It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
The computer virus keeps coming back
page: 2share:
Since I got rid of the AVG and downloaded Norton the virus hasn't gotten in, but I see the icon pop up frequently saying that it has blocked a trojan
and a couple of other pests.
I noticed that Yahoo messenger gets pretty problematic with Norton running, are they compatible? I don't use messenger but my daughter does and I have told her to stay off of it because I spent an hour last night trying to log in because I couldn't exit messenger.
I don't know how long Norton will be free but I may have to bite it and buy it to keep out the viruses. Does it ever give up once it is in???
I don't know how to do all that wiping and moving you guys talk about but if I have to I suppose I can take it in and have it done if it comes back in somehow.
I noticed that Yahoo messenger gets pretty problematic with Norton running, are they compatible? I don't use messenger but my daughter does and I have told her to stay off of it because I spent an hour last night trying to log in because I couldn't exit messenger.
I don't know how long Norton will be free but I may have to bite it and buy it to keep out the viruses. Does it ever give up once it is in???
I don't know how to do all that wiping and moving you guys talk about but if I have to I suppose I can take it in and have it done if it comes back in somehow.
reply to post by interestedalways
Well as far as the Trojan is concerned you need to download some spyware removal utilities and trojan removal software to remove it. It will most likely take multiple Ad-Aware and virus removal tools to affectively remove Lop depending on how bad you are infected. You will need to reboot in safe mode to remove them correctly. The reason being is usually if you try to delete a Trojan while running windows in normal mode it will say that its being used and can not be deleted. Safe mode disables everything except whats needed thus allowing you to delete Trojans manually after located.
Also there is a lop removal tool and detailed instructions for removing Lop on Google if you look up Lop removal. Norton is a system hog but if you like it go for it. I would recommend against using their systemworks or Internet security suite. It can be pretty annoying to remove Trojans or spyware if you don't know what your doing so that is why I suggested wiping and reloading (after you back up your data of course). Your local computer shop shouldn't charge you over $45 I would suppose for doing a reload.
No, unfortunately viruses don't give up. I wish they did!
[edit on 9-10-2007 by Digital_Reality]
Well as far as the Trojan is concerned you need to download some spyware removal utilities and trojan removal software to remove it. It will most likely take multiple Ad-Aware and virus removal tools to affectively remove Lop depending on how bad you are infected. You will need to reboot in safe mode to remove them correctly. The reason being is usually if you try to delete a Trojan while running windows in normal mode it will say that its being used and can not be deleted. Safe mode disables everything except whats needed thus allowing you to delete Trojans manually after located.
Also there is a lop removal tool and detailed instructions for removing Lop on Google if you look up Lop removal. Norton is a system hog but if you like it go for it. I would recommend against using their systemworks or Internet security suite. It can be pretty annoying to remove Trojans or spyware if you don't know what your doing so that is why I suggested wiping and reloading (after you back up your data of course). Your local computer shop shouldn't charge you over $45 I would suppose for doing a reload.
Does it ever give up once it is in???
No, unfortunately viruses don't give up. I wish they did!
[edit on 9-10-2007 by Digital_Reality]
reply to post by Digital_Reality
I don't want to keep Norton because my daughter likes messenger to talk to her friends. I will take the computer in I suppose.
Anyone is the KC/Independence area that could do it cheap???
Thanks for all the tech ideas and software ideas I will keep on it until it gets right.
Why? Why do people like to mess up strangers worlds? Get a life freakos.
I don't want to keep Norton because my daughter likes messenger to talk to her friends. I will take the computer in I suppose.
Anyone is the KC/Independence area that could do it cheap???
Thanks for all the tech ideas and software ideas I will keep on it until it gets right.
Why? Why do people like to mess up strangers worlds? Get a life freakos.
Are you on DSL, cable, dial-up or what?
If you're on broadband, you might try getting a hardware firewall or a router with that function. Just using NAT will stop a lot of incursions, but if you're "riding bareback" on the cable modem you could be getting some of this that way.
We have a dedicated HW firewall that stops a ton of crap every day. I used to follow it all up with ISP complaints but now I just look for persistent offenders.
If you're on broadband, you might try getting a hardware firewall or a router with that function. Just using NAT will stop a lot of incursions, but if you're "riding bareback" on the cable modem you could be getting some of this that way.
We have a dedicated HW firewall that stops a ton of crap every day. I used to follow it all up with ISP complaints but now I just look for persistent offenders.
I'm afraid nothing is going to fully protect you from getting infected using software like Limewire. Places like these are where viruses are released
in the wild. These are places where zero day(unknown) viruses are born and no virus protection is going to stop an infection. Avira is a good FREE
antivirus if you are not liking Norton. Also remember that its not the antivirus software that protects you per say its really the definitions and how
often they update the virus definitions. If the company is crappy about getting the new definitions and providing an update in time then the software
is not going to catch the virus. They all fall short from time to time thats just how it is when there are 16 year olds making viruses on a daily
biases.
I look for the antivirus that is the least system intensive and has the best updates released on a daily biases.
I look for the antivirus that is the least system intensive and has the best updates released on a daily biases.
I am on DSL through ATT, with a home phone line on the bill with the high speed internet.
Here is what has been happening lately.
When I log on my logitech quick cam keeps coming on and I get a message saying server busy to retry. Eventually I get rid of it.
Then yahoo messenger attempts to load up even though the icon if it shows it as inactive. I have already unchecked the boxes for auto sign in.
The quick cam comes on while I am on line for no reason.
Half of the time when I log on and go to bookmarks they are gone and the only way to get them back is to turn off and back on the computer.
A couple of days ago when I attempted to log off it said someone was logged onto the computer and they would lose any data if I logged off.
Does this all sound like infection symptoms?
Is my computer sick???
edit to add:
Oh yeah, last night when I went to close out of yahoo and shut down the speakers put out this weird sound seemingly from nowhere. My daughter said "Mom you better shut down the computer" I asked her "Why?" and she said "because the computer just growled at you!"
What in the world?
[edit on 15-10-2007 by interestedalways]
Here is what has been happening lately.
When I log on my logitech quick cam keeps coming on and I get a message saying server busy to retry. Eventually I get rid of it.
Then yahoo messenger attempts to load up even though the icon if it shows it as inactive. I have already unchecked the boxes for auto sign in.
The quick cam comes on while I am on line for no reason.
Half of the time when I log on and go to bookmarks they are gone and the only way to get them back is to turn off and back on the computer.
A couple of days ago when I attempted to log off it said someone was logged onto the computer and they would lose any data if I logged off.
Does this all sound like infection symptoms?
Is my computer sick???
edit to add:
Oh yeah, last night when I went to close out of yahoo and shut down the speakers put out this weird sound seemingly from nowhere. My daughter said "Mom you better shut down the computer" I asked her "Why?" and she said "because the computer just growled at you!"
What in the world?
[edit on 15-10-2007 by interestedalways]
Very wise opinion, you should never work with a growling computer.
Originally posted by interestedalways
Oh yeah, last night when I went to close out of yahoo and shut down the speakers put out this weird sound seemingly from nowhere. My daughter said "Mom you better shut down the computer" I asked her "Why?" and she said "because the computer just growled at you!"
Those symptoms are suspicious, but unfortunately I do not have more advices to give than those that I usually give: download AutoRuns from Sysinternals (now Microsoft) and see if you can spot any suspicious program.
reply to post by ArMaP
I will do that, download the AutoRuns.
There were suggestions made on this thread that I didn't take because I pretended it was going to be fixed with the Norton. Obviously this isn't the case.
I will post with anything that happens after I try the AutoRuns.
Thanks for the response and in finding the humor in this nutty situation.
I will do that, download the AutoRuns.
There were suggestions made on this thread that I didn't take because I pretended it was going to be fixed with the Norton. Obviously this isn't the case.
I will post with anything that happens after I try the AutoRuns.
Thanks for the response and in finding the humor in this nutty situation.
interestedalways are my neighbor or what? It seems that we are having the same issues. Here is my find for the evil 'bust server'.
Please follow the suggestions and instructions in the links below.
When you finish, go to Add or Remove Programs in your Control Panel and remove (if present):
tslw
Then scan with HijackThis and have it fix the following:
O2 - BHO: (no name) - [B404CC6B-95D3-1A44-27C3-77CD07F8BA38] - C:\WINDOWS\system32\ntui.dll (file missing)
O4 - HKLM\..\Run: [M0tPo.exe] c:\documents and settings\YOUR NAME\local settings\temp\M0tPo.exe
O4 - HKCU\..\Run: [Rivpzql] C:\WINDOWS\system32\??plorer.exe
O4 - HKCU\..\Run: [Sulm] C:\Program Files\tslw\csno.exe
O14 - IERESET.INF: SearchAssistant=
If this IP address is not related to your ISP, have HJT fix this O15 entry as well --
O15 - Trusted IP range: 206.161.125.149
Close any open windows, other then HijackThis, and hit Fix checked.
Go to the following locations and delete the highlighted files and folder:
C:\WINDOWS\system32\ntui.dll
C:\WINDOWS\system32\??plorer.exe
C:\Program Files\tslw
Go to C:\documents and settings\YOUR NAME\local settings\temp and delete the entire contents of the folder (but not the folder itself).
If any of these files cannot be deleted, try booting into Safe Mode first.
Empty your Recycle Bin and reboot (normally).
Close any open browser windows, scan with HijackThis, and post a new log please.
I'm going to try it when I get home tonight.
Good luck my friend.
Please follow the suggestions and instructions in the links below.
When you finish, go to Add or Remove Programs in your Control Panel and remove (if present):
tslw
Then scan with HijackThis and have it fix the following:
O2 - BHO: (no name) - [B404CC6B-95D3-1A44-27C3-77CD07F8BA38] - C:\WINDOWS\system32\ntui.dll (file missing)
O4 - HKLM\..\Run: [M0tPo.exe] c:\documents and settings\YOUR NAME\local settings\temp\M0tPo.exe
O4 - HKCU\..\Run: [Rivpzql] C:\WINDOWS\system32\??plorer.exe
O4 - HKCU\..\Run: [Sulm] C:\Program Files\tslw\csno.exe
O14 - IERESET.INF: SearchAssistant=
If this IP address is not related to your ISP, have HJT fix this O15 entry as well --
O15 - Trusted IP range: 206.161.125.149
Close any open windows, other then HijackThis, and hit Fix checked.
Go to the following locations and delete the highlighted files and folder:
C:\WINDOWS\system32\ntui.dll
C:\WINDOWS\system32\??plorer.exe
C:\Program Files\tslw
Go to C:\documents and settings\YOUR NAME\local settings\temp and delete the entire contents of the folder (but not the folder itself).
If any of these files cannot be deleted, try booting into Safe Mode first.
Empty your Recycle Bin and reboot (normally).
Close any open browser windows, scan with HijackThis, and post a new log please.
I'm going to try it when I get home tonight.
Good luck my friend.
You could always try laying a hammer next to your computer, this makes my mine run like the wind.
Restart you computer and push the F4 key every few seconds till you see a screen, with different boot up options, select safe mode then hit enter, run your scan, then rinse and repeat.
Viruses = :bnghd:
Restart you computer and push the F4 key every few seconds till you see a screen, with different boot up options, select safe mode then hit enter, run your scan, then rinse and repeat.
Viruses = :bnghd:
Intrested
If I may suggest 3 items of advice.
1. WIA - Windows Imaging Application had a vulnerablity that may (or may not) cause both the webcam & serverbusy problems. To test this, you can temporarily stop the WIA service. The easiest method to stop the WIA service is :
A.Start-->
B. Run-->
C.Paste the following command into the text box:
sc stop stisvc & sc config stisvc start= disabled
D. Next, select OK
Your camera may not work during this test. Use your pc as normal. If it didnt fix the server busy popup, its probably malware. If it did seem to fix it, you need an update, or WIA has gotten corrupted. Go to Microsoft Update, and let it download any security updates.
You can restart the WIA service with the following command when ready:
sc start stisvc & sc config stisvc start= Automatic
2. Even if your daughter likes Yahoo Messenger, get rid of it. Uninstall any Yahoo add-on's and never allow them again. Teach her to use Trillion, Messenger, Skype or Google chat. Anything but Yahoo. Same goes for Limewire.
3.Most importantly, turn off System Restore. Boot to safemode (without networking). Perform a complete scan with your favorite anti-spyware, but better yet, use DrWeb_CureIt in safemode.
Best of Luck
makeitso
[edit on 10/16/07 by makeitso]
If I may suggest 3 items of advice.
1. WIA - Windows Imaging Application had a vulnerablity that may (or may not) cause both the webcam & serverbusy problems. To test this, you can temporarily stop the WIA service. The easiest method to stop the WIA service is :
A.Start-->
B. Run-->
C.Paste the following command into the text box:
sc stop stisvc & sc config stisvc start= disabled
D. Next, select OK
Your camera may not work during this test. Use your pc as normal. If it didnt fix the server busy popup, its probably malware. If it did seem to fix it, you need an update, or WIA has gotten corrupted. Go to Microsoft Update, and let it download any security updates.
You can restart the WIA service with the following command when ready:
sc start stisvc & sc config stisvc start= Automatic
2. Even if your daughter likes Yahoo Messenger, get rid of it. Uninstall any Yahoo add-on's and never allow them again. Teach her to use Trillion, Messenger, Skype or Google chat. Anything but Yahoo. Same goes for Limewire.
3.Most importantly, turn off System Restore. Boot to safemode (without networking). Perform a complete scan with your favorite anti-spyware, but better yet, use DrWeb_CureIt in safemode.
Best of Luck
makeitso
[edit on 10/16/07 by makeitso]
I'm telling you I had the same problem. The only free program I know of that will stop all process from running and actually delete EVERYTHING in the
temp internet file is smit fraud fix. Trust me, its
safe, I have used it on my computer about 10 times. I highly recommend it.
[edit on 16-10-2007 by Techsnow]
[edit on 16-10-2007 by Techsnow]
Smitfraudfix is an excellent product.
If you had the same problem, and it fixed it, that would be a good, quick starting point.
If you had the same problem, and it fixed it, that would be a good, quick starting point.
Brilliant idea. Thanks
I tried my own advice on my computer tonight and lo and behold, there was not one single problem found. I cut and pasted the hijack results on their webpage and had their site double check and still a clean bill.
Mind you I haven't gotten the error at all today. (it was all on Monday) I'm kinda stumped. The stupid thing still tells me that I have a critical error and reboots me without prompting. Smit fraud here I come.
I swear if I have to reformat a 4th time, well, let's just say I may make the nightly news,.
I may just say screw it and buy Vista and a physical firewall. I really think my XP is corrupted. hmmmmmmm
Can't someone create a stable OS that Windows does not own?!?!?!?
I promise to even pay for it.
I tried my own advice on my computer tonight and lo and behold, there was not one single problem found. I cut and pasted the hijack results on their webpage and had their site double check and still a clean bill.
Mind you I haven't gotten the error at all today. (it was all on Monday) I'm kinda stumped. The stupid thing still tells me that I have a critical error and reboots me without prompting. Smit fraud here I come.
I swear if I have to reformat a 4th time, well, let's just say I may make the nightly news,.
I may just say screw it and buy Vista and a physical firewall. I really think my XP is corrupted. hmmmmmmm
Can't someone create a stable OS that Windows does not own?!?!?!?
I promise to even pay for it.
Originally posted by shadow watcher
The stupid thing still tells me that I have a critical error and reboots me without prompting. Smit fraud here I come.
Thats probably a horse of a different color.
If you dont have any luck with smitfraudfix fixing the reboot issue, (I suspect you won't), You may want to read this article. It explains that XP changes standard settings so that instead of getting the blue screen of death, (BSOD), it reboots. This is usually caused by incorrect drivers, or corrupt software.
If you change the setting as explained in the article, next time there is a critical error, it won't automatically reboot, you'll get the BSOD instead. Thats helpful because it presents you with information that can help you track down the problem. You'll see something like this:
The information your looking for in the BSOD is called a stop error. It is usually presented in the following format type:
*** Stop: 0x000000050
You take that stop code for your particular stop error and search google to find out what it means. You'll find articles like this one that explain what that particular stop error means, and possible resolutions.
Best of luck
makeitso
I will give it a go. The blue screen of death is an old nemesis of mine.
I do not fear him. Thanks for the tip.
I do not fear him. Thanks for the tip.
reply to post by shadow watcher
There is a wealth of good information on this thread.
It has helped me tremendously, I hope others find and refer to this thread if they get *bugged* by these pests.
I ran the drsmitfixit but I didn't put it in safe mode and I didn't turn off system restore. I didn't know if it applied to that program. I am going to get rid of the yahoo junk and have already eliminated limeware. Then reboot.
While this was running the norton security blocked a security risk called downloader. Is it to be expected to see this a few times a day?
Another question. Would any of you familiar with the security options run Norton or one of the programs offered on the desmitrixit web page? Is Norton pretty good overall?
Thanks again to everyone who has offered ideas and very clear instructions. I couldn't have gotten this much helpful and free info anywhere else I know of.
Viruses
Helpful people
There is a wealth of good information on this thread.
It has helped me tremendously, I hope others find and refer to this thread if they get *bugged* by these pests.
I ran the drsmitfixit but I didn't put it in safe mode and I didn't turn off system restore. I didn't know if it applied to that program. I am going to get rid of the yahoo junk and have already eliminated limeware. Then reboot.
While this was running the norton security blocked a security risk called downloader. Is it to be expected to see this a few times a day?
Another question. Would any of you familiar with the security options run Norton or one of the programs offered on the desmitrixit web page? Is Norton pretty good overall?
Thanks again to everyone who has offered ideas and very clear instructions. I couldn't have gotten this much helpful and free info anywhere else I know of.
Viruses
Helpful people
Interested, I just got one nagging one today!! It's a dropper virus.
I recently had a nasty vundo attack. Spybot S&D with ComboFix in safe mode cured everything, From the trojan (vundo) To the downloader
(tiny.somethingorother) and the related .dll's
I know Combofix isnt for everyone, but im no expert and i managed to get it to work, and it worked wonders.
Just google the name and it should come up with a link to forum (major geeks or something) in that forum should be a link to the file
I know Combofix isnt for everyone, but im no expert and i managed to get it to work, and it worked wonders.
Just google the name and it should come up with a link to forum (major geeks or something) in that forum should be a link to the file
How do you people get so much "infections"?
In almost 12 years of Internet use I never got a virus, key-logger, trojan, etc., and I do not keep myself only on the "light" side of the Internet.
I even once went to some sites just to see if I would get infected, but it didn't worked as it should.
In almost 12 years of Internet use I never got a virus, key-logger, trojan, etc., and I do not keep myself only on the "light" side of the Internet.
I even once went to some sites just to see if I would get infected, but it didn't worked as it should.
new topics
-
How does my computer know
Education and Media: 46 minutes ago -
USO 10 miles west of caladesi island, Clearwater beach Florida
Aliens and UFOs: 5 hours ago
top topics
-
Anti-Israel Protesters in CHICAGO Chant 'Death to Israel and 'Death to America'
Social Issues and Civil Unrest: 17 hours ago, 15 flags -
Running Through Idiot Protestors Who Block The Road
Rant: 15 hours ago, 12 flags -
Tesla cutting 14,000 jobs
Global Meltdown: 14 hours ago, 6 flags -
USO 10 miles west of caladesi island, Clearwater beach Florida
Aliens and UFOs: 5 hours ago, 6 flags -
Israel ufo shoot down drones?
Aliens and UFOs: 14 hours ago, 5 flags -
Abortions in first 12 weeks should be legalised in Germany, commission says
Medical Issues & Conspiracies: 13 hours ago, 5 flags -
On this Day in History, April 15, 1865, Abraham Lincoln Passed Away.
General Chit Chat: 14 hours ago, 4 flags -
How does my computer know
Education and Media: 46 minutes ago, 0 flags
active topics
-
How does my computer know
Education and Media • 1 • : UpIsNowDown2 -
Canadian Police Urge Citizens To Avoid Conflict With Armed Robbers By Leaving Keys At Front Door
Social Issues and Civil Unrest • 68 • : Astyanax -
Gold and silver prices....woo hoo
History • 71 • : SchrodingersRat -
Afterlife, unknown, so prepare, or just go into the unknown (bad)!!
ATS Skunk Works • 49 • : Kennyb75 -
Fossils in Greece Suggest Human Ancestors Evolved in Europe, Not Africa
Origins and Creationism • 46 • : matafuchs -
President BIDEN Warned IRAN Not to Attack ISRAEL - Iran Responded with a Military Attack on Israel.
World War Three • 37 • : nugget1 -
America's Infant Mortality Rate Increases for the First Time in 20 Years
Medical Issues & Conspiracies • 17 • : nugget1 -
Mandela Effect - It Happened to Me!
The Gray Area • 98 • : BeTheGoddess2 -
The Truth About Jesus
Conspiracies in Religions • 265 • : glend -
J Balvin Columbian Singer captured this Triangle UFO footage…….
Aliens and UFOs • 13 • : magicai