:dubious:
Who you calling a ripoff, we need to eat too.
I think we know that half the viruses out there are written by Nerd Herd employees.
I stupidly ran my main box with no AV for a couple of years, figuring I was too smart to get a virus. Then one day I got one so bad I couldn’t do a thing, plus my computer would randomly start playing an audio ad for some bullshit money making scheme. I couldn’t install AV, couldn’t open regedit, couldn’t ‘display hidden files’, couldn’t even open notepad. Finally, I downloaded this Avira boot CD. It’s pretty cool, it’s basically a live linux distro that scans for viruses. For the non techies, that mean when you put this CD in, your computer boots from it bypassing your infected windows and proceeds to scan all your shit and terminates with extreme prejudice any crap it finds. Also, Avira apparently updates the virus definitions daily so you can run this CD and not worry about it not finding the most recent junk. Cleared my virus problem up. Try it, it’s free!
I’ve tried Malwarebytes, but it won’t update for some reason. I’ll have a check through autoruns (and google the processes to make sure I’m not killing anything important).
For some bizarre reason I can’t find Local Settings normally, I have to type the location in, and there’s a load of crazy crap (executables with random numbers and whatnot) in there that I can’t delete ‘in use by another person or program’.
@ drachillix - no offence intended. 
@ Nunavut Boy - will the Avira program work (on XP SP3) if I’ve got AVG installed? I understand that it’s bad mojo to have 2 antivirus programs installed at once.
You’re not exactly instaling Avira by running the CD. It boots into a mini operating system that’s housed on the CD, runs software on the CD and the OS treats your hard disk as a secondary device. It doesn’t actually boot up windows, so your AVG doesn’t even know about Avira.
My Malwarebytes not updating is how I discovered I had the conficker virus.
Check here to make sure you don’t have it:
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
A handy guide, thanks FalconFinder - fortunately I can see all the images. I’m using autoruns to baleet some of the suspicious process that are running. If that don’t work (I miss Firefox - Chrome is a decent substitute, but it doesn’t have the homely charm of ol’ FF) I’ll try the Aviva boot CD.
Thanks for all the help by the way; a few days ago I was ready to claw out the eyes of the scum who coded this. Now maybe there is light at the end of the tunnel.
The MalwareBytes link doesn’t seem to link to anything useful. I ended up Googling it, and found a download, but when I finished running it it asked me to register. And my browser won’t go to the registration page. I also have a feeling that if it did, the next thing I’d get would be a request for money.
Any links to something truly free and that doesn’t require registration?
That is strange. I did not have to register. I just got it Saturday because I had a virus and when I googled it there was a tutoral on youtube. I downloaded it, ran it and removed the problem.
I can’t locate it now as youtube is blocked at work but if I remember right it was malwarebytes.org.
You may be infected with something that is redirecting the MalwareBytes address, because it is absolutely free and it is the best of the best, in my opinion.
Try this:
MalwareBytes Antimalware on Download.com
If you cannot access the free download from that link, it is because of the infection. Download it to a flashdrive from another, uninfected computer, then install it on your computer from the flashdrive.
Been using Autoruns and SecurefileShredder to act as a human SpyBot S&D; Autoruns in particular detected an assload of things everything else had missed. In particular, javinete.dll and ashevtsvc.exe. The latter is a little sod; was in system32. Deleted the process then used fileshredder to terminate the mother.
Also shredded my cache and cookies, seeing as all my browsers are infected I thought I might as well.
The good news:
- My computer isn’t a smoking heap of slag yet.
- Firefox, like Lazarus, has risen from the dead! No crashes on startup!
The bad news:
- Apparently immediately after shredding ZA noted that AshEvtSvc.exe was trying to access the internet - I’m hoping the little sod is dead and it’s a delayed reaction from ZA.
- overlay.xul is back in Firefox’s extension’s folder, so I’ll shred the f’er and see if it comes back. While it’s there Google still redirects; according to the FF forums overlay.xul is coded for that exact purpose.
@ tdn - Malwarebytes.org should be the official website, if you’re having trouble I could send you the setup file as an email attachment.
Missed the edit window; There’s still a load of crap (random number executables, which try to access the internet) in my Local Settings/Temp file; Can’t access Local Settings ‘normally’, it’s just not there. Have to type the address into the address bar. Unfortunately this means that I can’t get fileshredder on it.
I honestly think you’re doing this the hard way. Avira boot CD, go away for an hour or two, come back and it’s clean.
I have no doubt that you are correct, what I’m doing now is just trying to kick it in the pants to slow it down or limit the spread/damage. The lack of immediate blank CDs (I know, I know) stops me from trying this right now, I’ll get a hold of one tomorrow and finish this.
There’s a bunch of files in the Temp file (random letters.random letters) that keep regenerating themselves after baleetion, so clearly the problem’s still there. I’m just glad I’ve got Firefox back.
Definitely try the Avira CD. The thing with most of the nasty viruses is that you can’t delete them while windows is running, no matter what you do. Usually it comes down to windows itself stopping you because “the file is in use”. You have to use a boot CD to get rid of them. The things you can kill from within windows are usually “protected” by something else running that immediately puts them back after you try and get rid of them.
When I clean up people’s systems it’s usually a case of using HijackThis to identify the files, then booting from a linux CD to actually delete them from the filesystem so they can’t start, then rebooting into windows and removing the startup entries with HijackThis so you don’t get error popups about the missing files. I have yet to find a decent tool that can get rid of everything without this manual process (I’m going to try Avira CD next time, I never heard of it before).
Bit of a problema; put in a blank CD downloaded the rescue CD app, ran it, it gives the name of my CD-RW drive and says “No CD inserted or not compatible burning device.”
The only option is to exit. It asks me if I “want to save the ISO-image to burn it using a different CD burning application”. I click yes, and ask it to save on my desktop. It does, the file wants to open with WinRAR. Extract all of it to desktop, then burn it to CD. But it won’t boot from the CD! It syas something like “reboot and please select proper boot device or insert boot disc”.
Where’ve I gone wrong? How can I create the disc? Any help much appreciated - I randomly got the BSOD yesterday (“Bad Pool Caller”). Fortunately it restarted normally.
Yeah, I can’t burn with their utility either. What you have to do it save the iso to the desktop, but DO NOT use winrar to open it. Opening with winrar is ruining the bootable part of it. Do you have Nero or CDRwin or some other image burning software? If you don’t, download imgburn. It’s free. Burn the iso to disc and then try booting again.
Thanks Nunavut Boy - once this is all over I think I owe you a drink!
I burnt the .iso onto a CD as it was, didn’t work either - I’ll try the software you recommended.
http://isorecorder.alexfeinman.com/isorecorder.htm This is a very simple tool that burns ISOs. It only burns ISOs. But it works well.
Managed to get it to work, but…it didn’t work. Flagged up a few things, but the problem’s still there. I’m trying BitDefender’s rescue CD, apparently it works a bit better on rootkits, which I probably have.