PDA

View Full Version : Computer infected, virus unknown



AmandaLof
05-12-2015,
Hello,

I have a laptop running Windows XP and am a very cautious user.

In addition I have Panda Free Antivirus and Windows Firewall running and then MalwareBytes, SuperAntiSpyware, and Panda Cloud Cleaner for removal.

My computer started running VERY slowly and that was followed by the occasional hijacked page.

I have run rkill and all three removal tools separately and removed anything they found, but there is still something wrong - it's just not as blatant as some other viruses I have encountered.

Any help would be very much appreciated.

Thanks,

Sarah

AmandaPoks
05-14-2015,
The virus has shown itself again - micropctek. I'm going to see what I can find on here about how to remove it. The usual tools I use aren't working.

Amanda_diack
05-15-2015,
Run this instead of Sophos...

Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)




Disable your antivirus program
Click on "Run ESET Online Scanner" button.
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

AmandaSl
05-16-2015,
Hi Broni,

I did everything you asked - but I didn't see anything with the option to scan archives. I thought I might after it installed, but it went right into the scan. During the scan Google Chrome was still being hijacked.

Here is the report:

C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.jsJS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.js JS/Kryptik.ATB trojancleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.js JS/Kryptik.ATB trojancleaned by deleting - quarantined
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.jsJS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Sarah Beth\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.jsJS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fbhkadofcemnmfohgfillpbdjm gecfib\2.0\doWO40ngYL.jsJS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined

Thanks!

AMarlenekn
05-16-2015,
Hi Broni,

I reset Chrome (and had also done it before we started working together) and that didn't help at all. I hated to give in and completely uninstall it, so I went through all of your steps again...and again had no luck with Junkware Removal Tool and Sophos. They just won't work. ESET is running now and I found the dialog area to select "scan archives." It is painfully slow. The hijacking virus seems to be stampalive.

I updated my Java - although the newest version is technically not supported with Windows XP.

I'll let you know what ESET says and if it says nothing I will go ahead and uninstall Chrome.

Thanks for everything,

Sarah

AmbubSamt
05-16-2015,
Its very sad what happened with your computer. I also faced similar problem. I got my computer infected with virus though I had Norton™ AntiVirus, anti malware,spyware, firewall pre installed. You can follow these tips to protect your pc or laptop form any damage in future due to virus



On a PC, change the CMOS setting of your boot up process from booting first on the A drive (floppy) and then on the C drive (hard drive) to just booting on the C drive. This will not only speed up your boot up process but also completely eliminate the risk of infecting your hard drive with an infected floppy disk.
Configure your web browsers to disable ActiveX, Java, and Javascript. You'll lose some of the fun the Web's been known for, but you'll save your computer from contracting a virus and speed up your connection.
Use a security conscious Internet service provider (ISP) that implements strong anti-spam and anti-phishing procedures.You can find here (http://www.savannahitshop.com/computer-repair/) the list of secure ISP.
Use a pop-up blocker with your browser. Pop-up windows are small browser windows that appear on top of the website you're viewing. Although most are created by advertisers, they can also contain malicious or unsafe code. A pop-up blocker can prevent some or all of these windows from appearing.
Don't open email attachments unless you're expecting them. Many viruses are attached to email messages and will spread as soon as you open the email attachment. It's best not to open any attachment unless it's something you're expecting
​For reference -http://windows.microsoft.com/en-in/windows7/tips-for-protecting-your-computer-from-viruses http://home.mcafee.com/advicecenter/?id=ad_ost_htpycavawa

Hope these tips are of some help for you !! http://www.bleepingcomputer.com/forums/public/style_emoticons/default/dance.gif