Okay, after some drama with getting a new HD up and running, which obviously eventually worked, I’ve been using FireFox exclusively and I’ve still ended up with an apparent virus.
Bsically, my computer got extremely slow earlier this evening, and restarts have done nothing to stop this gradual slowing after each restart. Of cours I Ctrl-Alt-Deleted to find out what was hogging all the resources and then I discovered that the Ctrl-Alt-Delete window would pop up for just a moment and then something would shut it down. I tried to go to Grisoft to download AVG, but the whole Grisoft domain returned a suspicious “DNS Error” or something when I tried.
Anyway, I’ve managed to find a mirror for the AVG Free version, and have downloaded and run it, but the problem still remains. The AVG software didn’t find any infections although my computer continues to lag, the windows I could use to fix this mysteriously shut down, and I can’t even go into AVG through the regular shortcut because it gets shut down by something so I just right-click on the task-bar thing. Also, some small, seemingly randomly named .exe’s are piling up in my c:\ drive, and I’m not sure where to go from here.
You can try an online virus scanner like HouseCall if you haven’t done so already.
Also, there’s a DOS-based Task Manager that you could try:
[ol]
[li]Go to Start → Run and type in cmd then push enter.[/li][li]Once the black DOS window opens, type in tasklist /fi “CPUTIME gt 00:10:00”. Anything that’s listed should be what’s using up your CPU power (be sure you’re not running any other apps at the moment).[/li][li]Hopefully, you’ll find more than just the “System Idle Process” in there. If so, it could be the virus. Look for a number under the “PID” column, and then type taskkill /pid (number you just found). With any luck, that might close the virus and let you run other things easier. Sorry, that’s not a guarantee Viruses could work in a million different ways…[/li][/ol]
Beyond that, try using a site like Anonymouse to search for and download other anti-virus programs. Depending on how the virus was written, it may or may not block sites accessed in this way.
If that still doesn’t work, see if you can clear out your “hosts” file:
Go to Start -> Run again. Type in notepad “%windir%\system32\drivers\etc\hosts”. See if any of the inaccessible websites are listed in that file, and if so, remove them and save the file.
I don’t know if any of these will work, sorry. You could also try and plug the hard drive into another computer (with virus protection already installed) and scan it from there, but that requires knowledge of computer hardware and (of course) another computer.
Good luck… I hope somebody else has a better solution.
Finally, the most suspicious one is something called:
RegstryManage.exe.
Curiously, when I try to end that process, it says “Access is Denied.”
Also, when I try to open up HijackThis, the same thing as the task manager happens, it opens up for an instant and then another process kills it. I’ve run the Microsoft Antispyware and the AVG Antivirus with brand new updates and nothing has come up except for AVG which found this:
In my My Documents directory someting like msdirectx.sys, which of course I told it to delete, but then when I restarted nothing was fixed and the same file popped up again. Where should I go from here?
Well, I hate to be negative but if up to date antivirii don’t work and antispyware utilities don’t work, you’re out of luck. I googled for that suspicious executable and nothing turned up.
Sometimes you just have to reformat. Disconnect your computer from the internet and reformat. Make sure that you can install your antivirus, and antispyware utilities while disconnected from the internet. Then, make a pristine backup of your entire hard drive. Then if you ever have this problem again, you will be able to restore your system to its pristine condition quickly.
There rarely any need to reformat a hard drive for a virus. It’s just a shortcut that eliminates the need to diagnose, but takes longer, is more work, and is more likely to mess up data. I’ve never found a spyware infected computer where it was necessary, and it’s only necessary for viruses like Michaelangelo that trash your hard drive anyway.
It sounds like you have a variant of CoolWebSearch, with the CWS Smartkiller, which prevents you from getting to antivirus sites and closes down programs. Download the Smartkiller cleaning tool (the first download on the site) and fix it.
Once this is fixed, hijackthis should run. You should also be able to download programs like Microsoft Antispyware that can deal with CWS.
I agree that RegstryManage.exe is probably spyware: the name does not show up anywhere on a Google search, a solid indication of spyware/viruses. MS64.exe also seems to be a virus. But you need to clean up CWS first.
Viruses could work in a million different ways…[/li][/ol]