Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

I picked up a very damaging virus.

Feb 7, 2009 5:27AM PST

I don't know how or where but symptoms are as follows.


I cannot connect to the internet very well. It seems as though any websites i try to surf onto that could pose helpful do not load.

When I try to boot from the Cd upon start up my keyboard will not respond. Nor can I enter safe mode because of the disabled keyboard.

I cannot update my anti virus and ad removal programs

I cannot roll back the system what so ever.

I basically can't do much of anything without it being shut down.


I am posting this from my lap top and any help would be greatly appreciated!!

Discussion is locked

- Collapse -
What CD?
Feb 7, 2009 5:37AM PST

Why are you booting up from a CD?

Do you use a wireless keyboard and mouse? If so, try connecting a wired keyboard and mouse into the right connections at the back, then start the computer. Do they respond properly?

You say you cannot connect to the internet very well. Does that mean you can some times but not others? When you are connected to the internet, are you able to browser web pages? if not, what error messages do you see?

What browser do you use?

Ca you tell us more about this computer, the specifications, and when did this problem start? What was happening when it started?

Mark

- Collapse -
reply
Feb 7, 2009 11:06AM PST

I am trying to reformat mydrive which is why I am booting from the CD.

Not my Cd board is a USB connect. They work fine when windows is connected but I cannot access safe mode but I can access BIOS.

I can connect sometimes but it is not the right speed and most websites do not load. No error messages


I am using Opera and IE Explorer. It auto shuts down IE Explorer.

The problem started this afternoon. I was browsing the internet when it started.


I left it on for a while and I am getting this message in a whited out window in the bottom right corner of my screen.

Attack from : 247.6.122.166, port 48674
Attacked port: 24013
Threat BankerFox.A

I can't access the Find feature or my computer specs but
its an athlon processor 2.something 1gig ran Windows xp...


thanks for the help!

- Collapse -
now this
Feb 7, 2009 11:08AM PST

it must be cycling through


Attack from: 110.60.111.190, port 60573
Attacked port: 30598
Threat: Win32/Nuqel.E

- Collapse -
It Sounds Like You're Being
Feb 7, 2009 3:10PM PST

set up to be part of a bot net & the remote attacker has taken some control of your machine.

The first attack mentioned is, I believe a password stealing trojan (hoping for bank ID etc).
First, you need to get that machine physically disconnected from any form of internet connection (to break remote controls).
Try Following without OS CD in place:

Have you tried running System Restore FROM Safe Mode (w/command prompt) to by pass attack disabled regular Sys restore function?

1. Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.
2. Log on to your computer with an administrator account or with an account that has administrator credentials.
3. Type the following command at a command prompt, and then press ENTER:
%systemroot%\system32\restore\rstrui.exe
4. Follow the instructions that appear on the screen to restore your computer to an earlier state.

Then on your Laptop (do NOT allow LAN connection to the infected machine) bring down & burn to CD the following programs and try to run in this order:

1)download & burn/save to CD "Stinger" from link below. I believe Stinger hits about 400 of the most currently common & nasty Viruses & Trojans.

It's BIG advantage is that it doesn't have to be installed nor need updates.
You simply place it in you CD/DVD drive and from desktop click to open My Computer then click to open & run the D: or E: or ? drive the CD is in. It runs as an application without install.

Personally, when downloading & saving Stinger, I re-name it at the "save as" screen to anything else to prevent malware from recognizing it (i.e.: "beehive.exe"). Hope this helps get you back to using other means for follow-up. All below free to use for personal machine.
http://vil.nai.com/vil/stinger/

2)Anti-Rootkit Programs (Try Avira first as also a application: no install) &/or Blacklight anti-rootkit.
Avira AR: http://www.free-av.com/en/tools/4/avira_antirootkit_tool.html


Blacklight Main page: http://www.f-secure.com/blacklight/
Blacklight download page: http://www.f-secure.com/security_center/
If Blacklight finds files, they suggest you contact their support area for specific removal steps.

After that (depending on then current status) you may try MBAM.Exe & SAS. Instructions & links here:
http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=329090&messageID=2972614&tag=forums06;forum-threads

All above may be hopeless IF you can't run any or all but worth a try.
If it doesn't get you back to near normal, perhaps near enough to try the reformat again. This probably should have gone to Spyware/Viruses & Security forum here but I understand desire to reformat first & avoid the rest!! Good Luck & lets us know if any help! Happy