|
|
Post by daisy on Feb 19, 2009 15:17:24 GMT -5
Wednesday 2/18/2009
one of my friends got a virus on his desktop dell computer
i have been spending the last two days helping him get rid of it
now i believe a computer programmer wrote a loop program
to intentionally disable the desktop, disable the task manager,
lock up internet explorer and lock up windows explorer
this malicious software (loop) program is called antivirus xp pro 2009
(get it pro - for computer pro-grammer or pro-fessional)
so far doing searches for this malicious program does not find anything
(maybe because it was created as a hidden program with hidden files ?)
but this antivirus xp pro 2009 - malicious rogue virus program
gets into your computer search function too
and makes internet explorer pop up when you do computer searches
it also gets into your system files so when you try to open system files it makes internet explorer pop up too
internet explorer pops open with the name of the virus in the address bar
while blocking the internet explorer browsers from connecting too
(this maliciuos program's claim to fame being
having its name antivirus xp pro 2009
up in lights in the internet explorer address bar)
it looks as though the nasty little bug is shy and won't allow a hookup to a site that may discover it and it won't allow 'explorer.exe' and 'iexplore.exe' to operate under their own name - but as aliases
i helped unlock windows explorer by going in the registry
and deleting a value - debugging common shared shost.exe file
that was in explorer exe
(my hp laptop does not have this explorer exe - here in my registry
but my friend's desktop personal computer has the explorer exe)
Thanks, and also to everyone else for the info here. This was one heck of a problem. To restore windows ability to gain access to explorer.exe and iexplore .exe please remove the values in the following registry keys:
(except of course not the first default value)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exediscussions.virtualdr.com/showthread.php?t=189663__
|
|
|
|
Post by daisy on Feb 19, 2009 15:20:29 GMT -5
also by deleting all the tsr startup programs that were running in the background of microsoft windows
(except of course the first default value - don't ever delete them)
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT...
\WINDOWS\CURRENTVERSION\RUN
If you locate the program that is loading, simply delete this program from the above key (do not delete any other files from any other keys)
How to remove TSRs / Startup programswww.computerhope.com/issues/chtsr.htm___
|
|
|
|
Post by daisy on Feb 19, 2009 15:53:59 GMT -5
this computer programmer's virus is so bad on my friend's computer
so i could only do
start - run - regedit - to get to the registry - in (F8) safe mode
i could also only do a scan in (F8) safe mode with command prompt
(type) chkdsk in command prompt to do a scan
i also tried to clean the virus out and keep the computer from being bogged down by
cleaning out the temporary folder
start - run - (type) %TEMP% - press enter
to get to the temporary folder and delete everything out of itpcsupport.about.com/od/maintenance/ht/manualtempxp.htm__
|
|
|
|
Post by daisy on Feb 19, 2009 16:10:14 GMT -5
|
|
|
|
Post by daisy on Feb 19, 2009 19:25:46 GMT -5
Thursday 2/19/2009
oh gosh - all those (too many) tsr startup running programs
are right back in the run registry - again
helping the windows explorer not come on - again
i am not sure why because the startup folder is empty
i am sick of messing with it
i don't feel like having to go back on it to take all that stuff off - again
over and over
so i told my friend to take his computer to
cherrys computer repair service - maybe they can fix it
and get the virus all the way off of it - once and for all
hey man - i ain't no computer repair shop
System Configuration Utility also known as msconfig
Note: This section is only for Windows XP users.
To disable programs from automatically loading, follow the below instructions.
1. Click Start / Run / Type msconfig and press enter.
2. This will open the "System Configuration Utility" window.
3. Within this window click the "Startup",
uncheck each of the startup tasks you no longer wish to load.
i check on - disable all
If you are uncertain what startup programs are causing your issues, try un-checking all of the items and then slowly start checking each of the items until you determine the source of your issue.www.vsnsoft.org/chtsr.htm___
|
|
|
|
Post by daisy on Feb 19, 2009 20:51:42 GMT -5
|
|
|
|
Post by daisy on Feb 19, 2009 22:25:23 GMT -5
Thursday 2/19/2009
so now my friend has started aggravating me to help him fix his computer
and/or save his computer from this virus
oh gosh now he is asking me what is a dor file
so i told him
i don't know honey guess its something else you might have to look up
hey like i said - i ain't no computer repair shop
do this, do that, where's my cinderella at ?
i no longer want to be cinderella
(i am getting sleepy now) - now i want to be sleeping beauty
and if i didn't have anybody agitating me
then i could just sleep all day - like sleeping beauty
but i have come to the conclusion that this is the virus problem that he is having with his desktop dell computer
Computer Infection
A Vundo infection is typically caused either by opening an e-mail attachment carrying the trojan, or through a variety of browser exploits,
including vulnerabilities in popular browser plug-ins, such as Java.
Many of the popups advertise fraudulent programs including (but not limited to) Sysprotect, Storage Protector, AntiSpywareMaster, WinFixer, AntiVirus 2009, and AntiVirus 360.
There are two main components to the
Virtumonde.dll file: Browser Helper Objects and Class ID.
Each of these components are in the Windows Registry under Local Machine, and the file names are dynamic.
It attaches to the system using bogus Browser Helper Objects and DLL files attached to Winlogon and Explorer.exe. Some recent variants have begun attaching to lsass.exe instead of winlogon.exe.
[1] According to Spybot - Search & Destroy scans,
there are two Virtumonde.prx files and one Virtumonde.dll file
located in the Windows Registry as well as the system32 directory.
[2] The hosts file may also have an entry for browser-security.microsoft.com.en.wikipedia.org/wiki/Vundo
www.bleepingcomputer.com/malware-removal/remove-vundo-virtumonde___
|
|
|
|
Post by daisy on Feb 20, 2009 0:04:13 GMT -5
|
|
|
|
Post by daisy on Feb 20, 2009 5:17:05 GMT -5
Malware Removal BOT
this is my favorite anti-spyware program to use
(but it doesn't remove anything unless you pay money)
but it works so good that i just do free scans and free rescan
(with the one i downloaded)
just to get the list of where the viruses are
then i go remove the virus manually - myself
it works out great for me so far
because now i keep my viruses down to 0 infected
heres a download page for it
Malware Removal BOTwww.malwareremovalbot.com/download.phpthis is my second favorite anti-spyware program
its works almost as good as malware removal bot
Malwarebytes' Anti-Malwarewww.download.com/3001-8022_4-10804572.html?spi=72f9434acb960b08df9781066e068e2a&part=dl-10804572____
|
|
|
|
Post by daisy on Feb 20, 2009 13:21:42 GMT -5
Friday 2/20/2009
using Malware Removal BOT
i figured out that
a lot of his viruses came from viewpoint music player
yes - the viewpoint music player exe - itself
along with most of the viewpoint files were covered in viruses
he did in fact have the vundo virus in his computer registry
and also in his win.ini and system.ini files (along with many other viruses too)
Malware Removal BOT showed that his computer was ate up in viruses
his dell computer had 314 viruses
mostly vundo virus, rouge virus, trojan virus, dishonest adaware malware,
the (double) click virus, etc...
rogue viruses were in his system files
trojan viruses were in his root registry
it did look almost like
his computer was contaminated with great big cockroaches
malware is sometimes known as a computer contaminant
well now to me there is
no controversary as to weather viewpoint media player is spyware
to me viewpoint media player is more than just spyware
because using Malware Removal BOT - i saw for myself that
viewpoint media player is infested with viruses
when i deleted all those viruses off this one machine
it locked up the windows welcome logo - again
so the windows explorer wouldn't come back on - again
it had already been locking up the windows welcome logo
for 2 days already
but for 2 days already now
i have been using dos command to regedit into the registry
* to delete all the extra trs values in run
* to delete the debugging value off of explorer exe
to make windows explorer come back on
now i still had to (F5) that again because
many sophisticated virus writers can make their malicious code resistant to deletion and can even propagate when the user tries to delete them
now he needs to recheck again to makes sure
the whole computer is sterilized clean from all those viruses
then he still needs to reinstall windows xp
because all those tons of viruses contaminated so many of his system files
so i mean this is why it is not a good idea to try to help people fix their computers because they expect their computer to be just like new again
but after you get tons of (like 314) viruses off of one computer
then guess what - the computer is still broke
from all the damages the viruses did to it
so they still have to do a clean install of their operating system
before their computer could be like new again
so now i feel like it was all for nothing because
my friend does not have an xp operating system disk
to reinstall his version of his operating system
so until he gets one - his computer is still broke - damaged from the viruses
yet now he blames me by saying
well my computer is still broke - so thanks for nothing
while i am thinking
well at least if his sorry ass ever does get an operating system disk
to reinstall his windows operating system
well then at least now it will be a clean (virus free) install
(oh yeah and also as usual - what an ungrateful sob)
he even tried to pull that scam on me about
well since you worked on my computer and my computer is still broke
then you ought to have to pay to get it fixed (yeah sure in your dreams)
his computer has been broke from day one
where many viruses had already contaminated his system files
so i really didn't like him even thinking about
trying to pull that watermelon con scam on me
not much of a friend - that kept me helping him for 3 days
then as usual
the more i did for him and his computer - the worser he treated me
(and you already know how
narcissists are always - already looking for someone else to blame)
that is why i always keep telling myself how
i won't be trying to help anyone else fix an already broken (piece of junk)
already contaminated computer anymore
unless they definitely already have a reinstall operating system disk for it
the main reason he had all these (314) viruses on his computer
is because he had not kept his computer strong and updated - any at allspyware.factexpert.com/1207-spyware-viewpoint.php
en.wikipedia.org/wiki/Malware
support.microsoft.com/kb/310560
en.kioskea.net/forum/affich-13643-upon-start-up-only-wallpaper-shows-no-icons___
|
|
|
|
Post by daisy on Feb 20, 2009 15:00:19 GMT -5
Friday 2/20/2009
yes it was - all for nothing
because now all i got was - one big headache
(well my headache might be from the heater)
now the only good thing is that
i have a big bottle of (non-aspirin) pain relief pills
cool file checker - start - run - SFC.EXE /SCANNOWwww.bleepingcomputer.com/forums/topic43051.html___
|
|
|
|
Post by daisy on Feb 21, 2009 2:40:00 GMT -5
so i thought about it
that dam hes a f*cking sad, depressed, angry, raging maniac over his computer breaking down on him
so i guess i would be too - if i suddenly lost my computer
to a hostile take over from a big army of spying virus
contaminated cockroaches
so i put myself in his shoes and showed him some mercy
by telling him that since the economy is so bad
with jobs getting harder and harder to find
maybe buying an xp cd would be too expensive
yet there is always the alternative of buying an xp restore cd
which is cheaper and might just do the trick of restoring his operating system
xp restore cd - $7.99 - don't look too bad at all
well i need his computer model number and serial number
to find out exactly how much his xp restore cd would costshop.ebay.com/items/xp%20restore%20cd?_dmd=1&_sop=12&keyword=xp+restore+cd&crlp=1943924183_9405&tt_encode=raw&MT_ID=475___
|
|
|
|
Post by daisy on Feb 26, 2009 2:26:22 GMT -5
Thursday 2/26/2009
well it took a while yet now i have this computer running perfect
i did a windows xp reinstall
then got the drivers and graphic driver off the internet to put on it
then i went online an updated everything
the computer seems a lot faster now
since now i have most of the stuff that was on the computer on cd
yep - this computer is fixed perfect now
now its better than it has ever been
___
|
|
|
|
Post by daisy on Mar 4, 2009 0:52:11 GMT -5
Monday 3/2/2009
warning - limewire 5 is packed full of spyware and viruses
solution: stick to limewire 4
or maybe better yet - no limeware at all
to avoid all those P2P worms - no P2P at all
___
|
|
|
|
Post by daisy on Mar 7, 2009 16:23:16 GMT -5
Saturday 3/7/2009
well i made a mistake
(but i thought it had a good list of viruses that i was manually removing)
which even though now they say malware removal bot does nothing
because of not knowing how to remove viruses
malware removal bot does show a good list of viruses (except its rogue self)
on your computer that you can manually remove
i fell for the fancy colorful bug pictures interface on malware removal bot
now i realize that smitfraudfix has the exact same webpage
MalwareRemovalBot (AKA MalwareRemoval Bot or Malware Removal Bot) is a new counterfeit anti-malware tool whose basic traits testify to its common origin with another rogue anti-spyware called SmitFraud Fix Tool.
but it is kind of confusing because i think
all the malware removal bot - removal links
are smitfraud links ?
(malwareremoval bot does have an unistall with it though)
oh well right now guess i will just stick with malwarebytes
i don't need to download any of those (rogue) smitfraudfix links
because
malwarebytes removes (rogue) malware removal botwww.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop
remove-malware.net/how-to-remove-malwareremovalbot-rogue-anti-spyware/___
|
|
