It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


The computer virus keeps coming back

page: 2
<< 1    3 >>

log in


posted on Oct, 9 2007 @ 10:47 AM
Since I got rid of the AVG and downloaded Norton the virus hasn't gotten in, but I see the icon pop up frequently saying that it has blocked a trojan and a couple of other pests.

I noticed that Yahoo messenger gets pretty problematic with Norton running, are they compatible? I don't use messenger but my daughter does and I have told her to stay off of it because I spent an hour last night trying to log in because I couldn't exit messenger.

I don't know how long Norton will be free but I may have to bite it and buy it to keep out the viruses. Does it ever give up once it is in???

I don't know how to do all that wiping and moving you guys talk about but if I have to I suppose I can take it in and have it done if it comes back in somehow.

posted on Oct, 9 2007 @ 11:28 AM
reply to post by interestedalways

Well as far as the Trojan is concerned you need to download some spyware removal utilities and trojan removal software to remove it. It will most likely take multiple Ad-Aware and virus removal tools to affectively remove Lop depending on how bad you are infected. You will need to reboot in safe mode to remove them correctly. The reason being is usually if you try to delete a Trojan while running windows in normal mode it will say that its being used and can not be deleted. Safe mode disables everything except whats needed thus allowing you to delete Trojans manually after located.

Also there is a lop removal tool and detailed instructions for removing Lop on Google if you look up Lop removal. Norton is a system hog but if you like it go for it. I would recommend against using their systemworks or Internet security suite. It can be pretty annoying to remove Trojans or spyware if you don't know what your doing so that is why I suggested wiping and reloading (after you back up your data of course). Your local computer shop shouldn't charge you over $45 I would suppose for doing a reload.

Does it ever give up once it is in???

No, unfortunately viruses don't give up. I wish they did!

[edit on 9-10-2007 by Digital_Reality]

posted on Oct, 9 2007 @ 12:54 PM
reply to post by Digital_Reality

I don't want to keep Norton because my daughter likes messenger to talk to her friends. I will take the computer in I suppose.

Anyone is the KC/Independence area that could do it cheap???

Thanks for all the tech ideas and software ideas I will keep on it until it gets right.

Why? Why do people like to mess up strangers worlds? Get a life freakos.

posted on Oct, 9 2007 @ 12:56 PM
Are you on DSL, cable, dial-up or what?

If you're on broadband, you might try getting a hardware firewall or a router with that function. Just using NAT will stop a lot of incursions, but if you're "riding bareback" on the cable modem you could be getting some of this that way.

We have a dedicated HW firewall that stops a ton of crap every day. I used to follow it all up with ISP complaints but now I just look for persistent offenders.

posted on Oct, 9 2007 @ 01:44 PM
I'm afraid nothing is going to fully protect you from getting infected using software like Limewire. Places like these are where viruses are released in the wild. These are places where zero day(unknown) viruses are born and no virus protection is going to stop an infection. Avira is a good FREE antivirus if you are not liking Norton. Also remember that its not the antivirus software that protects you per say its really the definitions and how often they update the virus definitions. If the company is crappy about getting the new definitions and providing an update in time then the software is not going to catch the virus. They all fall short from time to time thats just how it is when there are 16 year olds making viruses on a daily biases.

I look for the antivirus that is the least system intensive and has the best updates released on a daily biases.

posted on Oct, 15 2007 @ 02:47 PM
I am on DSL through ATT, with a home phone line on the bill with the high speed internet.

Here is what has been happening lately.

When I log on my logitech quick cam keeps coming on and I get a message saying server busy to retry. Eventually I get rid of it.

Then yahoo messenger attempts to load up even though the icon if it shows it as inactive. I have already unchecked the boxes for auto sign in.

The quick cam comes on while I am on line for no reason.

Half of the time when I log on and go to bookmarks they are gone and the only way to get them back is to turn off and back on the computer.

A couple of days ago when I attempted to log off it said someone was logged onto the computer and they would lose any data if I logged off.

Does this all sound like infection symptoms?

Is my computer sick???

edit to add:

Oh yeah, last night when I went to close out of yahoo and shut down the speakers put out this weird sound seemingly from nowhere. My daughter said "Mom you better shut down the computer" I asked her "Why?" and she said "because the computer just growled at you!"

What in the world?

[edit on 15-10-2007 by interestedalways]

posted on Oct, 15 2007 @ 03:39 PM

Originally posted by interestedalways
Oh yeah, last night when I went to close out of yahoo and shut down the speakers put out this weird sound seemingly from nowhere. My daughter said "Mom you better shut down the computer" I asked her "Why?" and she said "because the computer just growled at you!"
Very wise opinion, you should never work with a growling computer.

Those symptoms are suspicious, but unfortunately I do not have more advices to give than those that I usually give: download AutoRuns from Sysinternals (now Microsoft) and see if you can spot any suspicious program.

posted on Oct, 15 2007 @ 04:02 PM
reply to post by ArMaP

I will do that, download the AutoRuns.

There were suggestions made on this thread that I didn't take because I pretended it was going to be fixed with the Norton. Obviously this isn't the case.

I will post with anything that happens after I try the AutoRuns.

Thanks for the response and in finding the humor in this nutty situation.

posted on Oct, 16 2007 @ 06:40 AM
interestedalways are my neighbor or what? It seems that we are having the same issues. Here is my find for the evil 'bust server'.

Please follow the suggestions and instructions in the links below.

When you finish, go to Add or Remove Programs in your Control Panel and remove (if present):


Then scan with HijackThis and have it fix the following:

O2 - BHO: (no name) - [B404CC6B-95D3-1A44-27C3-77CD07F8BA38] - C:\WINDOWS\system32\ntui.dll (file missing)
O4 - HKLM\..\Run: [M0tPo.exe] c:\documents and settings\YOUR NAME\local settings\temp\M0tPo.exe
O4 - HKCU\..\Run: [Rivpzql] C:\WINDOWS\system32\??plorer.exe
O4 - HKCU\..\Run: [Sulm] C:\Program Files\tslw\csno.exe
O14 - IERESET.INF: SearchAssistant=
If this IP address is not related to your ISP, have HJT fix this O15 entry as well --
O15 - Trusted IP range:

Close any open windows, other then HijackThis, and hit Fix checked.

Go to the following locations and delete the highlighted files and folder:


C:\Program Files\tslw

Go to C:\documents and settings\YOUR NAME\local settings\temp and delete the entire contents of the folder (but not the folder itself).

If any of these files cannot be deleted, try booting into Safe Mode first.

Empty your Recycle Bin and reboot (normally).

Close any open browser windows, scan with HijackThis, and post a new log please.

I'm going to try it when I get home tonight.
Good luck my friend.

posted on Oct, 16 2007 @ 09:27 AM
You could always try laying a hammer next to your computer, this makes my mine run like the wind.

Restart you computer and push the F4 key every few seconds till you see a screen, with different boot up options, select safe mode then hit enter, run your scan, then rinse and repeat.

Viruses =

posted on Oct, 16 2007 @ 05:57 PM
If I may suggest 3 items of advice.

1. WIA - Windows Imaging Application had a vulnerablity that may (or may not) cause both the webcam & serverbusy problems. To test this, you can temporarily stop the WIA service. The easiest method to stop the WIA service is :

B. Run-->
C.Paste the following command into the text box:
sc stop stisvc & sc config stisvc start= disabled

D. Next, select OK

Your camera may not work during this test. Use your pc as normal. If it didnt fix the server busy popup, its probably malware. If it did seem to fix it, you need an update, or WIA has gotten corrupted. Go to Microsoft Update, and let it download any security updates.

You can restart the WIA service with the following command when ready:
sc start stisvc & sc config stisvc start= Automatic

2. Even if your daughter likes Yahoo Messenger, get rid of it. Uninstall any Yahoo add-on's and never allow them again. Teach her to use Trillion, Messenger, Skype or Google chat. Anything but Yahoo. Same goes for Limewire.

3.Most importantly, turn off System Restore. Boot to safemode (without networking). Perform a complete scan with your favorite anti-spyware, but better yet, use DrWeb_CureIt in safemode.

Best of Luck

[edit on 10/16/07 by makeitso]

posted on Oct, 16 2007 @ 06:03 PM
I'm telling you I had the same problem. The only free program I know of that will stop all process from running and actually delete EVERYTHING in the temp internet file is smit fraud fix. Trust me, its safe, I have used it on my computer about 10 times. I highly recommend it.

[edit on 16-10-2007 by Techsnow]

posted on Oct, 16 2007 @ 06:06 PM
Smitfraudfix is an excellent product.

If you had the same problem, and it fixed it, that would be a good, quick starting point.

posted on Oct, 16 2007 @ 09:16 PM
Brilliant idea. Thanks
I tried my own advice on my computer tonight and lo and behold, there was not one single problem found. I cut and pasted the hijack results on their webpage and had their site double check and still a clean bill.
Mind you I haven't gotten the error at all today. (it was all on Monday) I'm kinda stumped. The stupid thing still tells me that I have a critical error and reboots me without prompting. Smit fraud here I come.

I swear if I have to reformat a 4th time, well, let's just say I may make the nightly news,.

I may just say screw it and buy Vista and a physical firewall. I really think my XP is corrupted. hmmmmmmm

Can't someone create a stable OS that Windows does not own?!?!?!?
I promise to even pay for it.

posted on Oct, 17 2007 @ 12:23 AM

Originally posted by shadow watcher
The stupid thing still tells me that I have a critical error and reboots me without prompting. Smit fraud here I come.

Thats probably a horse of a different color.
If you dont have any luck with smitfraudfix fixing the reboot issue, (I suspect you won't), You may want to read this article. It explains that XP changes standard settings so that instead of getting the blue screen of death, (BSOD), it reboots. This is usually caused by incorrect drivers, or corrupt software.

If you change the setting as explained in the article, next time there is a critical error, it won't automatically reboot, you'll get the BSOD instead. Thats helpful because it presents you with information that can help you track down the problem. You'll see something like this:

The information your looking for in the BSOD is called a stop error. It is usually presented in the following format type:

*** Stop: 0x000000050

You take that stop code for your particular stop error and search google to find out what it means. You'll find articles like this one that explain what that particular stop error means, and possible resolutions.

Best of luck

posted on Oct, 17 2007 @ 06:36 AM
I will give it a go. The blue screen of death is an old nemesis of mine.
I do not fear him. Thanks for the tip.

posted on Oct, 17 2007 @ 10:14 AM
reply to post by shadow watcher

There is a wealth of good information on this thread.

It has helped me tremendously, I hope others find and refer to this thread if they get *bugged* by these pests.

I ran the drsmitfixit but I didn't put it in safe mode and I didn't turn off system restore. I didn't know if it applied to that program. I am going to get rid of the yahoo junk and have already eliminated limeware. Then reboot.

While this was running the norton security blocked a security risk called downloader. Is it to be expected to see this a few times a day?

Another question. Would any of you familiar with the security options run Norton or one of the programs offered on the desmitrixit web page? Is Norton pretty good overall?

Thanks again to everyone who has offered ideas and very clear instructions. I couldn't have gotten this much helpful and free info anywhere else I know of.


Helpful people

posted on Oct, 20 2007 @ 11:00 PM
Interested, I just got one nagging one today!!
It's a dropper virus.

posted on Oct, 23 2007 @ 06:26 PM
I recently had a nasty vundo attack. Spybot S&D with ComboFix in safe mode cured everything, From the trojan (vundo) To the downloader (tiny.somethingorother) and the related .dll's

I know Combofix isnt for everyone, but im no expert and i managed to get it to work, and it worked wonders.

Just google the name and it should come up with a link to forum (major geeks or something) in that forum should be a link to the file

posted on Oct, 23 2007 @ 06:44 PM
How do you people get so much "infections"?

In almost 12 years of Internet use I never got a virus, key-logger, trojan, etc., and I do not keep myself only on the "light" side of the Internet.

I even once went to some sites just to see if I would get infected, but it didn't worked as it should.

new topics

<< 1    3 >>

log in