Okay, I seem to have a virus or malware or something

Factual Questions
1

I was surfing when suddenly, a Sun Java popup appeared, then disappeared. Then, all my browser windows closed and the computer screen went blank. Nothing happened, so I powered down and up again. Things seemed normal, but task manager wouldn’t come up. Apparently, I did not have the authority to launch it.

Then things got strange. A Google search on “no authority for task manager” showed some likely sources, but I couldn’t link through–I kept getting redirected to some search page I’ve never heard of. Manually pasting the address given in Google got me where I needed to be however, and I was able to find out how to regain control of my machine.

But all was still not well. Shortly after, all my browser windows disappeared again, and a message appeared: “Your new hardware is installed; reboot to complete installation.” (Or similar.) Huh? I installed no new hardware at all. I did not reboot–who knows what might have happened. And I haven’t rebooted yet.

My computer speakers are now also making occasional “click” noises, and they never did before.

Something is definitely funny. I’m running Microsoft Security Essentials, and it caught a couple of trojans on the fly, and I’ve just done a Quick Scan, where it caught the Win32/Alureon.H virus. It cleaned the virus–and again, told me to reboot to complete the cleaning.

My questions:

– Should I reboot, as MS Security Essentials says? Or will this just install the hardware I never installed?

– Would a full scan by MS Security Essentials find any other viruses?

– What else can I do to take care of the problem?

Win XP is my OS, by the way.

I did look at the sticky thread, but I’m unsure if anything there would help. If it might, let me know.

2

I’d suggest you restart the computer in safe mode with networking (this means that, as the computer restarts, press the F8 key multiple times until you get a black screen with options – if you get the Windows startup screen, you’re too late – and select “safe mode with networking.”)

Then go to malwarebytes.org and download and install malwarebytes. Run a scan and see what it finds.

3

Hmmm… It didn’t want to let me link to Malwarebytes from Google search results–it kept redirecting me. But I could manually type the URL in the address bar and get there.

I’m running a full scan of MS Security Essentials right now, and will try Malwarebytes when that’s done.

4

If you have trouble running the program, rename the file.

And, do you have the latest Java? The old versions have a lot of bad security leaks.

5

Yup, you’ve got malware. This is typical behaviour. Do run your malware checks in Safe Mode with Networking.

6

You have a problem. The Alureon malware frequently installs a rootkit that will render its spyware files invisible to any scanner running under Windows. Removal instructions can be found here. If they don’t work, you are going to need detailed help specific to your computer; I have found the experts at Bleepingcomputer.com to be very reliable.

7

Thanks, Fear Itself. I’ll look into that later today, when I get home from work. Thankfully, for now, I have an older computer that will let me explore your link without being hijacked. (And that I am using to type this.)

Again, thanks. I’ll let you know how things go.

8

Get Malwarebytes’ antimalware and install and run it. It’s free and does a pretty good job of getting rid of nastyware.

9

Were you using Internet Explorer? That was the first thing I stopped using when I was still on Windows as my primary OS; I switched to Firefox early on. There were a few public websites that woildn;t work with browsers other than IE, but thankfully that’s very uncommon now. Internal corporate websites with their captive audiences are another thing, as we both know.)

I’m assuming you keep up-to-date on Microsoft’s security patches… I’m a little out of the loop on this subject since I switched to a Mac; is Win 7 more secure these days?

10

The biggest danger recently is from old, unpatched Java and Adobe Reader programs. Both are being heavily exploited by the bad guys.

11

Update: It took a few days, owing to other obligations, before I had the time necessary to see what I could do about this; but I think I managed to get things clean. Malwarebytes and safe mode did the trick. There was some pretty nasty stuff in there, but it seemes to be gone now.

Many thanks to Fear Itself, Reality Chuck, and everybody else for their suggestions. Thanks again, folks!