computer help..

[scotty]

So, I know nothing about computers..That said, I need some advice. I was just on my laptop checking my Facebook and my XP Home Security pops up saying I have 27 infections. I click "Remove" and I wants me to spend money. Worried I might have someone draining my back accunt, I just simply disable my wireless on it. I open up my Norton AntiVirus to do a full system scan. So far it has not detected anything. Mean while this XP Home Security screen keeps comming up, even when I exit out of it.

I don't remember even using this XP once on my laptop. I have owned it for like 5 years now. lol Should I just trust my Norton and go about my stuff? I hate my wife's laptop. It's super slow.

[DaBlue1]

Have you tried Malwarebytes?
http://download.cnet.com/Malwarebyte...-10804572.html

[scotty]

I don't know what that is, but I will download it!

[ajmueller]

Basically you get a virus that pretends that it's an anti-virus, getting you to click on it (even just closing the window can do bad things) and even getting you to pay for the product to remove whatever infections it found. Of course it doesn' fix anything and they have your $. VERY FRUSTRATING!

If you can, get any important files off your computer and onto a USB drive.

If you have System Restore turned on you may try restoring to a point before you were first notified of all the "infections." Then download and run "Malwarebytes Antimalware" and "SuperAntiSpyware" for starters. Hopefully this will take care of your problem.

Good luck!

[jmgrande]

[scotty]

Quote:

Originally Posted by ajmueller

Basically you get a virus that pretends that it's an anti-virus, getting you to click on it (even just closing the window can do bad things) and even getting you to pay for the product to remove whatever infections it found. Of course it doesn' fix anything and they have your $. VERY FRUSTRATING!

If you can, get any important files off your computer and onto a USB drive.

If you have System Restore turned on you may try restoring to a point before you were first notified of all the "infections." Then download and run "Malwarebytes Antimalware" and "SuperAntiSpyware" for starters. Hopefully this will take care of your problem.

Good luck!

I just tried doing the system restore. I set it back to about a month ago. Said it couldn't be completed as there hasn't been any changes. Maybe it's time to upgrade.

[RhinoJC]

That bogus security software popup is itself malware. It's fairly common to see bogus security warnings pop up and tell you that you need to do this, that, and the other thing. However, by doing this, that, and the other thing, you're actually installing a virus.

Don't give it your C.C. details.

The fact that Norton isn't picking it up makes me wonder a few things, but not likely questions you would be able to answer.

Although I am curious which version of Nortons you have installed and whether or not you have an active subscription.

As far as XP is concerned, scrap it. Your personal preference is irrelevant since XP is no longer supported and being specifically targeted due to its unsupported status. If your laptop can handle Win 7, get it. If not, don't enter any credentials into that system, ever. You can use it for basic web browsing that doesn't require you to log into the website, but beyond that, you're running a major risk. I would suggest turning it into a Linux box, but that's a little outside of the "novice" category. Linux is fairly simple and straight forward, but does take a little getting used to.

Before this turns into a "Which AV software is best" debate, you made a good choice in AV software. Unless someone arguing can provide solid credentials as to their personal level of expertise, everything they are saying is an opinion, not fact.

Symmantic is a major player in the IT security industry, not some random company pushing a product they know nothing about.

Norton Internet Security has been ranked in the top 5, if not number 1, by many reputable PC websites for several years.

The "Norton is a resource hog" argument died several years ago.

5 minutes of Google research can easily verify these things. Don't take my word for it, check it.

Personally, I use Norton 360 on all three of my systems as well as Norton Mobile Security on my droid.

As far as Malwarebytes, it's a good secondary tool, but don't rely on it as your primary scanner.

[sarapacman99]

Before anything else, that virus is called Anti-Spyware 2010. I've had clients get that virus, some of them actually put their card information in. A few days later they see a charge coming from the UK being wire transferred next to a bank account in south Africa.

Anyway, what you need to do first is download ComboFix, preferably from another computer saved into a thumbdrive or burned into a CD (too much hassle though). Also download Microsoft Security Essentials and as what otehr people said earlier MalwareBytes. They're free and are ranked pretty well on Maximum PC's best anti-spyware programs of 2011.

Next, boot your PC into Safe Mode. Restart your system and as it comes up repeatedly press the F8 key. It will give you a list of choices, pick Safe Mode with Networking. Safe mode only loads processes essential for Windows to boot up, some people call it Simple mode.

Next insert that thumbdrive or CD and run ComboFix. Just say yes to all prompts and it will then start scanning. Let the scan finish, depending on your storage space and actual used storage, it may take an hour or more for scanning. After scanning with ComboFix is done, install MSE and then do an update then do a Full Scan. DO the same thing with Malware-Bytes.

I run through these filters just to make sure that nothing is left behind. One scanner just ain't good enough.

For me, it's best to physically take the drive out and connect it to a separate computer via some adapters or using an external hard drive enclosure. You can then plug that drive into another computer's USB port and you can use it as an external drive. You can do your scans from that computer just don't ever open any file even if it's something you recognize. Opening an infected file with activate the virus. Re-contamination occurs.

[CynicalC]

eh yeah you've got some spyware. Once you get it all squared away, ditch nortons and get microsoft security essentials. It's free, lightweight and it works best.

[kevlarorc]

Malwarebytes is a good program. I have twice had very similar problems that you are having and both times a nice little program called SmitFraudFix by S!RI fixed it for me.
http://siri.geekstogo.com/SmitfraudFix.php

It's a very basic program that runs in command prompt but it works wonders.

[Jesse8931]

Quote:

Originally Posted by sarapacman99

Before anything else, that virus is called Anti-Spyware 2010. I've had clients get that virus, some of them actually put their card information in. A few days later they see a charge coming from the UK being wire transferred next to a bank account in south Africa.

Anyway, what you need to do first is download ComboFix, preferably from another computer saved into a thumbdrive or burned into a CD (too much hassle though). Also download Microsoft Security Essentials and as what otehr people said earlier MalwareBytes. They're free and are ranked pretty well on Maximum PC's best anti-spyware programs of 2011.

Next, boot your PC into Safe Mode. Restart your system and as it comes up repeatedly press the F8 key. It will give you a list of choices, pick Safe Mode with Networking. Safe mode only loads processes essential for Windows to boot up, some people call it Simple mode.

Next insert that thumbdrive or CD and run ComboFix. Just say yes to all prompts and it will then start scanning. Let the scan finish, depending on your storage space and actual used storage, it may take an hour or more for scanning. After scanning with ComboFix is done, install MSE and then do an update then do a Full Scan. DO the same thing with Malware-Bytes.

I run through these filters just to make sure that nothing is left behind. One scanner just ain't good enough.

For me, it's best to physically take the drive out and connect it to a separate computer via some adapters or using an external hard drive enclosure. You can then plug that drive into another computer's USB port and you can use it as an external drive. You can do your scans from that computer just don't ever open any file even if it's something you recognize. Opening an infected file with activate the virus. Re-contamination occurs.

You shouldn't recommended users to run combofix.

[DaBlue1]

If you have had a bogus pop up for a while, chances are that same bogus info is stored in your System Restore as well. Using Malwarebytes will remove it. However, after you you use it, set a new restore point and as good practice, back up your most important files.

Like someone mentioned, Norton is a good program, but like most AV programs it may miss a thing or two every now and then. Malwarebytes will help supplement it. On some older under memoried XP machines, Norton can still be a resource hog. If you have not maximized you memory capacity it still may run a little slow.

If you are a novice, I do not recommend you using Combofix or Smithfraud.

[Live2ride]

I had my bosses computer at work have a very similar virus (ie. one posing as an anti virus). The fastest, easiest and best way to get rid of the virus is to enable safe mode command prompt, find the bugger and delete it back to hell where it came from. Unfortunately you have to be computer savvy to know how to do it. I'd help you if I were there but honestly if you have any computer savvy friends that you could ask to come over they should be able to fix it in a jiffy.

[Live2ride]

I'd recommend this page for help.

[Jesse8931]

Best forum for virus issues

http://www.bleepingcomputer.com/forums/

Btw Ive been a manager of a computer repair store since I was 18

[CThunder-blue]

Stop looking at porn sites

[CZroe]

Quote:

Originally Posted by CThunder-blue

Stop looking at porn sites

This stuff was a big problem in the late 90s as well, though they didn't always exploit your computer. They usually just convinced you to download something malicious. I remember when my friend's dad would get a new porn dialer installed on their PC every week. They'd turn off your modem's speaker and dial a 1-900 number to get you on the Internet and access the... umm... err... "info" you wanted while leaving the user unaware of the switch. From then on, any time you went online you were being billed at an exorbitantly high 1-900 rate. Sneaky sneaky.

Heck, some of the porn dialers weren't technically "malicious" because they spelled out what they were going to do in the terms that no one reads and didn't hijack your default connection to the Internet. They preyed on user ignorance.

[Jesse8931]

Quote:

Originally Posted by CZroe

This stuff was a big problem in the late 90s as well, though they didn't always exploit your computer. They usually just convinced you to download something malicious. I remember when my friend's dad would get a new porn dialer installed on their PC every week. They'd turn off your modem's speaker and dial a 1-900 number to get you on the Internet and access the... umm... err... "info" you wanted while leaving the user unaware of the switch. From then on, any time you went online you were being billed at an exorbitantly high 1-900 rate. Sneaky sneaky.

Heck, some of the porn dialers weren't technically "malicious" because they spelled out what they were going to do in the terms that no one reads and didn't hijack your default connection to the Internet. They preyed on user ignorance.

I can remember when you could get some "hot access numbers"

[HKr1]

Dont know if you fixed that virus "XP 2011 Anti Virus" yet. I got it off greggscustoms.com the other day. Adobe poped up, and then that crap loaded.
None of the removal programs would load. Renaming/loading from another computer didnt work.
Really no programs would work, would ask "what do you want to open with?"
Same with system restore.... any program..^
I got 1 removal tool to load in "safe mode with networking" from pc tools. spydoctor, it scanned and wanted money. I paid it didnt work. Got a refund a week later.
MacAfee wanted 90 dollars to remove! it was there dam **** that that didnt catch it

Anyway, was lucky to get into system restore via safe mode with networking. Restored to earliest point. fixed everything......I dont know if that crap is still hiding in there... what a mess.. took 10 hours of screwing around.!

[Jesse8931]

Quote:

Originally Posted by HKr1

Dont know if you fixed that virus "XP 2011 Anti Virus" yet. I got it off greggscustoms.com the other day. Adobe poped up, and then that crap loaded.
None of the removal programs would load. Renaming/loading from another computer didnt work.
Really no programs would work, would ask "what do you want to open with?"
Same with system restore.... any program..^
I got 1 removal tool to load in "safe mode with networking" from pc tools. spydoctor, it scanned and wanted money. I paid it didnt work. Got a refund a week later.
MacAfee wanted 90 dollars to remove! it was there dam **** that that didnt catch it

Anyway, was lucky to get into system restore via safe mode with networking. Restored to earliest point. fixed everything......I dont know if that crap is still hiding in there... what a mess.. took 10 hours of screwing around.!

its still there you need to run malwarebytes on a full scan.

[SSR]

Quote:

Originally Posted by scotty

my XP Home Security pops up saying I have 27 infections. I click "Remove" and I wants me to spend money.

Microsoft will NEVER ask you to spend that way. Their business model is either through retail (physical DVD's) or by purchasing directly from their website and downloading, similar to downloading ebooks from Amazon. Anytime you get a pop-up asking for money, it's not legit.

There are also a ton of free anti-virus software out there. Many large companies will have free consumer versions. I've been recommending Microsoft Security Essentials to friends and family. It's free from Microsoft and very quite good.

[sarapacman99]

Quote:

Originally Posted by Jesse8931

You shouldn't recommended users to run combofix.

why not?

[Jesse8931]

Quote:

Originally Posted by sarapacman99

why not?

http://www.bleepingcomputer.com/comb...o-use-combofix

[scotty]

Quote:

Originally Posted by CThunder-blue

Stop looking at porn sites

What am I supposed to do all day now?!?

I've tried everything, system restore, ran a scan, and I tried to delete it. This XP thing is nowhere to be found beside on my front screen. I went into the add/remove programs and it wasn't there.

I have a few friends that are smart with computers, I am going to call them up to see what they can do.

[CThunder-blue]

Quote:

Originally Posted by scotty

What am I supposed to do all day now?!?

I've tried everything, system restore, ran a scan, and I tried to delete it. This XP thing is nowhere to be found beside on my front screen. I went into the add/remove programs and it wasn't there.

I have a few friends that are smart with computers, I am going to call them up to see what they can do.

Usually, when I find a trojan like what you have, when it pops up, I bring up the task manager and find any processes running that I don't recognize. Google them and one of them is usually found to be a trojan. Use a different computer to google and such. The links usually contain steps on how to remove them as well. Searching your computer related to "XP" or any virus is usually futile since they don't normally name their file the same name as what's on the pop up. Best thing to do right now is back up any data, music, photos you want to keep. If worse comes to worse, you can wipe the drive and reinstall.

[DaBlue1]

Quote:

Originally Posted by scotty

What am I supposed to do all day now?!?

I've tried everything, system restore, ran a scan, and I tried to delete it. This XP thing is nowhere to be found beside on my front screen. I went into the add/remove programs and it wasn't there.

I have a few friends that are smart with computers, I am going to call them up to see what they can do.

If that is the case, removing your hard drive and installing it in a external enclosure or installing it in a virus free computer and scanning it with Malwarebytes is the next choice. Your harddrive should be a secondary drive on virus free computer with malwarebytes installed. Once reinstalled back in your computer, scan again.

[scotty]

Okay, i'm getting somewhere, and learning new stuff! I am now in "safe" mode. When I open my Task Manager, I see my problems. So far I confermed 5 viruses. The name of them are, "svchost.exe" There are more i'm sure, still looking them up on google. How do I delet them? I ran my Nortan scan, but on scaned 1 file. lol. Even in safe mode, the XP is jumping up.

[Cuongism]

Safe mode and malwarebytes generally works for me. You might have to download malwarebytes onto a flash drive on another computer if the virus doesn't let you download anything.

[scotty]

csrss.exe, is anther one. Thats the bad one I think. Yahoo said its a virus that alows locals to steal passwords, ect.

[scotty]

Quote:

Originally Posted by Cuongism

Safe mode and malwarebytes generally works for me. You might have to download malwarebytes onto a flash drive on another computer if the virus doesn't let you download anything.

Yeah, it has gotten way worse. When i'm not messing with it, I turn it completly off and take out the battery. When I started it up normal, I coulnt open anything. My screen was just blue.

[setasai]

Everybody has different ways of fixing this. My personal advice is to transfer ALL your important stuff (documents, music, photos, bookmarks, all of it) to a USB stick or External harddrive or even burn it on a CD. Once you have everything backed up, I highly recommend a reformat/reinstall of the ENTIRE OS. It is the ONLY surefire way that ALL viruses/trojans are removed/deleted.

Creators of viruses are very clever and there will never be a piece of software that can remove it completely without causing you to spend hours upon hours scanning and booting and removing stuff. Reformatting and reinstalling will take at most 3 hours and you'll have a fresh computer for which you know is clean.

If you need more details on how to go about it, PM me and I'll try to help. IMHO, no faster or cleaner way of being sure you're safe.

[DaBlue1]

Quote:

Originally Posted by scotty

Okay, i'm getting somewhere, and learning new stuff! I am now in "safe" mode. When I open my Task Manager, I see my problems. So far I confermed 5 viruses. The name of them are, "svchost.exe" There are more i'm sure, still looking them up on google. How do I delet them? I ran my Nortan scan, but on scaned 1 file. lol. Even in safe mode, the XP is jumping up.

crss.exe (Client/Server Runtime Subsystem) is a Windows System file not a virus, however it can be corrupted by a virus. svchost.exe is also a windows system file. Certain program and services use this command when accessing the net and may show multiple instances in task manager. A corrupted svchost.exe can allow redirects or popups to and from unwanted sites. However you can not tell by just looking at task manager if it is an infection.

Not unless your computer is completely over run by infections and you are totally unable to execute any commands or programs, an XP in place repair or fresh install should be your last resort. Just make sure you have an original install disc. Because you said you know nothing about computers, I would recommend you let a pro look at it for you. I have had to remove the HDD from computers many times, place them in a clean unit, and scan them (to remove infections which other wise rendered the original computer useless ) with no data loss. As I mentioned before back up your data if possible. if you choose to reformat. Understand doing either an XP repair or reinstall. All Services Pack and MS updates will have to be updated again. With an XP reinstall you will have to reinstall all programs that you had previously.

There are a couple of programs you can use to temporally disable unwanted programs from operating so you can use your AV, SW, MW programs. It is recommended you download them to and run from a USB and use them in safe mode.

TDSS killer http://support.kaspersky.com/viruses...?qid=208280684
RKill http://www.bleepingcomputer.com/down...ti-virus/rkill

[RhinoJC]

Quote:

Originally Posted by DaBlue1

crss.exe (Client/Server Runtime Subsystem) is a Windows System file not a virus, however it can be corrupted by a virus. svchost.exe is also a windows system file. Certain program and services use this command when accessing the net and may show multiple instances in task manager. A corrupted svchost.exe can allow redirects or popups to and from unwanted sites. However you can not tell by just looking at task manager if it is an infection.

It's common to have multiple svchost.exe running at the same time, I think I've counted 11 before.

If you've run multiple scans without any results, it's possible you have a rootkit, which isn't easy to detect or get rid of. It usually involves some very powerful tools or actually going in and adjusting the registry manually, both of which can kill the OS permanently if you make a mistake.

Hijackthis is one such tool which I personally recommend, although since you're not an expert I strongly suggest you just create a report and have an expert go over it. Hijackthis does not differentiate between safe and unsafe files. You tell it to remove something and it's gone, whether it's system critical or not.

http://download.cnet.com/Trend-Micro...-10227353.html

Use it at your own risk. Messing with the registry is the fastest way to destroy your system.

[PsychoNinja]

Sounds like the Antivirus Virus. It is a PITA to remove manually. Took me roughly 5 hours when I got it on my PC 2-3 years ago. As someone else has already stated, backup all your important personal files and reinstall Windows. It's the fastest and easiest way to get rid of it unless you have the know how and patience to get rid of it yourself!

Good luck!

[scotty]

Quote:

Originally Posted by PsychoNinja

Sounds like the Antivirus Virus. It is a PITA to remove manually. Took me roughly 5 hours when I got it on my PC 2-3 years ago. As someone else has already stated, backup all your important personal files and reinstall Windows. It's the fastest and easiest way to get rid of it unless you have the know how and patience to get rid of it yourself!

Good luck!

Yeah, i'm goimg to reinstall windows. I just can't find my CD that came with my laptop. I'm in the middle of moving, and i'm hoping the wife just packed it into a box somewhere.

[Cuongism]

Scotty, before resorting to that, have you tried malwarebytes in safe mode yet? XP Home Security virus is an easy Trojan to remove. Re-installing windows will take quite awhile especially having to backup everything.

http://www.virusremovalguru.com/?p=6813

[DaBlue1]

Quote:

Originally Posted by scotty

Yeah, i'm goimg to reinstall windows. I just can't find my CD that came with my laptop. I'm in the middle of moving, and i'm hoping the wife just packed it into a box somewhere.

There are a couple of programs you can use to temporally disable unwanted programs from operating so you can use your AV, SW, MW programs. It is recommended you download them to and run from a USB and use them in safe mode.

TDSS Killer http://support.kaspersky.com/viruses...?qid=208280684
RKill http://www.bleepingcomputer.com/down...ti-virus/rkill

Give them a try, it's easier than you think.

[scotty]

Quote:

Originally Posted by Cuongism

Scotty, before resorting to that, have you tried malwarebytes in safe mode yet? XP Home Security virus is an easy Trojan to remove. Re-installing windows will take quite awhile especially having to backup everything.

http://www.virusremovalguru.com/?p=6813

I will try that now! Although, yesterday when I have it running a "new" anti vir program poped up along with the XP. I don't remember the name of this one, but it's more annoying than the XP now.

This whole thing is weird. I never had any problems with my laptop untill I move to where i'm living now. When I'm on my laptop, Norton will have a small box pop up about once an hour saying, "a recent attake was attepted and blocked" When I used my laptop anywhere ealse, that never happend. Not sure if that has anything to do with this or not.

[Cuongism]

Yea, easiest way to remove those popup viruses is to run an antivirus program in safe mode which prevents the virus from loading in the first place. Download malwarebytes onto a USB drive on your computer, load your wife's laptop in safe mode and run the program from the USB drive. This should honestly do the trick for you.

[DaBlue1]

Quote:

Originally Posted by scotty

...This whole thing is weird. I never had any problems with my laptop untill I move to where i'm living now. When I'm on my laptop, Norton will have a small box pop up about once an hour saying, "a recent attake was attepted and blocked" When I used my laptop anywhere ealse, that never happend. Not sure if that has anything to do with this or not.

Your laptop is trying to connect to a remote server and Norton is blocking that attempt. This may be caused by several infections on your computer. The reason Norton has not been able to detect the source of your problem is due to the malicious software hiding itself. It's called a rootkit. That's where TSDD Killer and Rkill come in. They disable and detect & remove bogus rootkits. Combined with Malwarebytes you should be able to fix your problem.