Help! I have a virus ...........

@Stiletto (4579)
March 28, 2008 9:04pm CST
It came through MSN messenger and I can't get rid of it! I was in the middle of a conversation with someone when it looked as if the other person asked "is this really you?" and it had what looked like a link to an image attached to it. So I stupidly clicked the link and it was an .exe file which is causing havoc with my pc! It keeps shutting down, my desktop disappears, there are some websites I just can't open (Facebook for example) and my browser keeps switching to dating and gambling sites! Tried everything to get rid of it - I know exactly the files that are infected but I can't quarantine or delete them because I get a message that other programs are using them (they're all system32 files). AVG and Trend Micro identify them but can't quarantine them and Norton can't deal with it either apparently! I've tried Unlocker and Killbox too but neither works. I also can't do a system restore. Tried it and it fails every time. Having searched for possible solutions online (and not being able to find one that works!) I now know that this "messenger" virus has been around for about 3 or 4 years so I wondered if anyone on here has had to deal with it, and if so how did you get rid of it? I really, really don't want to have to wipe my hard drive but at the moment it's looking like the only solution!
3 people like this
9 responses
@theprogamer (10534)
• United States
29 Mar 08
Try to restart your computer in safe mode to see what that does. It should be the F8 key in order to get to safe mode option when starting up. If you restart in safe mode there's a better chance the .exe won't start up(since safe mode cancels all non-essential startups). You can manually start your AVG, Trend and Norton in safemode. When in safe mode start up your anti-virus and run a scan. The scanner might be able to detect and deal with the program when its not running. Another option is to try to repair your operating system by getting the operating software or recovery disc and loading that in. You'll want to hit install and it'll check for previous installations of the OS. It should detect it and give you an option to repair the installation. http://www.michaelstevenstech.com/XPrepairinstall.htm
3 people like this
@Stiletto (4579)
29 Mar 08
I've done so much stuff to it in the last couple of days and it is working better so I've obviously got rid of some things but it's still not ok so there is definitely something still on it. I'll try scanning in safe mode first to see if that works but if not I'll try to repair it. Thanks for the link!
@Stiletto (4579)
30 Mar 08
Well I've tried scanning in safe mode and unfortunately it didn't work. It detects the infected files but can't quarantine them and I can't delete them. The combo fix thing scared me a bit when it came up with the stat about 1 in 100 pc's don't survive the procedure - or something like that anyway! I so don't want to reformat though. I'm going to try the combo fix now and if that doesn't work then it's the repair.
@sconibear (8016)
• United States
29 Mar 08
if you're going to go to the extreme of reformating or wiping clean your hard drive, i'd go ahead and try the combo fix you downloaded. just don't mess with it...let it run till it reboots your computer and gives you a report.
1 person likes this
@santuccie (3384)
• United States
30 Mar 08
When your scanners identify the files, take note of the names of these files and the paths to them. Since they can't be disinfected or quarantined in normal mode, you'll have to do battle with these parasites in safe mode. I see another poster has already recommended this. Before you try deleting files, I recommend you download and run AVG Anti-Spyware (formerly Ewido): http://www.ewido.net/en/ If some of your preexisting system services or drivers were modified by this malware, AVGAS would be one of your best bets at identifying and removing the infection without crippling your system. Run Norton again, and see what's left. Still in safe mode, navigate to the folder and delete the files named. Run HijackThis (I believe you mentioned in another comment that you've tried this already, or were about to), then save a log file. Post your log file in a forum like this one: http://www.whatthetech.com/hijackthis/ I'd just as soon tell you to post the log file here, but I'm not sure myLot would approve. If registry keys were left behind (most likely), it's possible the infection may come back. You may have to go through this process a second time in safe mode, using information gathered from your HJT logfile to remove the registry keys as well as the installed files to take this bugger down. If all else fails, do a repair install. Did you say you have a copy of a Microsoft Windows CD? You can restore your operating system without losing your applications, settings, or data: http://www.michaelstevenstech.com/XPrepairinstall.htm Good luck!
1 person likes this
@Stiletto (4579)
30 Mar 08
Well I've spent all day on it but finally it's gone (I hope!). I scanned in safe mode and it got some but not all of the infected files. I also downloaded AVG Anti-Spyware which removed a whole load of stuff but still not the files I wanted. No matter what I did it wouldn't let me do a repair install. In desperation I ran Combo Fix and it deleted a whole load of stuff. It was pretty scary though but at least my pc survived! So after another scan I managed to delete everything that was infected. Apparently what I had was something that Trend call cryp_tap_2 some sort of worm thing I think! It looks like it's gone now anyway. I'm not sure if everything is working perfectly but it seems to be ok so far. Thank you so much both of you for your help, I really appreciate it. I'm hopeless when it comes to stuff like this - I'm not technically minded at all.
@Stiletto (4579)
30 Mar 08
I'll do that progamer because the last thing I want is it reappearing! Actually those forums have lots of useful information anyway for someone who is as clueless as I am about these things. I've bookmarked them all. I suppose the positive is that I've found out about a whole lot of things I never even knew existed! Thanks again for all your help
@sconibear (8016)
• United States
30 Mar 08
just run the "combo fix" you already downloaded There's a 99.9999999% percent chance this will fix your problem. it's kinda scary, but i've used it on my own like 3 times now and never had any problems with it, and it knocked out the same kind of viruses you describe. if you're going to resort to restoring your operating system anyways, then no harm, no foul...
2 people like this
@Asylum (47893)
• Manchester, England
30 Mar 08
I was going to suggest System Restore, which is an easy way to "get out of jail" so to speak, but then I read that you had already tried this. It is not uncommon nowadays for a virus to disable System Restore. I do not know which virus you have and never use instant messenger programs myself, which makes it rather difficult for me to advise. If you have a floppy drive then you could try booting up onto a floppy boot disk and deleting the file through DOS, because the file will not be in use then. If the worst happens and you have to reformat, then consider making a complete backup of the system once you have reconfigured everything. With an external backup of a good installation it would be easier in the future to turn the clock back even without System Restore.
1 person likes this
@gabs8513 (48686)
• United Kingdom
29 Mar 08
I have not had to deal with it Sweetie but it has popped up on my Messenger and I just ignored it as I know the Person I was talking to had not sent it I am sorry this happened to you and I think the only way that you can sort this is by totally reformatting the Computer Have you tried the free Anti Virus Antivir? I have had that one on my Computer for 5 years and it is great But if that one does not work you will have to reformat
1 person likes this
@Stiletto (4579)
29 Mar 08
Hi Gabs - I haven't tried that anti-virus although in the last day or so I've downloaded that much stuff to try and fix this that I'm not sure what I've all got on this pc now lol! Will try that one too though xxx
1 person likes this
@gabs8513 (48686)
• United Kingdom
29 Mar 08
Just type Antivir into your Browser but do get rid of the others you downloaded because if you have to many on the Computer they will not work as good believe it or not, once you are on the Site just follow download Instructions if you need to know anything shout ok
1 person likes this
@theprogamer (10534)
• United States
29 Mar 08
Not so fast. Did you try my response Stilleto?
2 people like this
@itsmepinky (1300)
• India
29 Mar 08
I am not a computer genius , but i have experienced this several times. I got a virus from other sites & i had to format my pc many times. Maybe u can call u computer vendor & ask him to sort out the issue. All d best ~pinks~
1 person likes this
@Stiletto (4579)
29 Mar 08
I'm trying to avoid having to pay someone to sort it out but I may well end up having to do that lol! Thanks for responding itsmepinky.
@sconibear (8016)
• United States
29 Mar 08
go to "The Elder Geek.com" they can fix anything. just sign up (it's a free forum) and post your problem. they'll walk you through it step by step. it might take a few minutes for someone to reply, so just be patient. they'll probably tell you to download "hijack this" which is a scan that will give you a report that they'll want to see. hope it works out for you. these guys know computers and have got me out of a couple messes.
1 person likes this
@Stiletto (4579)
29 Mar 08
I've had a look at that site too - it's full of useful information for someone like me who doesn't know much about these things! I've tried a few things so far and it does seem to be working better but there's definitely still something on here so going to do the "hijack this" thing. Thanks!
@sconibear (8016)
• United States
29 Mar 08
no problem. i've had similar problems to what you mention (pages and pop ups that come up and drive you nuts) there's something out there called "combo fix" that pretty much will knock anything out, and i have ran it on my own with no problems (it changes minor settings that you can fix) but it comes with a warning that you should only use it with a pro. walking you through it, but like i said, iv'e used it with no ill effects. anyways, just thought i'd mention it.
1 person likes this
@Stiletto (4579)
29 Mar 08
well - I have downloaded Combo fix but haven't used it yet. Was a bit nervous of using it because it sounds pretty powerful! However, it's good to know you've used it and your pc survived lol!
@tigerdragon (4297)
• Philippines
21 Apr 08
since you are going to wipe your drive out then i would suggest that you store your files to another hard drive. if you are using as desktop pc then i would suggest that you get another hard drive and enslave it so the only one that would be infected if you get a virus again would be your drive c and not your drive d.
@suspenseful (40192)
• Canada
13 Aug 08
I got a virus a while ago and I had to reformat my computer to get rid of it and I was using AVG Anti-virus. I switched to another free one, not Avast and it worked. Oh and Norton did not get rid of that virus, excuse me trojan, either. I do not use the messengers, I talk by email. Even though you might feel a little impersonnal, I do not trust those messeges because the spammers use them mostly. So it might be that you have to reformat your computer.
13 Aug 08
hi plz help me my dad got rid of the virus but then it came back the thing we use said sorry a virus has been found now deleting all programes lucly i stoped it be for it deleted all my saved work and i saved internet explorer my dad said i did this to our pc i told my dad 2 fix it but he said i broke is my problem but i didn't can some one plz plz help me i am really worred i have nooooooooo money to my stuff 2 get rid of it and by the way i can not download or do any thing to help and i do not have all programes or word or any thing else plz help