Computer Experts: Virus Advice Please....

[mtblujeans]

I was checking out a web site when a pop-up appeared for about 2 seconds and then I had some funny stuff happen on my computer! I ran my virus detector (Norton 2005) and my Ad-aware and deleted what they found. Then, I unchecked "hide files" and did a search for the name of what downloaded (it was GAIN, whatever that is) and deleted that. I thought I got it all but my IE is still not acting right.

I was not happy with the web site, of course, and I emailed them and asked if they were downloading spyware into computers of viewers automatically and I got this response:

"Your computer seems to be infected with a virus which has effected your registry. This may have occurred while visiting a particular site and having downloaded a file or application (this may have been unintentional). You can clean your system using the following applications which can be obtained for free on the internet.

- HouseCall from http://Housecall.TrendMicro.com/
- Adware6 from http://www.lavasoftusa.com/


You should then perform the following:


1. Click Start, and click Run. The Run dialog box appears.

2. Type regedit and then click OK. The Registry Editor opens.

3. Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MainDelete any value

4. In the right pane look for the following values:

Start Page
Search Page
Default_Page_URL
Default_Search_URL

5. For each one that you find, double-click the value. The Edit String dialog box appears.

6. If the text in the Value data box points to a suspicious Web page, then delete all of the text in the Value data box

7. Click OK. (It is not necessary to enter anything in the box.)

8. After you have done this for all of the values mentioned in step 4, click Registry, and click Exit."

Does this advice seem right to those of you who have the experience and knowledge to handle these types of situations? I certainly don't trust them after they put this stuff in my computer to begin with!! TIA!!

 

[Dan Murphy]

Try running.............

http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

 

[chadfromdallas]

I was checking out a web site when a pop-up appeared for about 2 seconds and then I had some funny stuff happen on my computer! I ran my virus detector (Norton 2005) and my Ad-aware and deleted what they found. Then, I unchecked "hide files" and did a search for the name of what downloaded (it was GAIN, whatever that is) and deleted that. I thought I got it all but my IE is still not acting right.

I was not happy with the web site, of course, and I emailed them and asked if they were downloading spyware into computers of viewers automatically and I got this response:

"Your computer seems to be infected with a virus which has effected your registry. This may have occurred while visiting a particular site and having downloaded a file or application (this may have been unintentional). You can clean your system using the following applications which can be obtained for free on the internet.

- HouseCall from http://Housecall.TrendMicro.com/
- Adware6 from http://www.lavasoftusa.com/


You should then perform the following:


1. Click Start, and click Run. The Run dialog box appears.

2. Type regedit and then click OK. The Registry Editor opens.

3. Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MainDelete any value

4. In the right pane look for the following values:

Start Page
Search Page
Default_Page_URL
Default_Search_URL

5. For each one that you find, double-click the value. The Edit String dialog box appears.

6. If the text in the Value data box points to a suspicious Web page, then delete all of the text in the Value data box

7. Click OK. (It is not necessary to enter anything in the box.)

8. After you have done this for all of the values mentioned in step 4, click Registry, and click Exit."

Does this advice seem right to those of you who have the experience and knowledge to handle these types of situations? I certainly don't trust them after they put this stuff in my computer to begin with!! TIA!!

Yup, go ahead with it. Also, if something is screwing with Internet Explorer, go to Tools-->manage add ons, and disable all the funny stuff you don't recognize

 

[aengus]

agreed theres nothing bad in their descriptions of what to do, and Chad is right go look at the manage add on sections and disable anything that you dont recognize. Heh, bet you will be suprised with how many "add ons" you have.

 

[lynetteSC]

ok, call me clueless ... i clicked on tools and mine doesn't give me the option to manage add ons. is there another name maybe? or a different way to access it? thanks!

 

[chadfromdallas]

ok, call me clueless ... i clicked on tools and mine doesn't give me the option to manage add ons. is there another name maybe? or a different way to access it? thanks!

Are you running Windows XP with sp2? If not...you should be

 

[lynetteSC]

i know we have xp ... but what is s2? sorry ... computer ignorant here

 

[mtblujeans]

sp2 might be the latest security download you can get free from the Microsoft site?

I did all of the steps but there was no 'Default_Page_URL' or 'Default_Search_URL' from Step 4 in my computer.

THANKS EVERYBODY!! I am sure glad you guys are out there to help us inexperienced computer users that get ourselves in trouble!!

 

[chadfromdallas]

sp2 might be the latest security download you can get free from the Microsoft site?

Yes

 

[mtblujeans]

GOSH * this thing has 9 lives! I can't get rid of it. I had checked my computer with Ad-Aware and my virus detector (Norton SystemWorks 2005) and "un-hid" all of the folders and did a search for anything relating to GAIN and thought I had gotten it all. But, I am still having trouble with my computer. Today, I updated both Ad-Aware and Norton and searched again and they both came up with more stuff.

They both pointed me in the direction of 2 folders in Program Files/Common Files that had things in them that were suspicious: folders named CMEII and GMT. So, I sent the folders to the recycle folder, restarted the computer, and ran a scan with each of them again. They both showed the problems gone except for 2 items that I can't tell where they are. I have been trying to get Ad-Aware to delete them all day today but it gets half way through the deletion and then just sits there.

DS has XP and I checked in his computer and these 2 folders (CMEII AND GMT) don't exist in his Program Files/Common Files so I am thinking it may be OK to delete them from the recycle bin.

Has anyone else had an experience such as this?

 

[Lil_Tink]

I dunno..but we got something like this..my dad had to delete everything then re add it..But I wouldnt trust me because I have no idea waht im doin

 

[Straycat]

Have you tried a system restore back to a few days b4 you went to that bad website?

 

[mtblujeans]

I have never done a system back up on this one. I was thinking of re-installing everything anyway. I need to open my machine and blow it out and I want to add more memory. I did buy an external hard drive to back up my hard drive before I start re-installing everything 'cause I don't really know what I am doing, either. But I hate to back it up with a virus, or whatever this is, now. Do you think it needs to come to that.....starting over?

ETA: I did a system back up on my laptop and DH used a damaged floppy in it so I had alot of trouble with some of the programs. When I tried to restore, it said it could not restore completely because the virus detector was not properly backed up. Are you supposed to pause or turn off the virus dectector before you system back up? Thanks!

 

[Dan Murphy]

Did this http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm find anything?

 

[mtblujeans]

Did this http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm find anything?

Thanks, I'll give it a try....

 

[Straycat]

If you are running WinXp or even WinMe, then restore points (backups) are automatic, and "should" be able to get you back to the point before the virus infected your computer. Should being the important word there, viruses arent always cooperative.

If you want to try it, then click start, help and support.
Then type 'system restore wizard' into the search box or just click the "Undo harmful or unintended changes to your system" link on the first page if its there.

run the system restore wizard to one of the dates that are in bold (restore points) that occurred b4 the date you got the virus.. It should restore you back and knock on wood, all should be like you never went to the site... you can always undo the restore you just performed by following the same steps.

If you choose to do a full reformat on your computer to make it like brand new, make sure you save everything important to hard files b4 you this. Email addresses, favorite places, most importantly, digital pictures or if you are like me, mp3s.. use your restore discs that came with your computer (make sure u have them all) and if you have added anything to the comp since you bought it (ie. new graphics card), then the software for that as well...

I would try the system restore before the reformat as the reformat is a BIG commitment.. You lose alot with a complete reformat, everything but everything has to be reinstalled, its like you just pulled the computer out of the box.

 

[Imzadi]

Try visiting this forum, the guys are experts there, or downloading the spyware programs they listed.
No one spyware program is able to get everything.

http://www.fatwallet.com/t/28/299439/

 

[mtblujeans]

I downloaded the Panda program and scanned my computer. It says I have 11 items showing as virus and 3 items showing as suspicious and it cannot remove them!

So, now I'll take a look at Imzadi's suggestion....

 

[Dan Murphy]

Does it say what the 3 are? Did you remove the 11?

 

[scoutsmom99]

Also check out this board:
http://forums.spywareinfo.com/index.php?act=idx

The people on here are very helpful when it come to getting stuff off computers. I got the link from someone here on the dis.