Virus or Backdoor Problem

[moochtastic]

Firstly I have posted this in a number of places and so far havent had advice that I could follow without losing my files, so please bear that in mind.

I have had some strange things happening latley when I use internet explorer, my home page gets changed to a site that just shows advertising, (I keep setting it to http://www.bbc.co.uk but it wont stay that way). On top of that my PC (not the fastest at the best of times) is slowing to a crawl when I start it on, and sometimes doesnt even turn off. I have tried to use my installed norton anti virus, (which is up to date) to scan my computer but it doesnt seem to work. I have also tried to use one from Trend Micro that is online (http://www.housecall.trendmicro.com) and that doesnt work either.

A Colleague told me that I may have a virus or a back door installed and said I should check what ports I have open.... Atfter some confusion I have checked at http://www.ictsc.com/portscanner.htm and it has told me that I have ports 25, 666, 1976 and 8080 open. for details see: http://www.ictsc.com/IP_Port25.htm, http://www.ictsc.com/IP_Port666.htm, http://www.ictsc.com/IP_Port1976.htm and http://www.ictsc.com/IP_Port8080.htm. I followed some of the links on the bottom of those pages but they were of no use. Im not sure what to do with this information.

So, I think I have a virus or a back door, and I need to know how to get rid of it, I have lots of work stuff, photographs and some music stored on my computer and no easy way of taking them off, so deleting it and starting again isnt really an option. Also I need my computer for work, I do my banking and pay bills online, so I think I need to do something about this quick.

Does anyone have any advice? I spoke to pcworld (http:/www.pcworld.co.uk) but they just seem to want me to buy a diferent antivirus or to send my computer in to them, and if it infected they say they have to delete all my programs and files and make a clean windows program.

Can anyone Help?

[WolfeTone]

What model PC do you have Dell/HP etc?

You need to boot up in "Safe Mode" - use google and search for "How to boot my Dell PC in safemode" (Substitute your actual machine for Dell)

Install a fresh copy of Norton AV in safemode and scan.

Download hijackthis and post the results.

[nihil]

You don't say what operating system but I would guess Windows XP.

You should have a brief option to select boot method (F8) if not just keep tapping the F8 key. At the boot options select "safe mode with network support"

I doubt if Norton will find any problems if it hasn't already so try:

Spybot Search & Destroy
AdAware SE

Download them, install them, update them and run them in safe mode. Before running them. Disconnect from the internet and temporarily deactivate your Norton.

[Start Spybot in "advanced" mode. Immunise your machine. Use the "tools" to look at the various items installed on your machine. Make a note of anything that looks suspicious and fix the items flagged in red]

Please let us know what happens.

Forget PC World............... I used to work for their owners

[WolfeTone]

Forget PC World............... I used to work for their owners

WHAT.....

[t34b4g5]

Not much more to add really Nihil has pretty much said everthing that i would of said.

Maybe also download CCleaner, { http://www.ccleaner.com }and give that a run, it will clean most of the crap collected from the internet etc from your hard drive.

Also get yourself sysinternals pagefile defrag, { http://www.microsoft.com/technet/sys...ageDefrag.mspx } get that setup and give your pagefile a good defrag

Also before running the spybot adaware scans, make sure to delete all restore points, then restart back into safemode then do the scans how Nihil suggested, as if you do have a virus etc then there's no use doing all that as it will just reload each time from a restore point.

Then once everything is sorted turn the system restore function back to on and create a fresh restore point..

[Ouroboros]

Turn off 'System Restore', reboot into safe-mode, and follow nihil's instruction. I have a feeling that your Restore points are infected/corrupted.

O