Does anyone else know how to get this computer to restore without the disk?

Collapse -
Just to Clarify on Freezing Up
by Blazin65 / March 4, 2013 10:58 PM PST
In reply to: I'll try this later

The freeze does not last forever. For example, a website or the control panel operations will freeze up @ every 2-3 mintues, and then they will unfreeze about 1-2 mintues later. But some operations, such as trying to create a new user account, was froze up for at least 15 minutues, before I re-booted. A few others things have frozen up for a long time too, requiring a reboot, but I can't remember all of them.

Collapse -
That sort of pause can be heat or hard drive.
by R. Proffitt Forum moderator / March 4, 2013 11:24 PM PST

You have a lot of work to do in order to figure this out. I don't have a clear answer about the canned air so I wonder if you are like most that want it to be a setting or infection and don't want to do the maintenance. That's OK but the symptom is consistent with all three issues.

Bob

Collapse -
It might be a few things.
by pyrrhus55 / March 5, 2013 4:03 AM PST

Some more likely, in my experience than others.
The first thing that normally pops into mind is malware of some nature.
Upon selecting my weapons to remove it. I update them. I then make a restore point. Anti-virus/Malware I generally use ComboFix or Microsoft essentials, with SuperAntiSpyware in Safe mode. You get to safe mode by pressing F8 as the machine is booting up. So lets say the machine still stalls???
Well second thing would be to check the hard drive: In windows thats start > RUN> then type CHKDSK /F press enter. You then shutdown and then restart. And allow the scan to do its work. Don't let the screen scare you,its normal. It should run through 5 steps. . The /F means fix. Note there is a space between the CHKDSK and the /F.
Another excellent program for this is called Spinrite. If it finds errors, then there is probably your to the slow downs and lock-ups.
The third and probably least likely in my experience is ram. Have a friend download a copy of memtest v420 for you and burn it to disk. Then boot off the disk. It will scan your ram for any errors. If you decide to change the ram yourself . Please remember to ground yourself before opening the ram or back of computer case. This is especially important in cooler weather periods when humidity may be low. Please, also remember to remove BOTH the power supply AND the battery before doing this process and then press the power button. You want NO electricity in that board while you work on it. Better to be extra cautious , than gain a new paper weight that was your PC.

Collapse -
I forgot heat.
by pyrrhus55 / March 5, 2013 4:24 AM PST

Heat of course can do it as well but , if you blew air through the fans. And the fans are working. You should be ok. There's always re-applying thermal paste. But that operation, would be expensive (professional IT labor), to the point of not being worth it. Generally, not a DYI job.

Collapse -
Thank you for all this. I'll be going at it again tonight.
by Blazin65 / March 5, 2013 5:55 AM PST
In reply to: I forgot heat.

I'm still getting ready to run the restore more than likely, no matter what. I just don't have the disk in this case. I still wish someone knew how I can restore without the disk, because that is my fallback. I should have never trusted that I could run the restore without the disk.

I don't mean any disrespect to anyone but I would prefer to restore rather than spend lot's and time and work to get it fixed. There's not much for me too loose from a files standpoint.

I realize I could still have a problem after restore but I would cross that bridge when that happens.

Collapse -
Some Good News
by Blazin65 / March 5, 2013 8:43 AM PST

Everyone, I was finally able to access the recovery through safe mode, and I was able to restore back to 7 days ago.

The computer is in fact, acting like it was 7 days ago. Translated.............there are still some minor freeze ups that I was never concerned about before. I guess all things came together over the weekend to create a perfect storm.

It's obvious that I need to do some things to help out. In other words, maintenance I was not doing before. The additional RAM should help out as well.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

CNET's Tech Minute

Top 3 news reading apps

With the latest tech, getting news delivered to your phone is easier than ever. Here's a roundup of apps that are customizable and useful for getting the news.