How do I rid my computer of virus?

When I boot up my son's Dell Dimension with XP, a security program pops up and indicates the computer has something like 49 viruses and worms, etc., and wants us to pay $49.95 to repair. One of the warnings indicates theres a virus which wants to send his credit card information.

 

I can close out the program, but am left with a blue screen; can't access the internet. I can go to his files on the hard drive, but that's about it, and the security program keeps popping up.

 

So we went out and purchased Internet Security 2010 yesterday, hoping to be able to boot up and scan from the CD drive, and the NIS 2010 would not not boot up; apparently the virus/worm will not allow anything to boot from the CD drive.

 

I was able to get to the dos prompt by pushing the f12 key, and had NIS 2010 perform a scan, which found 1 virus and fixed it.

 

The computer was doing the same thing, so I had NIS2010 scan again, but nothing was found.

 

How do I get this fixed? Can I download a fix on my computer to a CD, and try to have it scan his? OR, do I have to wipe the HD clean and reload everything (if so, will that get rid of the viruses/worms, etc?

 

Help

 

Thank you,.....marc

Hi Marc515, welcome to the Norton Community.

 

Please follow these instructions carefully, it sounds from the symptoms that there may be a rootkit infection, so best to check for that first.

 

Please run a SysProt log for us. You can download it from the link at the bottom of this page:

 

http://sites.google.com/site/sysprotantirootkit

 

You will need to download it on another computer and save it onto a USB stick so that you can run it on the infected computer. If you do not have a USB stick available, you may be able to get access to the CD Drive if you start in safe mode. To do that, reboot the computer and after you see the BIOS screen, continually hit F8 until you get the Windows startup menu and select 'Safe Mode'.

 

You will need to disable Norton auto-protect (if you managed to install it) while you run the scan.

 

Choose the Log tab and select all the items in the Write to log box. Then select Create Log to start scanning. When it is done, a message window will appear with the location of the log file.

Please post the log here using the "add attachments" link just below the orange post button.

 

Cheers,

 

Will.

 

 

 

Message Edited by metalhead82 on 25-10-2009 12:14 PM - added safe mode details.
Message Edited by metalhead82 on 25-10-2009 12:19 PM

Hi marc515,

 

Please try the following steps -

 

1. Go into Safe Mode with networking. (To do this, restart your PC, as soon as it begins to boot up start tapping on the F8 key. Eventually a screen will come up with a list of options. Highlight "Safe Mode with networking" and press <Enter>. When prompted press <Enter> again.

 

2. After you have logged on in Safe Mode, download Malwarebytes' Anti-Malware , update the definitions (important), then run a full system scan with it.

 

Remove any infections found and restart your PC again to get back into normal mode and see if the issue persists.

 

Let us know how you get on, thanks.


Hi, marc515,

 

Sorry to see you're having problems with your Norton 2010 Product/C.D.; it really is a great product, I hope you agree.

 

Please could you also run a SysProt Log for us, as this will enable us to see what's Running on your computer:

Download HiJackThis the third .exe (Executable) Version in the list, run it, creating a log.  If using Vista, Right-Click and "Run as Administrator".  You can Upload this to the Forum by using the "Add Attachments" button.  Please run a Log before and after you do a Full Scan with Malwarebytes' Anti-Malware, should you choose to do this.

Please do let us know how you get on, also.  Thanks.


johna wrote:

2. After you have logged on in Safe Mode, download Malwarebytes' Anti-Malware , update the definitions (important), then run a full system scan with it.


Please make sure you dis-connect from the Internet before doing Anti-Virus Scans as this may stop Threats from using Anti-Removal and Anti-Detection Techniques.  Also, please make sure you Run the Full Scan of at least Driver C: and D:.  You may also wish to try a Full System Scan with Norton in Safe Mode, as well as in the "Administrator" Account as well.

 

 

 

Message Edited by Floating_Red on 10-25-2009 02:56 PM

Are these programs berrter than " Microsoft Windows Malicious Software Removal Tool, KB890830"??

 

marc

Yes: they handle much more malicious software and a greater number of them.

Message Edited by dbrisendine on 10-25-2009 11:59 AM

Yes. Malwarebytes' is a good program, I'd advise you to run the scan with it as advised above.

 

 

 

Hi,

 

If you mean HiJackThis and SysProt Anti-Rootkit, then these are just Logging Tools that help us Detect Threats on your computer; if you mean Malwarebytes' Anti-Malware, then yes, it is.  The "Malcious Software Removal Tool" just checks your computer once for any of the Threats listed in the Help/More Details and lets you know if it finds anything.  I would recommend following these instructions, and let us know what you did and when.

 

Welcome to the Norton Community, also.

 

 

 

 

 

Marc515:

 

Could you tell us the name of the fake AV that is popping up?  There may be differences in how it affects your machine.

OK,.......HELP is really needed here....

 

I downloaded all the stuff you guys indicated to my computer; Then I transferred to my portable HD; Then I transferred to my son'r computer, and none of them will run; they try to startup, but end up doing nothing.

 

The pop's up are for: "Security Tool"

 

Some of the warnings are:

Windows-KB890830 -V3.0.exe is infected with LSAS.Blaster.Keylog

mbam-setup.tmp is infected with LSAS.Blaster.Keylog

 

I cannot even start in the safe mode, as I get a blue screen with a bunch of stuff which basically says there's a virus

 

What can I get that I can access from hitting the f12 key which will take me to a command prompt?

 

Thank you,....marc

Hi, I've used Norton products for years. But it sounds like you have one doozy of a problem. I know its the last thing most people want to do but if you not have any needed data that your son hasn't backed up, you might want to consider the cure all. Reformatting the hard drive. One positive thing is that you'll get a faster running computer. If you're running Win XP download SP3 from microsoft immediately after the reformat. Install it. Then get Norton Internet Security installed pronto before anything else. If you're running vista I don't know if you need a service pack or not before NIS will install. I just know on XP you need SP2 or better for NIS to even install.

 

This is just a last resort to think about if all else fails. I'd hate to see you spend $100 or more for a computer service to fix it. Oh by the way, you can pay for Symantec's premium support where a live person will help you work the problem out and they're cheaper than a computer place.

Either way, good luck! I've been there before myself.

Hi marc515,

 

Security Tool can cause a lot of issues while running but is usually not that hard to remove. Fake blue screens happen, but they should not load when in safe mode. And a real blue screen should not say anything about an infection. This suggests that you either have more than only the Security tool in the system or that you did not enter safe mode correctly (through the F8 key).

 

When you have the computer up and running, can you access the Task Manager? (CTRL+ALT+DELETE) If you can, locate a process with only numbers in the name. Should look something like 4566746894.exe. End that process. Try and run the tools again. If the Task Manager is blocked also we will have to try another way.

 

Is it really a command prompt you get by pressing F12 or is it the boot menu where you can choose which device to boot from? 

 

This link is to the removal description for Security Tool on Bleepingcomputer.

http://www.bleepingcomputer.com/virus-removal/remove-security-tool

 

Regards

jAW

I'm up and running thanks to all your excellend recommendations!!!!!!

 

I don't know if this is related, but after startup, I get the following message: c:\windows\system32\heheworda.dll

 

Anyway to fix that?

 

Thank you again for your assistance!!!

 

Best regards,......marc

CORRECTION:

 

I get the following error message upon startup: c:\windows\system32\hehewora.dll

 

I believe this is linked to some virus that I've cleaned up

 

Anyway to stop the error message?

 

Thank you again for your assistance!!!

 

Best regards,......marc

Problems are fixed!

 

Thank you again,.....marc

Hi marc515

If your question has been answered to your satisfaction then please mark the message that you believe contained the solution to your issue by using the green button beside it. This will mark the thread as Solved and others will know that it has been answered and can see the solution.

Thanks

bjm_