Jump to content
Sign in to follow this  
oyman

need help with this virus or worm

Recommended Posts

I downloaded a file for starcraft (still fun to play biggrin_o.gif ) and as luck would have it, it has somekind of virus or worm on it and now its on my computer. I noticed that sc started acting wierd so I closed it and ran norton antivirus and after about 10 seconds it closed itself, so I ran it again, it closed itself again. so I pressed ctrl+alt+del and a error message popped up saying "task manager is disabled by your admin" and i am the admin crazy_o.gif .If i open up any folder then it starts to lag pretty bad. I also noticed if I try to play any online games or try to update windows it blocks me from doing so. I downloaded AVG anti virus but that cant detect any virus on my computer, ad aware and spybot search and destroy detect some edited registry keys but I cant do anything about them since my access to regedit is also blocked (it says regedit is blocked by my admin again).

and I was wondering if any of knew what to do, or what virus type this is I have tried everything to get rid of it but nothing works crazy_o.gif

I think it has to do with lsass.exe

Share this post


Link to post
Share on other sites

that webpage didnt really help sad_o.gif

but i am checking out the microsoft site

site checked my computer for the sasser worms but none are on it

i found a little tool that allows me to enable the task manager and i can see some program that is flickering on and off and only shows up for about 1/4 of a second

Share this post


Link to post
Share on other sites

after staring at the task manager for the last ~15 minutes i was able to make out that the program that was flickering about, it is Winlogon.exe

Share this post


Link to post
Share on other sites

If your system is compromised you should run the check from another system. You could try to get an antivirus program for dos and boot from a clean dos bootdisk, or get one of the many linux cds and boot from them. There are av tools for linux that check windows systems for virus infections. There was one in a german magazine c't called Knoppicilin that fetched the newest av signatures after booting and offered 3 or 4 av tools to check your windows installation (there are not really any virus for linux worth mentioning wink_o.gif ).

Share this post


Link to post
Share on other sites

ok

panda anti virus cant find anything

norton antivirus cant find anything

AVG cant find anything

spybot S&D finds edited registry code it fixes it but the modified code keeps on coming back

Ad Aware does the same thing as spybot S&D

and hijackthis just makes a logfile

nothing detects anything and if it does, it fixes it but comes back

I was thinking if i should get firefox

Share this post


Link to post
Share on other sites
I was thinking if i should get firefox

Are you useing IE now? crazy_o.gif

Share this post


Link to post
Share on other sites

You were able to use the free online Pandasoftware activescan? Did you check the "search for trojans" box?

Sounds like you have a trojan (hides and keeps popping out)

Asides from the recommendations you have, I would also try Giant AntiSpyware

Share this post


Link to post
Share on other sites

What solved all of my worm and trojan problems was booting to safe mode with command prompt, and navigating to my McAfee folder and telling it to scan all files on my system (I think it was */* ?). I even killed the blasted kletz.h worm along with 6 others that refused to die otherwards.

Share this post


Link to post
Share on other sites

using the program enditall i was able to find a .exe called WinIogon.exe (that is a i) disgusing itself as Winlogon.exe, when i closed it norton anti virus stopped crashing biggrin_o.gif and when i opened a folder it stopped lagging like crazy. i think i almost killed this virus thingy

Share this post


Link to post
Share on other sites

the problems with these buggers nowadays is that they keep coming back since they can reinstall & rename themselves perpetually. take care to look for hidden new files in the Windows/system32/ folder, look for any weird new folders in Program Files, and manually delete those files in Safe Mode. I have Spybot running all the time now, which helps.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×