help! nasty virus that wont let me run antivirus software!!

Discussion in 'Virus Information' started by =?Utf-8?B?c2VlaGFy?=, Jun 30, 2004.

  1. Hey i think i have a really nasty virus because i cant run any anti virus software or open any antivirus websites, they just close themselves! even if i type in "virus" on google it closes :( anyone know what i can do?

    BTW, ive got windows XP but my antivirus software (avast) has run out coz i didnt register it (duh!)

    thanks, seehar :)

    p.s avast also messes up when i try to remove it, it just goes mad and loadsa windows come up and i have to turn the computer off at the mains!
     
    =?Utf-8?B?c2VlaGFy?=, Jun 30, 2004
    #1
    1. Advertisements

  2. =?Utf-8?B?c2VlaGFy?=

    Malke Guest

    It sounds like you have picked up a virus that immediately breaks any av
    installed. This could happen if you had an older antivirus version,
    weren't updating its definitions or didn't renew your subscription. The
    usual way to deal with this is to:

    1) Take the infected machine off the Internet and any lan immediately.
    2) From a different, clean machine download Stinger (http:/
    vil.nai.com/vil/stinger/) and run it in Safe Mode. Stinger is a limited
    virus checker, but its advantage is that it is standalone and doesn't
    need to be installed.
    3) Hope that Stinger cleans up the machine enough to be able to
    reinstall your av or install a new, current one. Update its definitions
    and do a full scan.
    4) Continue the cleaning process by removing any spyware with Spybot
    Search & Destroy (http://www.safer-networking.org) and Ad-aware
    (http://www.lavasoftusa.com). Be sure to update these programs before
    running them. These programs are free, so run them both since they
    complement each other. You may also want to run the latest CWShredder
    from http://www.spywareinfo.com/~merijn/index.html. Always read the
    instructions before running a spyware removal tool. It is best to run
    antivirus and spyware removal tools in Safe Mode.
    5) After you've installed your full-featured av, updated its
    definitions and run a full system scan.
    6) Make sure you are running a firewall.
    7) Go to Windows Update and apply all security patches for your
    operating system. Do not install drivers from Windows Update.

    You may also need to check your hosts files, as follows:

    1. In XP's Search preferences, set the files and folders handling to
    Advanced, and then check the box that will make Search look in hidden
    files/folders.
    2. Now enter the search term "hosts" without the quotes.
    3. You will get several hosts and lmhosts files. Double-click each one
    to open it. When you do this, you'll get a Windows dialog box saying
    that Windows cannot open this file, do you want to use the web or
    select from a list to find the proper program. Choose "select from a
    list" and highlight Notepad. Make sure the box to always use this
    program to open this type of file is not checked.
    4. Now carefully examine the file. Lines that begin with a # are
    comments and don't count. Leave them alone. Unless you know you use a
    proxy server to get to the Internet or you added entries yourself, the
    only uncommented entry that should be there is:

    127.0.0.1 localhost

    If you see any other entries, delete them and Save the file. Make sure
    you scroll all the way down to the bottom of the window if there is a
    scrollbar. Do this for each file you found. Now you should be able to
    get to antivirus and spyware-fighting websites.

    And renew your antivirus subscription and this won't happen again.

    Malke
     
    Malke, Jun 30, 2004
    #2
    1. Advertisements

  3. =?Utf-8?B?c2VlaGFy?=

    Malke Guest

    Hi, Seehar. You want to download Stinger (and any other tools) on a
    clean machine and either save it to cd-r or a floppy. CD-r is easiest,
    I think. Then you want to go into Safe Mode to turn off services and
    run Stinger and all that. You won't be allowed to do anything
    constructive in regular mode because of the viruses. And yes, I think
    you have more than one.

    Malke
     
    Malke, Jun 30, 2004
    #3
  4. =?Utf-8?B?c2VlaGFy?=

    Malke Guest

    Again, you are not going to be able to do anything constructive on your
    pc (including downloading av tools and fixing hosts files) until you
    get the viruses cleaned off. If you are finding this difficult, take
    the machine to a good local repair shop and have them do it for you.

    Good luck,

    Malke
     
    Malke, Jun 30, 2004
    #4
  5. =?Utf-8?B?c2VlaGFy?=

    taff Guest

    Restart in safe mode ( F8 on startup ) and log in as administrator.

    Taff.............



    www.sounds-pa.com | www.thecomputerworkshop.com
     
    taff, Jul 2, 2004
    #5
  6. =?Utf-8?B?c2VlaGFy?=

    Jason Wade Guest

    You might be able to run stinger after renaming it to something the virus
    won't interfere with.
     
    Jason Wade, Jul 2, 2004
    #6
  7. Malke's advice will be pretty much best-case if you are on NTFS, but
    if you are on FATxx, you can do better (as annotated along the way)
    If FATxx, at this point you should do a formal virus check as per
    http://cquirke.mvps.org/9x/virtest.htm using a Win98xx boot diskette
    and free DOS-based av from www.f-prot.com, www.nod32.com and/or
    www.sophos.com - the last two are free for evaluation and won't offer
    updates; the first is free with free updates, which you should
    download at the same time.

    If NTFS, then it's a lot harder to do a formal virus check because MS
    denies you access to the only native maintenance OS NTFS has. See
    http://cquirke.mvps.org/whatos.htm for your much-reduced options, or
    as Dirty Harry says, "Do you feel lucky?" you can skip the formal av.

    A limitation of most, if not all, formal av methods on XP will be an
    inability to clean up registry references. For this reason, and
    others, it's imperitive that you save logs of everything the av
    scanner finds and does.

    There's a case to be made for doing the formal scan in "report only"
    mode, or as an automatic rename so that changes can be undone (e.g. if
    you need to put the malware back to ward off a face-hugger dependency)

    At this point, you hopefully have a list of malware that you know you
    are after. Use the same clean PC you used to download the av,
    Stinger, etc. to read up the malware you found at reference sites such
    as http://www.f-secure.com/v-descs etc. You do this in case there are
    caveats in cleaning the malware, and to what additional settings need
    fixing or patches need installing to close holes the malware exploited
    Hope that any active malware doesn't strike back as soon as your av
    tries to come after it. Safe Mode Command Prompt Only is the option
    least likely to run active malware, but even that can run active
    malware that resides within existing code or is patched in through
    methods other than those Safe Mode bypasses.
    Also, make sure you don't have File and Print Sharing bound to your
    Internet connection, and that you are not full-sharing the whole of C:
    (even on the LAN). Consider killing XP's hidden admin shares.

    Only at this point, do you reconnect to the 'net
    I'd say, with the quotes - else Search may find things like HOSTS.SAM,
    LMHOSTS.* and other things you don't want to pick a fight with
    What is LMHosts, anyway?
    Correction: This *may* not happen again.

    "Why do I keep open buckets of petrol next to all the
    ashtrays in the lounge, when I don't even have a car?"
     
    cquirke (MVP Win9x), Jul 3, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.