| Archive for NEEPS North East Eco-friendly People's Site |
| Smooth Hound |
major virusi seem to have picked up major virus problems, so wont be on as its too difficult , i cant work out problem, so ill be back when ive got it sorted, and as i have no cash, that maybe sometime, |
||||||
| wildgarlic |
try downloading free software - avg, avast or similar or even download ubuntu and boot from that (would that help? Martin? Iain?)
Anyway - what are the symptoms? |
||||||
| Smooth Hound |
some personal antivirus thing with a yellow shield is telling me i tried it for 2 weeks  now my avg is giving me allerts as well every 5 secs , so ive got to clear it, so this is a nightmare writingthis, i have free avg , says its active, i also have the extra 24 pound identity thing from them,
and i dont know what rebbot means ive heard it said, but really havent a clue, the avg warning is a security allert, with a list, ive tried doing what they say, but it confuses me, cause its not working,
its a multiple threat and its a shield alert, from avg, and it suggests clearing one at a time, but i really just dont understand this, some of the threats say to rebbot though. someone please explain. |
||||||
| wildgarlic |
It's very possible that it is from Farm Town as lots of users have been claiming the same. Is it spyware protect 2009 that pops up?
http://www.xp-vista.com/spyware-removal/spyware-protect-2009-removal |
||||||
| Smooth Hound |
i did think that actually, what should i do | ||||||
| Smooth Hound |
ok i think i can do it, but one thing, how do i reboot | ||||||
| Sassinak |
Reboot basically means switch your machine off completely and then restart it | ||||||
| Smooth Hound |
so just shutting down and starting again, right, ta | ||||||
| IainC |
http://www.microsoft.com/security/malwareremove/default.aspx
Try downloading that and running it and see if it helps. We had a trojan get onto a machine at work, despite the right anti virus being in place, etc. Sounds like a similar kind of one, not only do you get bothered by all kinds of things, your PC is actually spamming the world (if it's the same one), we picked up on the machine firing a heap of email out. The MS removal tool sorted it out though. |
||||||
| Smooth Hound |
thanks folks things are in progress, major one this one i think, but im getting there 
|
||||||
| baldowrie |
Don't know what version you are running on but if appropriate do not forget to turn off your system restore before turning off after getting rid of the virus, turn it on again when you next boot up. Virus often get themselves into the system restore and lay in wait for next time you switch on. | ||||||
| IainC |
Yup, definitely. |
||||||
| Smooth Hound |
many hours later i return, ive downloaded a few things, and i did the one you gave mme ian, that ran about 2 3rds of the way through then froze, i had to shutdown, and reboot  see i know the jargon. anyway, ive got rid of that bloody thing with a orange shield blocking my screen, 
and aparantly my viruses are isolated in a vault somewhere until such time as i make a decision on what im doing i would imagine that means money, but at least its okay now 
thanks everybody |
||||||
| baldowrie |
No just a place on your computer they are held where theoretically they can do no harm until you delete or repair them. You should be able to view the infected files (titles and position only) and find out what virus it was by looking at you antivirus logs or virus vault. Then you can do what ever is necessary to get rid of it. What antivirus are you using? Just seen you have avg free, are they still doing that? My free avg on my computers was ceased a while back as they were no longer doing it and I am too tight fisted to pay for it . I use avast now.
|
||||||
| IainC |
Am pretty sure you can still get a free version of AVG, just it's called something slightly different now IIRC.
Regular scans of your machine using various anti spam, spybot and anti virus software is the way to go. There seem to be plenty of "things" out there that can bypass some resident software, esp if you have system restore turned on, 'cos the AV doesn't check in there. Never get the false sense of security that you have AV installed therefore you DON'T have a virus or anything. |
||||||
| baldowrie |
I update and scan daily, so far so good all virus's stopped at source | ||||||
| Smooth Hound |
yes still get it free , but for the identity bit you have to pay additional, i do have a list of the viruses, but i think ill wait till someone with a bit of know how can take a look, still got problems, but at least its working, and im not having to clear the bogus antivirus one every few seconds ones things for sure no more neighbours on farmtown, unless , apart from people i know, although im fed up with farmtown now anyway
|
||||||
| IainC |
Fire up a list of the ones that you supposedly have and we can take a look, see if we can help.
Another thing you could try is do a search online for "McAfee Stinger" It's a free download and can detect/remove a number of viruses. Might be worth running it as well as the MS tool. Get Spybot S&D, Lavasoft Ad-Aware and try running these to see what they detect. Also, if it's a windows PC, open the task manager and see what all is running in the processes tab. I'd also take the chance to empty your TEMP folders and internet cache, etc as they quite often sit in there as well. |
||||||
| Smooth Hound |
ok, to start with my window security centre is switched off, when i press the switch on thing, it comes up saying the security service cant be started | ||||||
| Smooth Hound |
how do i empty my cache and temporary files, im using google chrome | ||||||
| IainC |
Quite a lot of the more recent viruses manage to disable your existing AV or stop it from starting. | ||||||
| IainC |
http://www.google.com/support/chr...swer.py?answer=95582&hl=en_GB |
||||||
| Smooth Hound |
ok done the clearing.
the virus with an elevated risk level, is ardware.websearch_toolbar there seems to be 3 of them |
||||||
| Smooth Hound |
thats according to the pc tools spy work doctor | ||||||
| Smooth Hound |
theres also trojan.agent.vg
theres 6 of them and they are medium risk |
||||||
| Smooth Hound |
everything seems to be working fine now though maybe it was the clearing i did
|
||||||
| IainC |
You could try downloading the free version of this.
http://www.malwarebytes.org/mbam.php Which might help a bit more. The PC Tools thing looks to have a download as well which claims to clear it, not sure if it's a pay for thing or not though? |
||||||
| Smooth Hound |
im giving it another scan with the spy doctor, see i these things are still here today. | ||||||
| IainC |
Everything can look like it's running fine (ie no pop ups) but you can still be infected and spamming the world with dodgy email (esp those from your own contact list), or depending on the trojan, it could be running a keylogger program and sending all the info you are typing back to the creator of the trojan (who's looking for your banking details/sites). The Malwarebytes thing claims to be able to clear that other infection though so I'd download it and run it. Clearing up after trojans and viruses can be a long and tedious PITA... depending on how bad it is, it's sometimes as quick and easy to completely rebuild the machine from scratch, although that can be a bigger PITA if you don't have all the drivers, etc. |
||||||
| Smooth Hound |
yea you have to pay to clear it, unfortunately, but it does tell you what youve got, | ||||||
| IainC |
I never bother with those kinds of tools, there is almost always a way to clear it for free. If you do use a tool like that, take a note of the names of the viruses and then do a search on how to remove them manually. Sometimes it includes wading into the registry, etc but it's normally fairly straight forward and they normally include fairly comprehensive instructions to follow. |
||||||
| Smooth Hound |
wont download the malware thing,
is it worth me paying 29 quid to the spy doctor to sort it, or will they take the money and then say they cant be cleared. |
||||||
| IainC |
How won't it download the malware thing?
I wouldn't pay to clear it, but it's up to you. |
||||||
| Martin |
DON'T pay Spy Doctor, it is a blatant con!
http://forums.cnet.com/5208-6138_102-0.html?threadID=231856 They are the sort of company that probably "infected" your computer in the first place - use Microsnot tools or AVG or Avast.... THEN migrate to Ubuntu pdq! |
||||||
| Smooth Hound |
it takes me right the way through, and then says a problem caused theprogramme to stop working, windows willclose programme and notify of solution, but no solution comes up |
||||||
| Smooth Hound |
i was concerned about that, ta ill leave it, but i do have avg free plus the extra identity seccurity already |
||||||
| Martin |
waaaaay back in the old days, when I ran sad old virus-ridden Windoze, I had a trojan, and tried every free download going, nothing worked - eventually I just ran a "Full scan" of AVG which sorted it completely (takes quite awhile, but works a treat!) | ||||||
| baldowrie |
have you looked in your C drive to see if any of your programmes are fading, i.e. not as bright as the other folders?
A virus can stop you downloading other antivirus software or such to try and get rid of it. Still not said what platform you are running on XP, Vista??????? If all else fails you might be able to reload windows but you will loose a lot you have on the computer if not all. The Stringer is a good one, download it to a disk for future use too |
||||||
| IainC |
The Stinger app gets regularly updated, so is only really of any good use within a month or two of being downloaded.
Like I say, have a look in the task manager and see what all is running, quite often the virus is pretty damn obvious to spot (ie _08.exe or something) so by killing off the process, you can then sort it out better. |
||||||
| baldowrie |
Interesting to know, long time since I have needed it. Although I did find that loading it on to a disk did help because at the time I couldn't download or even get on the internet because of the virus I had at the time. |
||||||
| IainC |
Yeah, was gonna say, that sometimes even having an out of date one can help if you happen to be infected with one that it has the definitions of. | ||||||
| Smooth Hound |
i think it is something to do with my google installer not working |
||||||
| Smooth Hound |
vista |
||||||
| IainC |
So you've not even been able to download the program? or it's when you try to install the program that you get the error? PM me your email address and I can email you the file if you need it. Iain. |
||||||
| Smooth Hound |
pmed
c looks ok, nothing faded, but theres been nothing on there since 2008
|
||||||
| Smooth Hound |
ive a full avg computor scan going now, so ill let you know what happens with that when its finished | ||||||
| BikeOnBye |
If you want to try a Malware programme try Malwarebytes' Anti-Malware it is a bit slow to load, but once it is loaded you can do a scan of the vital areas or a full scan.
You do have to Update the FREE version by yourself, but it is a small inconvenience. This programme saved someone a lot of trouble reinstalling Windows, it found something that their Anti-Virus didn't. After running the programme it all worked again. No other programme found it that he tried. |
||||||
| IainC |
I emailed him that plus the latest stinger that I'd downloaded. With a bit of luck he's managed to get sorted, but was getting some UAC errors when it was scanning earlier. Gave him some instructions on disabling UAC for now as well to see if it helped at all. | ||||||
| niceguyrichy |
sounds like you'd just be easier backing up anything important and wiping / clean install.
you not got a portable hdd ? |
||||||
| Smooth Hound |
i have i think, an external harddrive, but saying that, ive not got anything but my photos of any importance, so im not too worried about losing stuff, ive a few addresses i coujust right down,
can that be done then |
||||||
| MJ |
Just like like to say thanks for all the info on here. My work computer started misbehaving on tue, by wed I couldn't get online. suggestions on here kept me going. after 3hrs today (large amount of that time was scanning and cleaning computer, downloading on/off pen drive) I now have a working computer with full internet connection - YAY! Still trying to figure out where threatfire was hiding, but can only figure it was bundled in with the Spyware doctor. Really have come to hate PC Tools. 2 more computers to do tomorrow... | ||||||
| IainC |
Virus really are a complete PITA.
Only today on my own works machine, I was nearly infected, although my AV caught it. Was browsing the 'net... put in the wrong suffix for a domain I was looking at (.com instead of .co.uk) and it bounced me to a site I didn't know, went to the original one and then on to autotrader.co.uk and then next thing up popped the AV software having caught something. Dunno which of the three sites it was from, but I'm guessing the odd one that I went to by mistake. In all three cases though none of them were "dodgy" sites or even looked iffy, so it's easy to see how machines can get compromised. |
||||||
| Smooth Hound |
ive a friend looking over this at the weekend, ive improved it, but its not right 
|
||||||
| Smooth Hound |
if it says right click the my computor icon, where is that , i cant find it to click | ||||||
| baldowrie |
vista doesn't have an icon as such. Left click the start icon bottom left hand corner, then on the list will come up the word computer...what is it that the programme wants you to look into? | ||||||
| Smooth Hound |
a ucad trojan 
|
||||||
| Smooth Hound |
cant see the word computor in the start menu either
|
||||||
| IainC |
Does it want you to right click and select properties or manage?
If it's properties then go to the control panel and open the SYSTEM icon. The Advanced system settings there will get you to where you need to go. If it's manage, then just type COMPUTER in the search bar in Vista, you should see both COMPUTER and COMPUTER MANAGEMENT come up, select the management one. |
||||||
| Smooth Hound |
on there now, but now it says click properties, and there isnt one. grrrrr 
|
||||||
| Smooth Hound |
ive opened the system icon, thats it thiugh, no properties | ||||||
| Smooth Hound |
this what im attempting.
right click My computer icon on your Start button menu. Click Properties. Click Hardware Tab. Click Device Manager. In the top menu, click View and click Show Hidden Drivers. Scroll down to non Plug and Play drivers. Click + at left. In the list of drivers right click UACd.sys. Click Disable. Click YES for confirm. Close all windows and reboot your computer. Step 2: Delete UACd.sys trojan driver and malware files. Download Avenger from here and unzip to your desktop. Run Avenger, copy,then paste the following text in Input script Box: Drivers to delete: UACd.sys Files to delete: C:\WINDOWS\system32\wJQs.exe Then click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes. Your PC will now be rebooted. Step 3: Remove UACd.sys trojan files and any associated malware. Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans. Once downloaded, close all programs and Windows on your computer (including this one). Double-click on the icon named mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select “Perform Quick Scan”, then click Scan. MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. MBAM will now delete all of the files and registry keys and add them to the quarantine. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. UACd.sys trojan creates the following files. %System%\uacinit.dll %System%\drivers\UAC[RANDOM CHARACTERS].sys %System%\UAC[RANDOM CHARACTERS].dll %System%\UAC[RANDOM CHARACTERS].log %System%\UAC[RANDOM CHARACTERS].dat %Temp%\tmp[RANDOM NUMBERS].tmp If you need help with the instructions, then post your questions in our Spyware Removal |
||||||
| Smooth Hound |
so far i havent found properties  
god save me
|
||||||
| Smooth Hound |
if you need help with the instructions, then post your questions in our Spyware Removal
questions, are you f g joking
|
||||||
| MJ |
okay just gone through most of that, couple of ways. will try to talk through the way I've done it on vista 32 | ||||||
| Smooth Hound |
|
||||||
| MJ |
right click on computer in start menu will bring up properties (last option in pop up menu).
Scrub that - IanC's way gets you somewhere else. It was my own way to get there in computer menu you can pick system properties on the top menu bar. |
||||||
| MJ |
device manager on left handside (1st option) | ||||||
| Smooth Hound |
ok, got that | ||||||
| MJ |
now I figure on my computer the option required is system devices, maybe wrong. but have a look
no I missed a step sorry |
||||||
| Smooth Hound |
i dont want to say this but now it says click hardware tab, and i cant see it
|
||||||
| MJ |
in view show hidden devices, 4 option, non plug and play does indeed pop up | ||||||
| MJ |
there is no hardware tab it's just the blue bit(in my colour scheme) | ||||||
| Smooth Hound |
ive done the properties , thats as far as ive gone whats my next step
|
||||||
| MJ |
the bit on the left 1st option under tasks - device manager | ||||||
| Smooth Hound |
ok im on device manager
|
||||||
| MJ |
then view which is a drop down menu at the top. | ||||||
| MJ |
show hidden devices. then you expand the non plug and play drivers - WARNING it's a huge selection in there | ||||||
| Smooth Hound |
cant see any dro down menus, theres just an index | ||||||
| MJ |
okay now right click - choose properties | ||||||
| MJ |
drop down menus include file, action, veiw and help just above the back and forward arrows, show/hide buttons etc | ||||||
| Smooth Hound |
that option isnt there | ||||||
| MJ |
any luck? | ||||||
| MJ |
what options/buttons does it give you? | ||||||
| Smooth Hound |
no, just not like it should be it never bloody is i dont know if i can go on tonight, im grateful for your help, but ive had enough , i think,
|
||||||
| MJ |
okay, take a walk, I usually find that helps, just to get my head away.
But your orginal instructions are misleading. will try and work on them, and re post on here. because that's just not how vista 32 works. |
||||||
| Smooth Hound |
thanks
|
||||||
| MJ |
right click “Computer” Start button menu.
Click “Properties” – last option in pop up menu Click “Device Manager” 1st option under “Tasks” on left hand side of window From the top menu, click “View” and click “Show Hidden Drivers” in drop down menu – 2nd option from bottom/above “customize”. Scroll down to “non Plug and Play drivers”. Click “+” at left. In the list of drivers right click “UACd.sys”. Click “Properties” Click “Driver” tab Click “Stop” button Click "Ok" to close “UACd.sys properties” window now you can either follow orginal instruction or I maybe tempted to just right click the file again and uninstall - I am not a techie, I cannot tell you how effective this would be. But with the instuctions that follow this is not the only file that needs to be removed. |
||||||
| Smooth Hound |
right im back, | ||||||
| Smooth Hound |
mm do you think i need a professional to look at this | ||||||
| MJ |
sorry child stole laptop.
I usually just grab the nearest computer geek. problem is they all now do that whistling through the teeth and the "vista, ooh don't do vista" thing. I like vista, was looking forward to 7, until found my "free upgrade" doesn't count as 7 isn't an "upgrade" anyway rambling. going to figure out if/how I can do some screen shots. |
||||||
| MJ |
okay does your device manager look like this? |
||||||
| Sassinak |
I'm sorry to laugh, but I've been in stitches here. It is just like I was when trying to sort out a friend that I'd set up with a PC.
She rang to say that the mouse wasn't working properly. After much chat, I evventually diagnosed that she had the buttons reversed. i know that it is an option for left handed people, but couldn't figure out how on earth she had managed to switch it over. I said I would ring back once I had done as you have and made a step by step recovery procedure for her. I never thought to ask something as basic as "which way round are you holding the mouse ?" She had the mouse back to front. So left was right and so forth. LOL |
||||||
| MJ |
this is the drop down menu button you need. Haven't marked it (hate using paint) but you'll see the icon used for the "non plug and play drivers" |
||||||
| Martin |
sorry, couldn't resist.......... screenshot? - doddle - Applications - Accessories - Take screen shot.......
Viruses........ don't be silly - running Ubuntu! 
|
||||||
| Smooth Hound |
i get as far as driver tab, but the stop button wont be pressed | ||||||
| MJ |
fn insert usually works quite well too.
the old ways are usually the best, just sometimes folk remove my favourite shortcut keys. Great growing up in the eighties you learn not to rely on the mouse (schools never had 1 per computer until late nineties), saves fiddling with a laptop pointers or plugging in a mouse. |
||||||
| Smooth Hound |
the only option i have is to press ok, start and stop wont press | ||||||
| Smooth Hound |
fn insert ??? | ||||||
| baldowrie |
you still not sorted SH!
Think I would have put my start up disk in and started it again...wipe the lot |
||||||
| Smooth Hound |
where do i get a startup disk, ill do that. or is it on here somewhere
|