October 9th, 2003, 12:36 AM
Virus Question Please Help!
I have this problem I usually surf the net at school from behind a firewall, well the other day i was looking at something at home when a window from my Symtec Antivirus pops up saying they found a virus and could not delete or quarentine it. When i got back to school i ran a scan on my computer and it could not find anything, but when i looked at the history it found the above mentioned virus but it said it could not be cleaned because the files have been moved or deleted, the computer it is located on is turned off, or it is in an e-mail message. Its not in an e-mail because i wasnt doing anything with e-mail when it popped up i was going into a web page. Now im not sure if its still on my system or not, I was browsing the web today and clicked a link and like 30 pages popped up in Internet Explorer and I thought that may be because of the virus and plus now when i try to scan my comp it says it cant because of an error. Does anyone know what is happening to my computer or any ways of fixing it??
P.S. I also installed spyhunter and found all kinds of spyware popups and stuff like that, could that be part of the problem??
Thanks for any help
October 9th, 2003, 12:47 AM
I would boot into safe mode, update your AV and run it..............check what processes are running first, and kill anything you don't recognise beforehand.
Some of the more recent ones will attack your AV/firewall and disable it; safe mode stops some of them loading, so is worth a try?
October 9th, 2003, 12:59 AM
It was probably one of the Java exploits and was dropped on your local copy of the profile. These usually generate that kind of response from the AV software. If you profile was deleted as part of your logoff, that may explain why it couldn't find it later. I see that a lot with our student roaming profiles.
In any case, turn off System Restore, then use your AV to scan the system and clean out any infection. If you log to a server, and your profile is stored there, you will need to have that location scanned, as well, since the "cookie" with the exploit was likely placed there.
October 14th, 2003, 04:36 PM
What OS are you running? If you are running win ME or 9x it may not be possible to kill the process with just ctrl+alt+del. Win 9x platforms don't show all the active processes, only a few. (The important ones are hidden) To get full access to all processes search on the net for "windows process kill programs" or equivalent. Then download one that looks safe. This should display all processes. Now kill the suspicious processes. (NEVER kill explorer or systray. Do this at your own risk.)
\"The wise programmer is told about Tao and follows it. The average programmer is told about Tao and searches for it. The foolish programmer is told about Tao and laughs at it.
If it were not for laughter, there would be no Tao.\"