Build Your Own Arcade Controls Forum
Main => Everything Else => Topic started by: SirPeale on May 02, 2006, 07:41:56 am
-
Somehow, I think one of my kids installed a virus on my system.
Quite similar to one I had before, so I just did what I did before, and it worked.
Since then, I've lost some functionality. MSN mail popup comes up, I click it, and it's supposed to launch IE with Hotmail...it doesn't. If you check Windows Task Mgr you can see an IE process come up for just a couple seconds, then it's gone. However, you can launch a IE window on it's own and navigate to Hotmail just fine.
I also no longer have control over videos in Windows Media Player. Can't stop them, fast forward, or even play again after they're finished.
There's likely other things that I haven't noticed yet.
I already tried repairing the install of Messenger. Didn't help.
-
Just curious, what did you do that cleaned it?
Spyware scanner, virus scanner, reg hack?
I'm guessing that your method may have either enabled some security, or screwed with some settings (registry, IE, etc..)...I'm guessing that you didn't see these issues last time it happened?
What Virus was it? I guess some of the recent ones have a pretty nasty payload.....there is one out now that freezez your PC, and demands a ransom to unlock...gotta luv the viruses. :P
That's about all my kids are good for...eating food, watching TV, and installing virus+spyware on my PC. :soapbox:
Good luck!
-
I forget the name of it. Basically you delete all the files it creates, and remove the registry entries. Don't need a remover, you just use safe mode command prompt.
-
I forget the name of it. Basically you delete all the files it creates, and remove the registry entries. Don't need a remover, you just use safe mode command prompt.
hmmm...not sure what to tell you on that one? If you had system restore active, you could go back to a restore point (but would probably still have the viurs)....sounds like time to re-install to me. :'(
BTW...last 2 times I saw your avatar, I just keep wanting to stand a guy, right in front of her. (she's got the head movement down)
It's sick, I know :-X....but, just how my mind works :cheers:....Good luck.
-
Usually when all you do is delete files you're deleting "spoof" files and still need to then restore the originals that had been replaced by the virus.
For example a file like "file.dll" might be renamed to "file.bak" and the virus takes place of "file.dll"
Maybe doing a Windows "repair" will fix your problems.
Then again, maybe you are not 100% clean yet.
-
Try this. Click on Start> Run then type sfc /scannow
This command will immediately initiate WFP to scan all protected files to verify their integrity, replacing any files which are an incorrect version (You may be prompted for your CD during this process).
-
Try this. Click on Start> Run then type sfc /scannow
This command will immediately initiate WFP to scan all protected files to verify their integrity, replacing any files which are an incorrect version (You may be prompted for your CD during this process).
It scanned everything, then nothing happened.
-
RayB mentioned this, but maybe you didn't know what he was talking about. Boot to the Win XP CD. At the first prompt do not choose recovery or repair or whatever it says. Just choose the option to continue. Then it will scan your system to see if there's already a copy of Win XP installed and when it finds that there is you will be given the option to repair the installation. This will replace a lot of system files with good ones from the disc and fixes lots of registry stuff. There's a pretty decent chance that it will get you going again. It also sometimes breaks other things that you have installed, but those things can always be reinstalled. It won't mess with any of your documents or pictures or music files or anything like that, and generally all your programs will still work fine too.
-
Sounds good, but now I have to find my XP disc. It's been 'moved'.
-
PS: After doing a Repair as per Shmokes advice, you'll need to connect to Windows Update and get all the updates that the repair has over-written.
:-) Fun huh?
-
Cooking dinner last night, wife suddenly says "we're infected again!" I come over and sure enough, SpyFalcon installed again. WTF!
This time after deleting the files I scan with AVG. Doesn't find what I thought, but did find some interesting stuff I didn't know was there. *click-click* deleted!
Still can't do what I mentioned above, thought. Seems almost to be javascript related. I can click on links in Hotmail, for example, but not if they're the 'javascript' links.
-
Cooking dinner last night, wife suddenly says "we're infected again!" I come over and sure enough, SpyFalcon installed again. WTF!
Just did a quick search for spyfalcon and it looks like its a major pain to completely get rid of. Heres a link that gives a step by step on how to do it: http://www.bleepingcomputer.com/forums/topic43659.html
-
Thanks, AtomSmasher. Think I'm okay now.
Still can't use my controls in Media Player, or click javascript links in IE, but...
-
I don't believe it - infected again!
Went down the street to check on some of our machines, and when I came back it was reinstalled.
All the kid did was play around on the Nick Jr site.
I've deleted files, I've cleaned the registry, I've scanned with an anti-virus program...bah!
-
How many reboots + re-scans are you doing before declaring it "clean"? These things keep multiple copies of themselves here and there for exactly these situations (user deleting it).
Oh, and do you have a proper firewall going? If a hacker had access to your system they could reinstall the software remotely.
-
Just once. In theory, deleting all files created on that date *should* get rid of it. Plus I've used the advice as given above.
-
I've had infections where I deleted files I knew were infected and then saw them reappear right before my eyes. You have to ensure related processes are killed off too. Worst thing is, it's possible (through clever programming) to hide processes from the active process list!
-
Bah, that sucks! If they're hiding, then I'll not know which ones they are. :censored: