And do I mean help? YES.
Out of the blue, granddaughter #3 tried to access "Facebook" last night. Reported it was very slow and no Web access possible. I went up to look and there was a picture of a youth pleasuring himself. Not me guv! I declare. Deleted that at once. Yuk. What makes people do that I ask?
Restart and all goes well until a big message fills the centre screen "Windows Warning Message
Warning. win32/adware.Virtumonde detected on your computer
Warning win32/privacy/remover.m64 detected etc.
Activate your a/v software to clean your computer."
Did that and I invoked Avast but that gave up working after only about 3% and restarted. All OK again and then the BSOD appears with the standard MS message
I'm unable to get web access from the main PC but OK on my Laptop here alongside the infected machine. I've tried the AV again a few times and it has thrown up several trojans which have been moved to the chest before it gave up the ghost, best time lasted was 14 minutes then - squelch, off to BSOD again..
I don't think it was anything Lindsay did unless Facebook transmits Viruses. These two look like naughty ones and I'll have a look on the net (via laptop) to see if there's a special routine. Problem there might be, if I download the solution, should I pass it to the PC from the laptop or is there a risk that the virus will attack that?
Preliminary thoughts from the brains trust please???
whilst writing this, about 4 examples of win32 frauder-B[Tri] came up and were shoved into chest.
Just goes to show you how these things work - one trojan opens the floodgates.
You can use the Avast "Startup Scan" feature or you can use this:
Make a CD with that and remember to use the spacebar to select English.
Since you have Avast, its easier to just do a Startup scan, but keep the Avira Rescue CD in mind for systems without Avast.
Stark Raving MOD
You mentioned Avast antivirus, but what are you using for antispyware?
After running those fixes, download the trial Counterspy and do a system scan. It's fully functional for 15-days.
Bill: Well, I downloaded the file and burned the CD but it didn't boot from the disk. Should it have? BIOS is set to boot from CD.
Just in case, I did Ctrl+alt+del and looked at CPU usage which was solid at 100% whilst it was looking. It is now running at abt 8% Pagefile 419Mb which seems ok. It all went haywire when I tried to open the readme file on the CD. Everything froze up. Still can't get on the net but I had your e-mail but not midknyte's.
So Midknyte, I have a registered copy of Counterspy and I also have Spybot if I need it, Adaware away was recommended from here and I have that somewhere. The whole think is baffling me but I'll keep trying.
I've dowloaded the files from bleeping computer, virxxx etc.. What do I do next please?
I sort of think I ran counterspy but that might have been spybot. I'm getting too old for this caper.
PS sorry, for readme read welcome.msg and index.html
I'm just trying to use autorun via my computer. YES! I think I need to reboot and check I'm starting from the CD. After that I'm for my bed.Gone midnight again! Night Pick up any more in the am.
Last edited by docusk; 09-12-2008 at 07:43 PM.
Stark Raving MOD
You need to burn the ISO as an image. It won't work if you just copy it as a file on the CD. The steps will vary depending on what burner software you use.
Be sure to disconnect the afflicted system from the internet, AKA pull the plug.
Boot to safe mode and follow the instructions on the Virtumonde fix link.
How can I write (burn) ISO files to CD?
Yhat should help out.
The Avira Rescue CD has a built in ISO burner. All that is necessary is to pop a CDR in the drive and double-click the downloaded file. That will create the bootable disc.
Left the prog running and this am, all done. Restarted and all seems well. Just to be sure - belt and braces - I'm running AVAST quick check and it's found 3 or 4 trojans. Then I'll run counterspy and maybe spybot.
Next thing is to cleanup and defrag and after that, I'll get into the other PC and do the same thing with that as that's the one I use for downloading music, probable cause of the infection?
Whoever wrote the avira prog is a genius. Saved my reason!
Do I need to run the progs I got from bleeping computers?
Bye for now.
Stark Raving MOD
Spybot is worthless. You bought Counterspy, so how did you get infected? Was it running with active protection on? The key is prevention.
You should have run the fixes FIRST. oh well. it won't hurt to run them now.
I hope you disabled system restore also. They can have infections also. Once your system is clean, you can re-enable it.
Oh hell. Will it never end?
I was still geting malware reported by Avast and I dealt with them OK. Then I was told to clean up the disk but before I could do that, another BSOD.
"...Problem seems to be caused by...MSKSSRV.SYS.." and tells me "To fix all errors press enter" which then comes up with a file name setup_sbd_en.exe which then runs into more malware lot more rigmarole thenI get to run the above file. All well till spyware comes up win32-faker-[spy]
Try to bin it and eror msg says "..cantprocess\.....setup+sbd_en.exe...in use by another process."
finally I got out of the BSOD and came back to sysopt. CPU is running at 100% again. Closed apps not in use and now back on Avast front end It's finished C: and now on G:which is my newly installed SATA disk with very little on it in the way of apps. Avast now on 85% so maybe it will do the trick.
Other comments, I don't know which order I should deal with another similar problem. From the first BSOD, I couldn't get into the system anyway.
More advice very welcome thanks.
Hope above makes sense.
Like other people who use this site, I have very strong reasons to admire what everyone does for those of us who are still (in my case aged 80) on that learning curve.
Just remembered. Looking for that MSKSSRV.SYS, I came upon a site that advised me to download 'Security task manager'
What's that all about?
Stark Raving MOD
Security task manager is on the AV/Antispy sticky. It is similar to process explorer, but it gives a rating of threat severity.
Go back and do what I told you in the first reply. Run those virtumonde removal tools in safe mode. Then run counterspy with the network cable unplugged. Many malware apps "phone home", so it's best to cut the connection. You can get manual CS updates here: http://tinyurl.com/6hd3cv They are pretty big, around 150MB.
You ran Avast several times, so use another tool already. Insanity is doing the same thing repeatedly, but expecting a different result.
The Avira Rescue CD burns it's own CD. Just open it.
You have to scan before Windows opens because files can't be removed if they are running. You can't remove a car's engine while it's running, right?
You have to use either Avira or Avast's startup scan to get rid of this stuff. I recommend the Rescue CD because it's gets both viruses and spyware where Avast may only get viruses.
Please communicate clearly exactly what you are doing. Although we know that the Rescue CD wasn't burned properly, we don't know if you ran the Avast Startup Scan. You have to tell us.
Last first. Yep, you got that right, insanity pesonified that's me!
OK I'm going through the lot now but one small point. I can't get F8 or F5 to offer me safe mode. Whaever F key I hit just takes me into the dual boot menu.
How to overcome that I've been asking myself that for days.
I can get into Control Panel, that any use? NO says he.
I'll get on to the site in your las as soon as I've done here.
It's not necessary to get into Safe Mode if you use the Rescue CD. Please do that.
Press F8 when you arrive at the dual-boot menu to select Safe Mode.