The computer virus keeps coming back

I have been assaulted yesterday and today with a few different computer virus. My pc keeps showing a Virus Detected warning and I move it to the vault. Last night when I went to clean out the vault there were about 7 virused sent yesterday.

They are classified as a lop virus and also as trojan horse virus.

Today since I have been online I have recieved three. The file path is similar but not the same each time.

Here is where one of the addresses read on the file.

C:\WINDOWS\system32\ljhef and another ends with dlle.

I was wondering how it can just keep coming do people or computers have a repeat button?

I may have to go to firefox but my bookmarks aren't in there and there isn't an option to import them.

Any advice would be appreciated.

What antivirus/firewall are you running ?

Just be aware you can recieve many false positives with some software.

Regard's
Lee

the sad fact is that I too have been battling the same thing.
Last night I gave up and just did the reformat. It seems as though every anti virus program I tried failed to remove it. I used every trick in my arsenal, but in the end the virus won.

I really hope there is a special place in hell for these virus writers.

reply to post by h3akalee


I have the AVG that comes with yahoo, or from my provider, anyway it has always been on here and I haven't had any major problems, just an occasional threat that goes away when I move it to the vault.

ShadowWatcher, did yours just start yesterday, too?

My virus dictionary said that it is a backdoor virus that looks at your computer and attempts to spread your info across the internet for whatever that is worth.

Thanks for the replies.

You probably have a trojan running processes in the background.

A lot of them will either attack and corrupt your anti-virus sw, AdAware or whatnot. The rest will spot you trying to delete one or more of the files and just regenerate them under new random names.

Getting rid of this is tough. I do it for people but I'm not sure I can do it over the net.

Try downloading and running vundofix first. Most of the infections I've seen are vundo or another derivative of smitfraud.

reply to post by Tom Bedlam


I will try running the program you suggested. Thanks for the tip.

I used to live in Pensacola, survived a hurricane there in the late 60's or early 7o's. Beautiful place indeed.

Another thing you should do - if you have Java uninstall it for the present.

Some of these get into the java engine and hide. You can download a fresh load of Java later.

You should run *at least* AdAware, SpybotS&D, AVG's free spyware remover and vundofix, running vundofix first.

They'll all get different stuff. And you'll probably need to run them more than once.

Here's the tried-and-true procedure for the first run:

Remove Java using the Add and Remove programs process. If your virus program you get from your ISP is pretty easy to get and reinstall, remove it as well, because it may be corrupted. Don't do this for something you had to pay for and put in codes like Norton. Just disable it completely - there are menu options to shut it down. Reboot.

Run Vundofix. Reboot.

Install and update SpybotS&D. Reboot. On the way up, hit "F8" a few times, you'll be offered a menu. Select "boot in safe mode".

Run Spybot a couple of passes. Get rid of anything it finds.

After a couple of runs at it, on the third run it ought to stop finding new things. (it will run really slowly in safe mode)

Reboot. Make sure Vista/XP's firewall is ON. Install and update AdAware. Run it a couple of times.

Install and update AVG's free spyware and virus program. You have to update the virus program separately from the spyware program. Get rid of anything you hit there too.

At that point, the easy kills are out of the way. If you're still getting "new" viruses or seeing ad popups, you've got something really bad, and it's going to be hard to do over the forum. I usually have to go manually edit the registry, run process scanners and start using things like Hijackthis to kill BHO's (you may need to do THAT as well but it's beyond the scope of this discussion)

That said, you may HAVE a BHO infection of your browser. Especially if you're using IE. I'll say you probably have one. I'm not sure how to talk you through scraping them out. Hijack-this is the easiest way but it's really dangerous for the casual observer.

You might run BHO Remover. I haven't used the tool but it looks less deadly than HijackThis. BHO's are like parasites, they ride on your IE. Some are things you might want like Yahoo's toolbar, but anything you don't recognize you should dump. I'd personally get rid of any BHO I can live without just to be thorough. If you've got a Yahoo toolbar you can always put it back later. I don't have any BHO's at all, but I don't use IE very often either.

Originally posted by Tom Bedlam
I'm not sure how to talk you through scraping them out. Hijack-this is the easiest way but it's really dangerous for the casual observer.

I am definitely the casual observer. It took me this long just to download and run a vundofix. My AVG shield kept coming up during the scan and showing the threats. About 11 times. I just closed it each time thinking at the end the vundofix would remove them but instead at the end it said none found!

I also had to download a download manager to get the vundofix.

Wow, it is quite a task.

I think I'll go to starbucks, get a mocha with an extra shot and come back and try to make it through the instructions you suggested, but I will have to make a day out of it I am afraid!

Thanks for the time you have taken to explain in understandable terms.

Actually though I am feeling pretty small in the face of this.....

Also in your post you mentioned using Internet Explorer and problems with Java. It just so happens that my daughter has been logging in through IE the last few days and I also redownloaded Java last week.

I just got the threat detection message again. I was hoping that the vudofix would have taken care of it.

I really don't feel competent to make this go away.

Thanks for allowing the ramble........

It takes a lot of time to do this, that's the truth. I've spent a couple of days on really bad infections on my friends' machines.

The most straightforward way is to dismount their hard drives and mount them on a debug system as a secondary drive. Then you can scan the crap out of them at your leisure, and none of the viruses/trojans ever get a chance to load.

But that's what I'd call an "advanced procedure"

ps - i'd delete the new Java for now. Also, run BHO Remover up front and just clean that right out, unless there's some browser helper you need that's really oddball. We have some Adobe Publisher BHO's, for example. But if you are a casual user, you probably don't have any BHO's you can't live without. Like I say, you can always reload Yahoo toolbar later.

And once you have cleaned your BHO's, run BHO Remover again when you're in safe mode and see if any have reappeared. If so, clean 'em out again.

You can try to download AutoRuns.

When it runs it shows all things Windows loads at start-up.

You can disable the ones that look suspicious (programs you do not remember installing, programs with suspicious names, especially names similar to those of common Windows programs, etc.) and restart the computer.

If you see that something is missing you can re-activate those entries that you deactivated before.

Thanks again for the help everyone.

At this point I have uninstalled limeware (filesharing for music), and Java, and at the suggestion of SBC self help tool, and TB, the AVG protection and instead downloaded Norton. It has been scanning ALL day and it has fixed several issues.

I have paused it and haven't had any warnings or threats for a minute. I will keep you posted as to how it transpires so as to help others that may be dealing with this or might in the future.

Originally posted by interestedalways
reply to post by h3akalee

 

I have the AVG that comes with yahoo, or from my provider, anyway it has always been on here and I haven't had any major problems, just an occasional threat that goes away when I move it to the vault.

ShadowWatcher, did yours just start yesterday, too?

My virus dictionary said that it is a backdoor virus that looks at your computer and attempts to spread your info across the internet for whatever that is worth.

Thanks for the replies.

Sadly, theres your problem right there. AVG is NOT a very good virus scanner contrary to what the "experts" tell you.

Yes, it has proved itself pretty much useless against a saavy virus that hides.

Since downloading and running the Norton I still haven't detected anything amiss.

I am hopeful.

reply to post by interestedalways


Ah - Limewire. I think I begin to see the issue.

I don't have Limewire. I know that KaZaA used to be bundled with a collection of malware that was so bad someone took the time to remove it from the distribution and called it "KaZaA Lite". You may find this interesting - "Our results from over a month of data show that 68% of all downloadable responses in Limewire containing archives and executables contain malware."

AVG has the benefit of being free, but we can't use it here. We get the choice of Trend Micro, Norton or McAfee from the DoD. It's free, and you have to use one of them. Sort of a carrot and stick thing I guess. I think some places get to use other stuff specialized for them but we don't.

About the only thing I really dislike about Norton is that they launch a ton of processes on startup and occasionally when running, which can bog down your machine if it's not pretty snappy. And at times every machine here will LiveUpdate and lose their registration due to some malf in the update process.

Plus some sites that redistribute limewire bundle malware into a new installer.

Avoid those download managers that you "have to install" to download a file. Easy way to catch a bug... same with free butterfly screensavers or whatever. If a download needs some special manager, find another source.

Originally posted by apc
Avoid those download managers that you "have to install" to download a file. Easy way to catch a bug... same with free butterfly screensavers or whatever. If a download needs some special manager, find another source.

Yeah, I even had to download a manager to get the vudofix that I got earlier. It the vudofix actually showed up as a risk after a computer restart. It wasn't the best brand of the program I guess. Have deleted the vudofix but not the downloader. I guess while I'm at it and seem to have found some success I will continue on............

It really is a good feeling when you accomplish a task that seems to be overwhelming.



[edit on 6-10-2007 by interestedalways]

I lost all patience Friday and spent an all nighter reformatting. It seems as though it takes just as long to try to save your hard drive as it does to reformat it. I wound up using zonealarm as a primary for now. Norton had expired and it is too costly to replace just yet. CA antivirus wont run along side zonealarm so now I'm debating which to use next. The saddest part is that the afflicted puter is just a humble archive. I use my laptop and send my stuff to desktop for archive. Why do idiots create these things anyhow? Is there some underground award ceremony that they want to be a part of? Someday when they grow up, maybe they will feel bad about being such a pain.

They're usually 12 or 13 years old just having fun. At least I was when I learned 386 assembly to write them.

Here's what I do for Windows: have a partition that is strictly OS. Look at how big your windows directory is (do not perform this action in Windows Vista if you have a heart condition, are pregnant, or diagnosed PTSD). Then the next time you reinstall Windows, make a partition that's maybe a gig bigger than what Windows needs. Install Windows to that partition, and everything else to a partition that fills the rest of the drive.

Note most installed applications in \Program Files\ won't work after reloading Windows and will have to be reinstalled. Backing up registry entries and loaded components is just a PITA.

This way, the next time Windows gets lame, or more lame depending on your POV, just wipe the OS partition and reload. No need to deal with preserving data (although you should be backing up important stuff anyway, right?), just don't accidentally format the other partition. In the case of infection, don't touch anything on the other partition until you have scanned it with everything Tom Bedlam referenced as well as having all Microsoft updates.

The Lop is a bad one! Ive removed this virus from countless computers and to be honest the best for sure way to get rid of it is to back up personal data and wipe and reload. As one of the previous posters mentioned it takes about as much time to remove this pesky virus as it does to wipe and reload. I wipe and reload at least one computer a month on my network. Its kind of like doing an oil change on a car. In my business I have to time manage and its getting to be faster to wipe and reload with the viruses that are hitting now days. Now if it was a server that would be a different story because I would do almost anything not to have to back up data & wipe and reload a server.

Browse around Snapfiles.com and Majorgeeks.com for Antivirus software and Ad aware tools there is allot out there that is free and still good for protection. Good luck!