Computer Viruses, Worms, and Tracking Cookies Gone Mad!

View previous topic View next topic Go down

Computer Viruses, Worms, and Tracking Cookies Gone Mad!

Post by kenblack on Mon Sep 07, 2009 9:00 pm

Hi,

I want to thank you in advance for taking the time to review this. Keep it short is best. But I found a lot of information after a lot of research that talks about what I am experiencing. This is huge and I am hoping that someone on your staff can help me. I will send more information upon reply.

I have been dealing with some viruses for about 6 months now not realizing how advanced these attacks have become. I've had PC's since 1992 and fortunately I have been lucky until now. I have a laptop computer I had some problems with shortly after purchasing it. I had it repaired. After a week or so the laptop was doing things I could not explain or understand. I then realized that the computer tech failed to load my Anti-Virus Program which I did not realize. I loaded the software and deleted some viruses and it worked fine for a while until I realized that the occasional problems I was experiencing must of been coming from someone hacking my computer while on the internet. The problems where occasional so it took me awhile to realize. Then one day while working on some files they were being deleted and put into the recycle bin. I recovered the the files and they would get deleted again. This went on a few times. I unplugged the computer from the internet. Days later while not connected the internet I experienced some keys on the keyboard not working sometimes. Different letters being typed and then typing letters without me touching the keys while still not not connected to the internet. Hard to explain when it happens periodically. Later during start-up an error beeping sound would start and the transfer files window would open then writing would start as if you had one finger holding down a letter fffffffffff... and other times qqqqqqqqqqqqqq. and the last I seen was ///////////////. Once I hit the space bar a few times it would stop making noise. But when clicking the exit button it would exit and immediately pop back up. This was happening while not being connected to the internet. I ran different security programs but it didn't solve the problem. So I reformatted the hard drive. Within a half an hour it started doing it again. This time I reformatted and loaded windows without connecting to the internet or the external hard drive. Again I had problems only this time it was different. At reboot the transfer files window would pop up with the same beeping sound and writing by itself until pressing the space bar a few times. After awhile the problems above would pass and other problems would appear. I would not connect to the internet very much at all maybe a couple times in a month to do updates. These problems would eventually pass and a new problem would happen.

I finally had enough, I have been working at solving this matter for about a week now. I apologize for taking space on your web sight so long I had been fighting the virus war for two days without sleep. I was so exhausted I fell asleep.

When I started to investigate how to rid this problem the following is where I started:

When I booted my computer the search companion window would pop up. When I exit the program it would start again. When I tried to execute a program from the desktop it would allow me to select the last icon on the screen. Multiple searches pop up as well. When using the start menu I could not select a program because another search would appear. After running a virus scan the search program would stop.

I had ran numerous scans with Norton Antivirus, SpyDoctor, Malibytes without detection then I saw a suggestion to try AVZ Antiviral Toolkit. I did try this and it detected a
Trojan-Downloader.Bagle Immediately after Norton Antivirus detected and removed a W32.Almanahe.B!inf, W32.SillyFDC, W32.Sality.AE, and Packed Generic viruses. Somehow, I believe the W32.Almanahe B worm was still on my computer after reboot because it was found on the C:/ drive and the virus that caused the search window to start was still affecting the computer after windows installation and before I plugged in my external drive and the internet. The other viruses were found on my external drive. Finally a break through and it got rid of the problems.

I thought all was well so I installed the remaining Window Updates needed and then started to update new drivers from HP; Broadcom Wireless Lan Driver, Broadcom Wireless Lan Utility Driver and Touch Pad Driver. These were execution files which started to install but I'm not sure because the programs were running in the background. I could not see them as programs running in the Task Manager but I could see that the program was still processing by looking at the Task Manager but no window popped up at the end stating the program installed successfully or finished installing.

I rebooted the computer and the virus I had gotten rid of several months before returned. I have since learned that this virus or viruses are effecting more than I had previously thought. When Windows starts there's the continuous error beeping sound. Sound stops after pressing the space bar. Then the transfer files window pops up and before I could react the continuous string of letters would begin typing in the space provided to transfer files. It would continue to type until I hit the space bar a couple of times to cause it to stop. I then close the window and this problem would disappear until I reboot again. This time the viruses also seem to have control of my laptop keyboard as well. If I begin to type, either nothing happens or the wrong letters or numbers will type instead. I had unplugged the internet when this was happening so I don't think this is coming from an outside source. I have a wireless keyboard and mouse attached which work fine.

When I rebooted another thing happened. My desktop monitor that is plugged into the laptop didn't get a signal from the laptop so it will not work until I can fix this problem because the buttons allow it to synchronize. I tried to use the Control Panel Display but I only got dual screen.

After unplugging the internet I restarted the computer in Safe mode. Executed a full virus scan using Norton Anti Virus but it found no viruses. I then attempted to disable system restore but apparently the virus has changed the settings to Group Policy will not allow me to disable system restore. I then attempted to change the Group Policy which became difficult because the Group Policy was erased or I could find it or find a list of actions to edit.

Realizing now that my external hard drive must have viruses and that my new desktop computer, I bought after experiencing all the problems with my laptop, might be infected. I began deleting unnecessary files with Ace Utilities File Shredder. This is when my nightmare really started to begin. I noticed that on this external drive were many files I did not put on the drive. After checking and deleting every suspicious file and comparing them to my hard drive I started to realize that everything I was doing was being copied to the recycle bin protected by Norton Anti-Virus also change logs were being written and copies of the smaller icon files I deleted from the external drive were now copied on the hard drive. I ran multiple scans for .exe, .ini, .bin, .jpj, and .inf files to delete all suspicious and unnecessary files. Once I was confident I deleted as much as I could from the external drive I ran multiple virus scans and again file scans and then unplugged it from my computer. The one problem I had is I could not erase every the following: E:\System Volume Information\_restore{2573F21A-17D4-4B47-BDCB-FAE2CC0FA0A4}\RP29\change.log. It would not let me no matter what I tried. There was not much writing on the log but I suppose it could of had some encryption I did not see.

I also noticed that in the Norton Anti-Virus history file that my desktop was attacked by the same viruses listed above a few times in the past couple of months but were blocked and deleted. Norton also blocked a few files with viruses I attempted to download or load from CD in the past. The only problems I experienced with my desk top computer was that many games and some other programs would not work on this computer. Sometimes I would get errors while playing a play which would then shut down. What I learned a few weeks ago was that if I turned off PC Tools Fire Wall Plus most of the games that would not work would now work. I realize now what a big mistake this was. A couple of weeks ago I used my computer to call Microsoft for reactivation of Windows using Skype. A few days later my sub-woofer was no longer working. When I tried to make changes to Realtek Audio Manager I could not. I only realized my computer was infected with viruses 2 days ago and the problems I mentioned likely had something to do with these virus attacks. Here's why I think so:

I discovered many duplicate files being created on my hard drive. My hard drive was partitioned so files were being copied from one drive to another. Everything I would do was monitored I discovered. Honestly I have no idea how long but I built the computer in May. When I delete or add files a record was being created utilizing other programs as cover. I know this for sure because I have spent many hours tracking, reviewing and writing down things I discovered. I guess the Microsoft certification in 1996 is helpful. During scans a few viruses and tracking cookies were revealed. I have traced where and how this is happening but I don't know why. This is not just a virus it's sabotage. I am getting very paranoid because of what I have discovered. I need help but I also need to ensure I can trust that I am talking with someone that can truly help and I can trust. Thank you

kenblack
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-09-07
OS OS : windows xp
Points Points : 26453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Viruses, Worms, and Tracking Cookies Gone Mad!

Post by Belahzur on Mon Sep 07, 2009 9:08 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum