Overclock.net banner
Cancel

Help...bad malware/virus/trojan...help

691 Views 12 Replies 8 Participants Last post by  Trav1s
S
I've been going at this thing for 3 hours using google search and everything. But I can't seem to find the information I need to remove whatever trojan/malware/spyware I have.

First I got it from a p2p network trying to download Warhead so I don't have worry about DRM (I have a legit copy) anyways I scan the thing for viruses and nothing came up. So I tried to install it to no avail.

Problems I'm Experiencing
1.After that happened my Firewall was turned off. And every time I restart my computer it's automatically off. I have to manually turn it on.

2.When I go into my Firefox and use the google search engine, to search like OCN. I click the numerous links and it would redirect me to some other site and not the one I clicked on.

3.I tried going on Anti-Virus/Anti-Spyware/Anti-Malware sites and it would come up as "Page cannot be displayed or can't connect"

4.I tried running Spybot Searching & Destroyy and it won't even open, same with Ad-Aware & Malwarebytes. My AVG doesn't find anything either.

5.CPU USAGE IS THRU THE ROOF.

6.I can't open double click on my hard drive to open it would give me this error "Recycler\\S-3-5-90-100005040-xxxxxxx-xxxxxxx-xxxxxx.com". Both my internal and external hard drives have this problem.

I don't want to reformat my computer because I can't put important files on my external harddrive since it's suffering the same problems as my internal one. And I don't have another extra hard drive to all my files on.

I tried to even boot into safe mode and tried to delete things there but it wouldn't let me nor let me use my anti software. Please help +Reps for helpful posts.
Reply
Save
Like
1 - 13 of 13 Posts
D
http://housecall.trendmicro.com/

If you can get there run the free scan, saved me a few times, if not try running Spybot without being connected to the internet.

Not exactly a easy fix but if you could pick up another hard drive , install xp then run the virus scan on that install with your infected drive as a slave.
Reply
Save
Like
  • Rep+
Reactions: 1
Acoma_Andy
Which items are in your startup list (msconfig)? Perhaps post a screenshot of it.

And do you only have 1 320GB partition? If you had 2, you could move all the files you want to keep, and format the partition with the OS.
Reply
Save
Like
  • Rep+
Reactions: 1
S
The redirecting is likely hosts file.

Go to:
SystemRoot\\System32\\drivers\\etc\\hosts.
(Where SystemRoot = windows directory, so likely C:\\Windows\\System32\\drivers\\etc\\hosts.)

Edit that file - hosts. This is the ONLY stuff that should be in there:

127.0.0.1 localhost
::1 localhost

If not, delete everything else and replace it. Won't fix your virus problem, but will at least allow you to temporarily google things.
Reply
Save
Like
  • Rep+
Reactions: 1
S
3
Quote:

Originally Posted by diligenthunter View Post
http://housecall.trendmicro.com/

If you can get there run the free scan, saved me a few times, if not try running Spybot without being connected to the internet.

Not exactly a easy fix but if you could pick up another hard drive , install xp then run the virus scan on that install with your infected drive as a slave.
Can't do the housecall trendmicro thing because says it page can't be loaded. *Sighs* I was really looking to buy another harddrive but I'll use that as my last resort

Quote:

Originally Posted by Acoma_Andy View Post
Which items are in your startup list (msconfig)? Perhaps post a screenshot of it.

And do you only have 1 320GB partition? If you had 2, you could move all the files you want to keep, and format the partition with the OS.
yes i have only 1 partition. And I check my msconfig list and everything that is there should be there. There is nothing out of the ordinary on my startup list nor my process list.

Quote:

Originally Posted by Sacre View Post
The redirecting is likely hosts file.

Go to:
SystemRootSystem32driversetchosts.
(Where SystemRoot = windows directory, so likely C:WindowsSystem32driversetchosts.)

Edit that file - hosts. This is the ONLY stuff that should be in there:

127.0.0.1 localhost
::1 localhost

If not, delete everything else and replace it. Won't fix your virus problem, but will at least allow you to temporarily google things.
Thanks I'll go ahead and try that. what program do you use to edit it with?

I took out my external hardrive and run it on my laptop using spybot and it found a Malware:

"Win32.TDSS.rtk"
-(SBI $9C77F4E3) Installer
- F:\\autofun.inf
See less See more
Reply
Save
Like
S
Quote:

Originally Posted by S2kphile View Post
"Win32.TDSS.rtk"
-(SBI $9C77F4E3) Installer
- F:autofun.inf
That's not good, it's a downloader trojan. It's a super simple and lightweight trojan that paves the way for other harder viruses/trojans/spyware to get in. (It 'downloads' them to your machine, while being small enough for you to initially not notice the size)
See less See more
Reply
Save
Like
  • Rep+
Reactions: 1
Acoma_Andy
Quote:

Originally Posted by S2kphile View Post
yes i have only 1 partition. And I check my msconfig list and everything that is there should be there. There is nothing out of the ordinary on my startup list nor my process list.
If you have good partitioning software (such as Acronis or Partition Magic), you could resize your 320GB partition and make it a bit smaller. Then create a new partition of the space you made free. Would be handy for future usage also, or if you run into problems like these.

Also it looks like your external harddrive is now passing on the virus.
See less See more
Reply
Save
Like
  • Rep+
Reactions: 1
S
2
Quote:

Originally Posted by Sacre View Post
That's not good, it's a downloader trojan. It's a super simple and lightweight trojan that paves the way for other harder viruses/trojans/spyware to get in. (It 'downloads' them to your machine, while being small enough for you to initially not notice the size)
Thats what I thought. Damn anyway to remove this sucker? on my Main computer?

Quote:

Originally Posted by Acoma_Andy View Post
If you have good partitioning software (such as Acronis or Partition Magic), you could resize your 320GB partition and make it a bit smaller. Then create a new partition of the space you made free. Would be handy for future usage also, or if you run into problems like these.

Also it looks like your external harddrive is now passing on the virus.
Crap I guess I have to reformat. I hope I can salvage my external so I can put important files on there.
See less See more
Reply
Save
Like
D
Yeah, disconnect from the net immediately. Can you download a copy of spybot and adaware on another PC and save it to a USB stick and install from there?
Reply
Save
Like
  • Rep+
Reactions: 1
keyboard_commando
If you plugged your hardrive into your laptop, chances are that is now infected.

You are going to need to scan your laptop

Use Malwarebytes, and SuperAntiSpyware, these are two of the best scanners and find much more than Spybot S&D.

download this and post results from your main comp back here.
Reply
Save
Like
  • Rep+
Reactions: 1
S
Quote:

Originally Posted by S2kphile View Post
First I got it from a p2p network trying to download Warhead so I don't have worry about DRM (I have a legit copy) anyways I scan the thing for viruses and nothing came up. So I tried to install it to no avail.
This never ceases to amaze me, that with all the warnings in the world about downloading programs that can't be verified as virus/malware/spyware free, folks still don't care and download it -- and here we are today.

What will it take for end-users to learn to never accept candy from strangers?
See less See more
Reply
Save
Like
D
The best thing is to abandon Windbloze entirely. Barring that at least set up a copy of bloze in a VM so you can test drive stuff before you run it on your main desktop. If it goes nuts then all you lose is the VM.
Reply
Save
Like
Trav1s
Check your services to see if it's in the startup or what not.
Reply
Save
Like
1 - 13 of 13 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Overclock.net
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
Hardware News Intel CPUs PC Gaming NVIDIA Water Cooling
Top