Terminalcoffee discussion

I just got a virus on my computer that froze up my Norton Anti-virus for a while. It started as a bubble popped up from my system tray saying I got a virus and I need to run a virus scan. The bubble said Windows but when I tried to x out of the bubble it took me to a website www. window (or windows)-antivirus .net and told me I had to buy their anti-virus program to get rid of it.
It gave me a list of the viruses I supposedly had including "antivirus 360" that is a trojan posing as an anti-virus program. I tried to run my Norton Anti-virus but it kept closing the window on me, it did the same when I tried to go into my task manager. Eventually I let it sit for a while and came back and saw that my system tray was half-way across the bar filled with about 20 of those icons. But as I was calling Norton for help I was finally able to run a scan through Norton and it caught a virus called "antivirus pro." If you see it, don't be snowed.

Do you run on IE? Cause I've read all these reports about Germany and now England saying not to run IE right now because of some bad virus.

I run Firefox mostly. The virus did pop up through IE, though. Not sure how since I wasn't using it.

Did it pop up through Goodreads?

i am not a big fan of norton. it used to be the "go-to" anti virus app that everyone used but it got too big and bloated and it causes many op system issues because of conflicts and such. we use sophos at work and i use avg at home and have virtually no probs.

btw - with my mac i have zero virus issues :)

My daughter had something similar happen to her just before Christmas Jaimie. It took me a little while, but I got rid of it with the help of Webroot.

I wish I could understand any of the thrill these people get from making a mess of someone's day.

I'll put it as simply as I can: Norton Anti-Virus is completely useless.

Get rid of Norton and go with AVG. For a free product, it's surprisingly and refreshingly effective at identifying and blocking viruses. And their updating engine remains constantly new, so you don't have to worry about updating. It's a great product that blows away the pay-per-license AV products like Norton and McAfee.

Also, Norton's desktop firewall simply doesn't want to play nice with iTunes. You have to request a firewall rule to be created by Norton just to access the iTunes store, and getting that rule incorporated into the desktop firewall is enough to make you go into a shooting rampage.

totally agree with gus. i am IT (lite) at our workplace and we stopped using norton a long time ago. as i said, we use sophos on our network and i use AVG on everything else. i also recommend it to everyone else.

Not just in a pop-up, never click an email link either unless you know the person.

Gus wrote: "I'll put it as simply as I can: Norton Anti-Virus is completely useless.

Get rid of Norton and go with AVG. For a free product, it's surprisingly and refreshingly effective at identifying and blo..."

DON'T UNINSTALL NORTON YOURSELF!!!

I made the mistake of doing it myself several years ago and because it scrambles codes and programs, it deleted most of my necessary programs off my laptop... including internet. I had to have a friend talk me through reinstalling the programs that were deleted and that took for-ev-er.

I use spybot to clean up my laptop, and it works great. I also run only on Firefox.

Bun, what's this AVG you mention? Tell me more...

http://download.cnet.com/AVG-Anti-Vir...

The only thing different I did last night was go on to my company's parent company's website to apply for a new position. :-)

Misha, I think it was the same thing. Only think is I didn't click the link, I clicked the x to get out of it and it put me to it's sight anyway. I know not to open anything odd.

Eventually the Norton did get rid of it. I'd do the AVG but I have a friend who just offered to install Linux. He said he's had that for over 10 years and has never gotten a virus through it.

It sounds like it is the same malware that ate my work computer just before New Year's. I swear it came from Goodreads.

It sounds like the thing that hit my work computer during NaNoWriMo. Adware Vundo, I believe it was called. It attacks browser exploits and isn't from goodreads.

It's a nasty piece of work. If you try to download MalWareBytes or a similar product, it will delete the installation file before you get a chance to use it.

Yeah, Heidi, I forgot...removing Norton AV is a massive pain in the ass.

The other day I was randomly googling to see which other hollywood stars are pregnant now (yeah, I know, shut up) and clicked on something like Hollywoodbabybumps.com or whatever and the site did that same stupid your computer is at risk thing.
Whenever I see that - and it's been more than once from other shady sites - I just control/alt/delete and restart. there is nothing you can click that makes it ok. grrrr.

But I had a friend who accidentally clicked it and it installed all sorts of shiiiite on his computer.

My computer is completely f**ked over. (I am accessing internet in Safe Mode now, at least I can do that.) I went to some website about ice cream flavors - who knew it might as well have been trojan central? All of a sudden all these pop-ups started popping up telling me I had viruses and trojans etc. I knew it was a trick so I kept closing them all and closed down everything and rebooted. Too late. It was a "browser hijacker" from dioging dot com that has infiltrated everything on my computer. It tells me Excel, notepad, wordpad, Word are all infected. (I know they're not really because I can access them in Safe Mode.) It took over both my browsers, Firefox and IE - when I open them in regular mode, I get a message saying my computer is infected and I need to download dioging anti-virus to fix it. It also took over my AVG software - when I tried to run AVG it told me it was infected. I hottailed it over to the library to get online and printed out manual instructions for getting rid of dioging, but I'm kind of afraid to follow them because it entails deleting registry keys and down that road lie all sorts of bad problems for those who know nothing about registry keys. I did figure out that there are several types of Safe Mode, and in one of them you can access the internet so I did that and downloaded the "automatic fix" for dioging, which is supposed to be foolproof. It didn't work. I ran AVG in safe mode and it found two infections but that didn't solve the problem outside of safe mode.

Anyone have any ideas?

This happened to me a while back and hubby did a restore to an earlier date that seemed to fix the problem.

How terribly, terribly awful LG. I'm so sorry to hear.

If you are running a Windows PC, you can try running the Microsoft malicious-software-removal tool, available for free at the Microsoft website:

http://www.microsoft.com/security/mal...

That tool, however, deals only with a limited number of recently propagated threats. For a more comprehensive vetting of your computer's problems, you might then want to run the Microsoft full-service scan, which takes quite some time, but is thorough (and, like the malicious-software-removal tool, free):

http://onecare.live.com/site/en-us/de...

Other people who are more tech-savvy may have better and simpler answers. This is just what I would do if I were in the same situation.

Good luck.

I tried that but it didn't work.

Lobstergirl wrote: "I tried that but it didn't work."

You tried which?

Jonathan wrote: "Lobstergirl wrote: "I tried that but it didn't work."

You tried which?"

In safe mode I tried restoring to a previous configuration or whatever. It didn't fix it.

http://www.malwarebytes.com

There's another one that I've used but can't remember the name of it. I'll keep searching.

So, then check out the Microsoft malicious-software-removal tool and the Microsoft full-service scan at the links above. If you are able to navigate here using safe mode, you should probably be able to navigate there too and make use of the tools.

Combofix is a very powerful tool that I have used to clean my PC in the past.

http://www.combofix.org/download.php

Dan wrote: "It sounds like the thing that hit my work computer during NaNoWriMo. Adware Vundo, I believe it was called. It attacks browser exploits and isn't from goodreads.

It's a nasty piece of work. If you try to download MalWareBytes or a similar product, it will delete the installation file before you get a chance to use it. ."

That must be what happened to me. Supposedly a guaranteed fix (from SpyDoctor?) but it didn't work.

What is so odd is that this is Antivirus Action's (the parent of dioging) business model. The point of most worms/trojans/viruses is to be dangerous and assholish but the point of Antivirus Action is to get you to respond to their scary popup that your computer is infected, by buying their anti-malware protection. And apparently they've been around for awhile, so why haven't they been put out of business? How can they still be operating under that name? They must be violating all sorts of laws, FTC regulations, etc.

Spydoctor is crap when it comes to these infections. Combofix is the best I've come across.

Lobstergirl wrote: "That must be what happened to me. Supposedly a guaranteed fix (from SpyDoctor?) but it didn't work."

Hmmm. That is really troubling. If it is capable of deleting/subverting the anti-malware fix you used, then this same issue may crop up with the Microsoft solutions I suggested. You might still want to try them or Larry's suggestions, as one of these fixes may have been designed better than the others, etc.

Again, I'm really sorry to hear that this happened. You have all my sympathy.

I can only do downloads in Safe Mode, but does it matter if I install/run it in Safe Mode or Normal?

I believe the root of most of this malicious programs is in organized crime factions in former communist block countries. Very tough to nail them down.

Lobstergirl wrote: "I can only do downloads in Safe Mode, but does it matter if I install/run it in Safe Mode or Normal?"

I believe the Microsoft full-service scan should be fine in safe mode--but it takes a very long time, because it really does scan every file on your hard drive. You might want, therefore, to save it for last and try Larry's Combofix suggestion first, or the MS malicious-software-removal tool, etc. Once you commit to the full-service-scan, it can take up to eight hours to complete.

Oh....I think I've done that 8 hour scan before. Yes I will save that for later...

Lobstergirl wrote: "I can only do downloads in Safe Mode, but does it matter if I install/run it in Safe Mode or Normal?"

Doesn't matter. Nope.

I can't believe it, I think it's fixed. I used System Restore to undo registry changes.

Start, run, type %SystemRoot%\System32\Restore\Rstrui.exe, ok, Restore my computer to an earlier time, I selected a date in November. (Doesn't revert any document edits or saves.)

I had tried to do something similar by going into Safe Mode and picking "last known good configuration" but that didn't work.

You still need to clean your computer, LG. That mess is still in there lurking, and will do it's work again.

I did run Combofix and Malware - before I did the Restore Point - I guess the Restore undid them? Are the free versions adequate, because for Malware it found 506 problems, fixed 100, and said the remaining 406 would cost me, and for Combofix it fixed 6 sections for free and said the rest would cost me.

I did run AVG post-restore and it found one infection, "Trojan Horse FakeAlert.VX."

Great that you got things working again, LG. But Larry's advice seems sound: you should probably clean out the remaining problems.

With regard to which of these solutions is worth paying for and which isn't, I have no experience and so can offer no advice. I've always gotten by fine with the free stuff from Microsoft--it occasionally catches problems that I was not aware of--but I've never had a major computer infection like this to deal with.

I'm so glad we have Larry and Jonathan here to help with scary computer issues.

I know, and Mona's advice was helpful too.

Should I be worried that Combofix's website doesn't have a very good grasp of standard English? That always makes me nervous.

I've had really good luck with Combofix. I only used the free version, by the way.

Actually I was just going to ask you if you'd done a system restore!

My computer got completely messed up a year ago. There was some virus that attaches itself to the start menu and I think I had that. System restore worked better than anything else I did, but it still had some issues. I think I'm going to bookmark this page for the next time!

Glad you got it solved!

I'm glad the problem is fixed LG. When it happened to me, hubby thought maybe GR was causing it and I shouldn't visit this site anymore. Noooo :( I love it here. I'm a member on 3 other book sites but GR is my favorite.

I went into the registry and looked for the entries that the hijacker was supposed to have installed, and they weren't there. So that makes me feel better. Basically they were telling my computer to disable its Phishing filter and to use a Proxy Server with a specific IP address which is very scary. I wonder if this means my hard drive has been copied to some server and my bank account is going to be drained? There was also a ProxyOverride, a ProxyEnable, and the .exe files.

Now I'm scared to even check my account balance online...afraid to use my password again.

Not likely.

I hope not. That would be some sleepless nights.

Change the password. Like right now. If the cleaner says there is no spyware/malware, you are fine.

Thanks, Larry. I just changed it. Now I'm trying to think if I have any other important passwords floating around.

And don't let Windows save your passwords, either.