Pop ups/virus
#887432
05/13/13 03:39 PM
05/13/13 03:39 PM
|
Joined: Nov 2008
Posts: 1,013 Kent UK
monbron
OP
Addicted Boomer
|
OP
Addicted Boomer
Joined: Nov 2008
Posts: 1,013
Kent UK
|
I am having a peculiar problem and it happens a lot with GB, I am getting random pop ups asking me to complete a questionaire and also a chance to win an I pod, also with GB, on the forum certain words are underlined in yellow and if I hover the mouse on them it would take me to another site which Malwarebites promptly blocks I think it says iexplore.exe. I have Micorsoft Security Essentials and Malwarebites, I also have c cleaner and revo uninstaller, I have run full scans and looked in uninstaller to see it there is something I don't recognise but nada. I am guessing that I have picked something up but cannot seem to get rid of it - any ideas PLEASE.
|
|
|
Re: Pop ups/virus
[Re: monbron]
#887440
05/13/13 04:54 PM
05/13/13 04:54 PM
|
Joined: Oct 2000
Posts: 40,644 southeast USA
Jenny100
GB Reviewer Glitches Moderator
|
GB Reviewer Glitches Moderator
Sonic Boomer
Joined: Oct 2000
Posts: 40,644
southeast USA
|
The first thing to do is empty your browser cache. Sometimes that's all it takes. If the malware got past your antivirus and MalwareBytes, you probably need to have your drive scanned from an uninfected operating system. That could mean using a boot CD with an antivirus, like the Kaspersky Rescue Disk, or removing your hard drive and attaching it as a secondary drive to an uninfected computer that has an updated version of an antivirus already installed on it. Burning a Kaspersky Rescue Disc from an infected computer is probably not a good idea, but if you have a second computer maybe you could burn one from that. http://support.kaspersky.com/us/viruses/rescuediskIf you've never burned an .iso file, or set your computer to boot from the CD drive instead of the hard drive in the BIOS Setup, you may want to just take it somewhere for a professional cleaning. Even if you manage to boot from the Kaspersky CD, you have to remember to download updates before running it or it won't find anything. YouTube has some videos on how to use it, if you want to search there. Attaching your hard drive to an uninfected computer involves removing the hard drive and attaching it to another one, either by attaching it to a SATA cable connected to that computer or by putting it in a removable drive case. I'm not sure if you'd be comfortable doing that. Once a virus infects, it may have the ability to control what your antivirus is able to do. So you can't trust your antivirus when that happens. Nor can you trust anything that is installed after the infection -- unless you know enough about what type of infection you have and what it is capable of doing. You may want to consider reformatting and reinstalling Windows if you have a Windows CD. If your computer has a "rescue partition," it may or may not be infected. I don't know what your particular malware would be called. But if someone else knows what it is, there may be other ways of getting rid of it. It may be relatively easy to remove once you know what it is and can look up removal instructions.
|
|
|
Re: Pop ups/virus
[Re: monbron]
#887451
05/13/13 07:08 PM
05/13/13 07:08 PM
|
Joined: Jun 2005
Posts: 20,115 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,115
Near St. Louis, MO
|
Someone else recently had an issue with the underlined words and links and traveler/Gil linked to a fix that worked. Can't remember who had the problem though.
Once again, weeds are my life!
|
|
|
Re: Pop ups/virus
[Re: monbron]
#887453
05/13/13 07:22 PM
05/13/13 07:22 PM
|
Joined: Oct 2000
Posts: 40,644 southeast USA
Jenny100
GB Reviewer Glitches Moderator
|
GB Reviewer Glitches Moderator
Sonic Boomer
Joined: Oct 2000
Posts: 40,644
southeast USA
|
You're right, Draclvr. I think it was oldman in ***this thread***. If that's the problem Monbron has, it's not as serious as I thought.
|
|
|
Re: Pop ups/virus
[Re: monbron]
#887475
05/13/13 10:11 PM
05/13/13 10:11 PM
|
Joined: Jun 2005
Posts: 20,115 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,115
Near St. Louis, MO
|
It might still be serious... good information in your post above just in case. Maybe monbron will get lucky and the fix will be simply. And of course, I'd forgotten that it was Lanlynk that had posted the potential fix.
Once again, weeds are my life!
|
|
|
Re: Pop ups/virus
[Re: monbron]
#887534
05/14/13 08:15 AM
05/14/13 08:15 AM
|
Joined: Oct 2000
Posts: 40,644 southeast USA
Jenny100
GB Reviewer Glitches Moderator
|
GB Reviewer Glitches Moderator
Sonic Boomer
Joined: Oct 2000
Posts: 40,644
southeast USA
|
The best site for Spybot is http://www.safer-networking.org/Download from here http://www.safer-networking.org/dl/The advantage of Spybot is that they have a separate download for the definitions -- what they call "Detection updates for Spybot" and it is usually updated daily. The most effective way to use Spybot requires the use of the command line. Download both the installer and the definitions update using an uninfected computer, then transfer the two files to a USB drive. Reboot the infected computer to "Command Line Only." Insert the USB drive in the infected computer and copy the files to the infected computer's hard drive using the command line. Install Spybot using the command line, but do not run it yet. Install the definitions update (also an .exe file) and now you can run Spybot. More stuff (possibly infected stuff) is running in the background in "Command Line with Networking" than with "Command Line Only," and most antivirus can't update their definitions without network access. But Spybot's definitions update allows you to update without network access. The reason for using "Command Line Only" is that drivers and startup programs (including many viruses) don't start in "Command Line Only." If you install Spybot (or any other antivirus or anti-malware program) from the Windows desktop, the virus will be active and can infect it as it installs and cripple it so it can't detect the virus. Of course your particular malware may not require this much fuss to remove. But for stubborn infections where you don't know what virus/malware you have, it's better to run Spybot from the Command Line.
|
|
|
Re: Pop ups/virus
[Re: monbron]
#887858
05/15/13 07:07 PM
05/15/13 07:07 PM
|
Joined: Oct 2000
Posts: 40,644 southeast USA
Jenny100
GB Reviewer Glitches Moderator
|
GB Reviewer Glitches Moderator
Sonic Boomer
Joined: Oct 2000
Posts: 40,644
southeast USA
|
I apologize for not answering earlier, Monbron. I've been away all day.
I'll assume you're starting at the C: prompt and not in a subfolder like C:\WINDOWS>_. If not, type
CD \
and you should get to C:\>_
The first step is to transfer the files to your infected computer from your USB drive, which you don't want to do until you boot to the Command Line. Anything that is copied while the full Windows is running could be infected by the virus as you copy it over -- and may infect your USB drive too. So wait until you're at the Command Line, then plug in the USB drive.
Of course it isn't obvious what letter your USB drive will use at the Command Line. I'd guess it would be E: or F: but it could be something else.
The easiest way I know to find out what the drive letter for the USB drive is is to use DIR to list the contents. Try
DIR E: or DIR F: until you find it. When you find the right drive letter, it will list the contents of your USB drive.
Let's say it turned out to be F: Now you want to copy the files from your USB drive to your sick computer's C: drive.
First, switch to the F: drive. You'd do this by entering F:
You should see something like F:\> when you're done.
Now enter the line COPY spybotsd*.* C:
That should copy both files to C: drive.
Switch back to C: by entering C:
You can check if the files made it over by entering DIR and the files should be listed along with your other files.
To run the Spybot installer, type
Spybotsd2.exe
and follow the prompts to install. Don't let it scan yet. Just exit it when it's installed.
Now run the update file. Enter
Spybotsd_includes.exe
and follow the prompts to update Spybot with the latest definitions.
Once that's done, you can run Spybot. Unfortunately, this means you have to change to the folder where Spybot installed before running it so you can't just enter SpybotSD.exe from where you are. On a 32bit Windows, it would install in C:\Program Files and you'd type
"C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe"
On a 64bit Windows, it might install in C:\Program Files (x86) instead of C:\Program Files. If so, you'd type
"C:\Program Files (x86)\Spybot – Search & Destroy\SpybotSD.exe"
The quick way to type out long file and folder names at the Windows Command Line is to type the first few letters of the file or folder name and use the TAB key. This is also more accurate for files and folders that contain weird characters, like the dash in the Spybot folder name. So you'd type
"C:\Prog and then the TAB key to fill in "C:\Program Files"
If you want C:\Program Files (x86) you'd just use the tab key twice instead of once.
Say you're at "C:\Program Files (x86)"
First you want to remove that quote mark Windows put at the end and add a backslash
"C:\Program Files (x86)\ now you can type the letters spy and use the TAB key again, and Windows should fill it in like this
"C:\Program Files (x86)\Spybot – Search & Destroy"
(that's assuming you have 64-bit Windows and Spybot installed in your C:\Program Files (x86) folder)
To finish the command, you'd backspace to get rid of the quote, add a backslash, and spybotsd.exe" to get
"C:\Program Files (x86)\Spybot – Search & Destroy\SpybotSD.exe"
Remember that the Windows Command Line doesn't care about capital or lower case letters, but it does care about spaces, which is why you need the quote marks at the front and the end of the line.
Alternatively you could CD to the Spybot folder and just type Spybotsd
From C:\> CD Prog TAB key CD Spy TAB key
If it locates the folder, enter Spybotsd.exe to start Spybot.
If it can't find the Spybot folder, it's probably in C:\Program Files (x86) instead of C:\Program Files, so you'd type CD .. to back out of the C:\Program Files folder CD Prog TAB key twice to go to C:\Program Files (x86) CD Spy TAB key Spybotsd.exe
If you get lost, you can always return to C: by typing
CD \
By the way, the .exe on the end of Spybotsd.exe is probably optional. Unless there's another executable Spybotsd file in the Spybot folder, like a Spybotsd.bat, Windows will automatically run Spybotsd.exe if you only type Spybotsd
Once Spybot has run, you can reboot the computer from the command line using
shutdown /r
I didn't mean for this to turn into a lesson in using the command line, but it looks like that's what happened.
|
|
|
|
|