I was at a site looking up reviews of Zyrtec vs. Claritin (for allergies) and a popup started stating that a virus had been detected on my machine and I should click to start a scan. This program apparently loaded into the taskbar and gave what looked like a Windows Security message, stating that I needed to run a security scan immediately. I tried to run a scan from Norton but it wouldn't run--the UI was greyed out and the messages just kept coming. Last message I noted was "Application cannot be executed wmiadap.exe is infected. Do you want to activate antivirus software now?"
I know that this was not a Windows Secuity alert as the grammar was messed up--the first message out of the system tray was something like "Do you want scan you computer?"
So, I turned the computer off and unplugged the DSL. Turned it on and tried to run Norton and all the same messages popup and Norton won't run. What do I do now? I think I need a rescue disk to run Norton and pull this virus/trojan off, chich I can do from my son's computer (running the same Norton IS 2009).
Please advise--the computer is currently turned off but the DSL is hooked up (so I can send this to you).
Oh, and I was running Norton IS 2009 at the time with all the normal default settings, but whatever this was got through anyhow. I wish I could give you the web address, but that would likely just infect this computer.
I just did a quick lookup on Google--I think the site I was at was[Removed] I was reading reviews at the time and then got the popups--I don't think I clicked on anything on the page.
No I don't--it popped up so fast that I couldn't get it. It loaded into the taskbar and kept popping up messages that I should click it to run a scan. I can turn on the computer and rerun it to try to get the name--I just thought it might be better to leave it shut off.
Thanks for answering--let me know what I should do---
Can you get to safe mode? If you can boot to safe mode and try to run System Restore. Restore to a time before you encountered the malware, sometimes this works provided the malware has not corrupted your restore points or disabled System Restore. Worth a try.
How do I get into safe mode? The computer is Windows VIsta. And would a restore erase all my data (I have documents and photos I need to save if possible.)
My son's computer is running Windows XP--my computer (the infected one) is running Vista. I've been searching for info on how to get a Vista machine in safe mode--do I do it by pressing F8 at bootup?
And once I get it in safe mode, do I do a system restore first, or run a scan with Norton (or with SuperAntiSpyware)?
Sorry--it is late and my brain isn't working as it should--
Reboot the pc, when it starts tap the F8 key repeatedly until you see the boot options menu. Using the arrow keys select Safe Mode and press enter. Dont panic if your desktop looks different in safe mode, this is normal. System Restore will not affect your photos or documents, it restores the registry to the way it was on the date you select to restore to. System Recovery is the one that erases photos and documents. Just click start and type system restore in the search box, system restore will appear at the top, click on it and when it opens if you click next you will see a list of dates and times that you can restore to, choose the one you want and click next, in the next screen when you click finish your PC will be restored to that date and time. If you dont feel comfortable doing it then do as bjm_ suggested and read the windows documentation and tutorials regarding safe mode and system restore.
No, I feel comfortable with your directions--thanks! But one more question--will the system restore wipe out the antivirus malware, or do I need to do that also after the restore? And how should I do that? (Just want to know what the next step is should this work--)
If system restore is able to complete then hopefully the malware will be gone from the registry and Norton will be functional again, but if the malware has managed to corrupt system restore then the restore operation will fail, at that point we can try something else.
edit ~ Sorry, I did not realize you were mid instructions from Turbo... thanks Turbo!
The info you found should be close enough for your Vista..
The issue is that sometimes until one knows what one has it's best to do nothing...just a restart may set the nasty more. But, as you already turned off the Vista...my option would be the SAS portable scanner. It's a DOS application so it should run on your Vista...you don't install it...look this up http://www.superantispyware.com/portablescanner.html on your sons XP and read the instructions....
Disconnect from your DSL and then power up Vista...
If you can run the scanner...maybe ? Untill we see the scan results...we're dealing with speculation...
Not even sure it will scan
If you opt for Safe Mode try a Norton Scan ...maybe from Safe Mode it will run....
System Restore to an earlier time before this event may help ...but, also an unknown at this point
No problem--thanks to bjm and Turbo for all your help. This has been a nasty day...
I will try the safe mode and system restore when I boot up the system later this morning (I'm likely to mess it up this late--it's early morning here). If that works (hopefully the virus will be GONE) but then I will try to run Norton IS and SuperAntiSpyware (I already downloaded it to my son's PC).
Is that all in the right order? Or should I just try the SASpyware scanner first, before the safe mode and restore? (
I sure hope you folks will be around tomorrow (or later this morning, I should say). Let me know if I missed anything--
The system restore is optional, I just suggested it because its what I would do. You could boot into safe mode and try to remove the malware with SAS and NIS and skip the system restore, its up to you. Whatever you decide, after you boot back into regular Windows you should run a full scan with the free version of Malwarebytes, you can download it here:
FileHippo Just click on the green and white download button at the top right of the screen, dont forget to update it before the scan.
Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems.
Your info is most telling...you wrote: Last message I noted was "Application cannot be executed wmiadap.exe is infected. Do you want to activate antivirus software now?"
I know that this was not a Windows Secuity alert as the grammar was messed up--the first message out of the system tray was something like "Do you want scan you computer?"
wmiadap.exe is an essential part of Windows and required for Windows to work properly.
Some malware camouflage themselves as wmiadap.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.
Odd are your Vista picked up a nasty.
This thread will get more help by morning ...so, if you can sleep on it and review the thread on the morrow.
bjm_
@ Turbo ...I type too slow ... Thanks for your help. My inclination would be to try to clean the malware.....but, what I know about malware would easily fit on the head of pin ...Sys Restore IDK..just never saw it as a fix for malware....Hope I'm wrong!
System Restore will allow you to restore your system's configuration to a previous state. In some cases that means that viruses or spyware will be "undone" as part of the process. But system restore does not remove infected files from your system, and you can quickly get infected again. It also does nothing to prevent new threats from arriving.
System restore is intended for recovery from recent changes to your system. For example, if you do install a new driver or software package that somehow causes your system to misbehave, you can use System restore to "undo" most of the changes and return to a prior state. That's actually why most setup programs now cause a restore point to be taken prior to starting: so that in the case of failure or some other unexpected event, you'll always have that restore point to go back to.
The intent is that they be used to recover from something that happened recently - as in within a day or two. Restore points are often kept for longer periods of time, but the problem is that so much is constantly changing on your system that rolling back to a significantly older restore point can also have unexpected side effects as more changes are undone that you might expect.
This is my opinion only, but I don't think that system restore is the best way to get rid of malware. After the cleaning process is done, then people should get rid of the recent restore points because the malware will still be there. After the machine is cleaned up and all is working ok, then a new restore point can be made.
