×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Help please

Help please

Help please

(OP)
Hi I seem to be getting a lot of viruses and spyware on my PC

I am quite good with computers

I use Mozilla browser, ad-aware, malwarebytes, spybot and norton antivirus. To help me with the virus and spyware etc. I am not browsing any dodgy sites

I am getting far too many problems. Could it be because someone might know my IP address can I change it etc?


My PC has just blown up – Every time I went on the internet I would get hijacked and it would take me to another fake site where it would run a fake scan. None of the above fixed it or picked anything up. I run AVG free antivirus scan under safe mode and it picked something up and deleted it but now my pc wont boot . I tired using a XP disc to repair but I don't know the administrator password!! Aaaahh any help guys?
 

RE: Help please

If you do not know the administrator password, and indeed you know it has no password, just hit enter and it will progress.

xit

RE: Help please

You can try to fix everything and such, but based on the issues you're having, I'd suggest this plan of attack:
  1. Unplug from the internet altogether for a little while, for doing part of this.
  2. If you have another computer, connect the hard drive(s) from this PC to the spare PC and get any data off that is important - if you have any important data on this machine.
  3. Stick the hard drive(s) back into the machine where you keep getting infected.
  4. Download dban from www.dban.org
  5. If your hard drive(s) is(are) SATA, not IDE, you may need to do the steps located in the FAQ about SATA drives here: http://www.washington.edu/uware/dban/faq.html
  6. If you cannot use DBAN to wipe the drives, then try another program (Ultimate BootCD has a few, and There are others - I know KimKomando.com has at least one or two windows apps for such listed on her site, but I don't remember the exact applications off hand.
  7. If you can't seem to get anything to work, the least you can do is delete any partitions on each drive, and recreate different partitions - in other words, don't just format the drive, but customize the partitions.  You can do this in Windows setup.
  8. Reinstall Windows on the previously infected system.  Be sure to delete the old partitions, create new partitions, and format before install.
  9. If you don't have a fire-walled router, I suggest you buy one - if you were already using more than one PC on the internet at home, then my guess is you do, unless you were just swapping wires. wink
  10. On your router, I'd suggest making sure you have set it up correctly for security reasons.  If you end up needing help, you can post to a networking forum, I suppose.  Basically, make sure you have the password set to something other than the default, and then just basic other things - you can check with the manufacturer's website for detailed instructions for each router.  Also, you may want to look at changing your DNS settings to something else, such as the OpenDNS servers - see www.opendns.org for info.  Also while you're in your router (if you already have one), it may not be a bad idea to check the log files, if they were enabled.
  11. If possible, before connecting to the Internet with that PC, go ahead and make sure you have Windows updated to the latest Service Pack available (SP3 for XP or SP2 for Vista).
  12. Also, if possible, download your security apps from a different PC, and install them to that PC before connecting to the internet.
  13. Check the logs in the router after you've been connected for a little while.  Look for anything you think may be the slightest bit suspicious.  If you see one IP address quite often, more than the others, or a particular security log, make sure you are fully aware of what each is.
  14. Another piece - you may want to do this one first - if your external IP address (from your Internet provider) is static, you may want to request they change your IP.
Here are my personal software recommendations, especially since you're having so many issues, it seems:

Antivirus - You could install more than one, but it is not recommended, unless you take the time to turn off the active protection of one of them, leaving the active protection of the other enabled.  If you want to buy an AV product, Nod32 AV seems to get good reviews.  Otherwise, I'd install AVG, AntiVir, or Avast! from www.download.com.  They're all free, and very good.

Firewall - I HIGHLY suggest you install a software firewall.  My personal favorite right now is Online Armor by Telemu, also available at www.download.com.  Or if you prefer, you can install Comodo Internet Security.  Both are very strong and user friendly.

Antispyware/Antimalware - I suggest all of these:
SpywareBlaster
SuperAntispyware
MalwareBytes AntiMalware
Windows Defender (if you have Windows XP, you'll have to download it separate - it's installed by default on Vista)
You can still keep Ad-Aware and Spybot if you wish, but I don't think they're near as effective, and they use too many resources currently - my opinion.

Once you DO get back on the web, keep a close eye on things for anything suspicious.  I'd run scans as often as possible from different applications - not at the same time, of course.  And as stated earlier, check the logs in your router on a regular basis - of course, if they are not already enabled, be sure to enable logs on your router ASAP.

Make sure that none of the network connection settings are being hijacked on your PC - your hosts file, the DNS settings, proxy settings, etc.

Post back here with any detailed questions, of course.

--

"If to err is human, then I must be some kind of human!" -Me

RE: Help please

Oh, another thought:  Setup one Administrator account, with a login and password in Windows; and then set your main account as a user level account.  That helps with some malware/viruses, b/c it is more difficult to install things and make system settings changes from a user-level account.

--

"If to err is human, then I must be some kind of human!" -Me

RE: Help please

(OP)
Great thanks for the advice kjv1611 I really appreciate it. It has really helped

Today I have slaved my hard drive and backed up the data I need. Wiped the disk and used to restore CD to rebuilt the OS

I have run windows update (service pack 3)
Installed AVG (anti virus)
Installed spybot, ad-aware, malwarebytes, windows defender (spyware)
Zone alarm (firewall)


Is this ok any problems with the above? Is zone alarm ok or shall I use a better one? I would like one that is easy to use. Spyware and ad-adaware are on manual scans so they don't use to much resource

I will check my router stuff in the next couple of days

I am also using firefox mozzila which should stop some stuff.

Is it worth making my LMhost file ready only?

the user lever account is a good idea thanks
 

RE: Help please

If Sophos AR is better than GMER, I doubt it, but it is easier to use for the casual user...

ZA is ok, though I prefer Comodo Personal Firewall, free and ranks as one of the best...

good choice on using FireFox as browser and AVG as the AV...

I would also suggest, like KJV1611 mentioned, DL and install JavaCool's SpywareBlaster, and innoculate the system in addition to the one build into Spybot S&D...




 

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

RE: Help please

Regarding Zone Alarm.  I agree with BigBadBen.  It's okay, but in my opinion, why settle for that, when you can have one far better, either in Comodo Internet Security or Online Armor.  According to some tests I read (can't remember for sure the reference), Comodo Internet Security was #1 or #2 out of all tested firewall apps, and Comodo Firewall (sounds confusing, I know, but it just lacks a few features) ranked further down the list.  Online Armor ranked just behind Comodo Internet Security.

If you download either Comodo or Online Armor, I suggest turning off any Program Guard type features during any install of a new program.  Other wise, you'll be clicking "Allow" and related until you're dreaming of Allow buttons in your sleep! bigglasses

Comodo Internet Security:
http://download.cnet.com/Comodo-Internet-Security/3000-10435_4-10460704.html?tag=mncol

Online Armor:
http://download.cnet.com/Online-Armor-Personal-Firewall/3000-10435_4-10426782.html?tag=mncol

--

"If to err is human, then I must be some kind of human!" -Me

RE: Help please

(OP)
thanks I will give Comodo Internet Security a go

I have setup my main account as a user level account. Can I run the spyware scans/virus scans under this account or will I have to run it under the admin account. I don't know if it will have the rights to remove the threats!!
 

RE: Help please

I'm not 100% sure, myself, off hand.  I believe that at least SOME of the programs have the ability built-in to remove threats whether you're an admin level or not.  I'm not 100% sure, but I am pretty sure.

--

"If to err is human, then I must be some kind of human!" -Me

RE: Help please

That makes sense kjv1611, if the virus had the ability to install itself without admin rights, MalwareBytes should be able to remove it without admin rights.

David.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close