| 0 |
Subject: I got something bad
Posted by: Khahan
- [373143013] Wed, Feb 09, 2011, 09:19
Was trying to look up info on a world of warcraft encounter last night. Theres a new expansion and info is limited at the sites I normally use and trust. So I had to branch out. Bad idea. I need help. Came down this morning, turned on my monitor:
1. All my icons gone from my desktop
2. Programs I don't recognize in my start menu: (magnifier, sticky notes, snipping tools are how they are listed. They are in the start up menu 'recently used programs section.).
3. Avast is disabled. When I try to enable it, I get the following message: The Following components could not be started. Mailshield, IM shield, P2P Shield, Filessystem Shield, WebShield, Behavior Shield, Network Shield. I also had a message saying my registration key is expired...but its not. Its a 3 year key and the comp is only 1 year old.
4. I was able to access the scan component of avast and start one, But after 10 mins it was still 0% even though it appeared to be scrolling thru my files
5. I use Mozilla/Firefox. It was gone from my desktop and start menu. I had to do a search thru the start menu to find it and start it. When I did it, it had been wiped clean. History gone, favorites gone, start page gone.
Its almost as if my computer reset itself. But those files are there. Since I discovered this I haven't restarted it. I haven't downloaded anything. I haven't run anything (except for the attempt at avast and I did set up mcafee to run...hey it came free with the comp last year). No results from McAfee back yet. Basically hit, "run" and left for work.
Also, any advice would be great. I know I need to get in touch with avast for some help. I tried doing a google search for some of the processes I didn't recognize in the task manager. But tbh, I didn't recognize the names of any of the sites that came up so i didn't really look at much this morning. Can anybody recommend some good tech support sites or forums? |
| 1 | Perm Dude
ID: 5510572522
Wed, Feb 09, 2011, 09:50
|
This page might be of some help to you.
Did you update avast & McAfee? I'd use the tips in the link, update everything, then run full scans.
|
| 2 | Mith
ID: 4010542612
Wed, Feb 09, 2011, 10:13
|
I think magnifier, sticky notes and snipping tools are part of windows 7.
My approach when malware disables virus protection is to start in safe mode, open the task manager and google every property that doesnt look familiar. If you can locate the problem that way, further googling will usually lead to a solution. Failing that, there's windows' system restore function.
|
| 3 | Frick
ID: 5310541617
Wed, Feb 09, 2011, 10:18
|
As a fellow WoW addict, I hope you have an authenticator on your account. Regardless, change your battle.net password from a clean computer to avoid a lot of headaches from getting your account hacked.
Try booting into safe mode, you'll need to restart the computer and interupt the normal start-up. The key you need to hit varies by model, but a function, esc and delete are fairly common.
Cleaning an infected computer is a crap shoot, and you'll never be 100% positive that you got everything. If you have all of your files backed up to another drive, I would suggest formatting the drive and reinstalling windows. If you don't, try cleaning it, get your files and then format and reinstall.
Try Lifehacker.com, they have some good guides and recommend safe sites to check out.
|
| 4 | Khahan
ID: 373143013
Wed, Feb 09, 2011, 10:47
|
thanks mith, i didn't even think of safe mode. Should have done that first off this morning.
and pd, no I didn't update anything yet. Until I know more about what is going on I didn't want to download anything at all. The whole registration key with avast has me concerned because it should not have expired.
Also, I figured t hose 3 programs were part of windows, but I have never seen them before, never used them before. never accessed them before. Yet they were in my start menu where 'recently accessed programs' show.
Frick, what server do you play on?
|
| 5 | Frick
ID: 5310541617
Wed, Feb 09, 2011, 11:07
|
Skullcrusher
You might want to disconnect the PC from the internet until you get the issue figured out if possible. It might be a hassle, but burning programs you need to a CD is much safer then letting the infected pc have internet access. Some malware will go to sites with more malware, despite what you put in the address bar.
|
| 6 | Guru
ID: 330592710
Wed, Feb 09, 2011, 11:58
|
Any chance you can revert back to an earlier restore point?
|
| 7 | Khahan
ID: 373143013
Wed, Feb 09, 2011, 12:31
|
I probably can guru, though that won't remove the virus will it (I'm assuming this was a virus)? I used to be able to do a lot of this stuff myself. But with windows 7 and XP and some of the other 'newer' windows versions, there's jsut too many components I'm not familiar with.
Although now that I think of it, one of the items in the tray was the auto-updater which indicated my comp had been automatically restarted for new windows updates. May not be a virus.
|
| 8 | Guru
ID: 330592710
Wed, Feb 09, 2011, 14:31
|
A prior restore point might reset your machine to a state before the virus was loaded. However, some viruses effectively eliminate the ability to go back to an earlier restore point - so you may not have that option. But it's certainly the first thing I'd try.
|
| 9 | Farn
Leader
ID: 451044109
Wed, Feb 09, 2011, 14:36
|
Am I the only one who read the title of the thread and assumed it was in the politics forum? I thought for sure it was another wild right wing post from our friend.
Anyway, I'm with Guru. Many times using a prior restore point eliminates the problem. If that works it wouldn't hurt to doublecheck and make sure you have the latest windows updates. Sometimes a prior restore removes those.
Worst case scenario a full reformat doesn't hurt. Its the safest way to lose viruses and restore your machine to its original glory with faster processing speeds.
|
| 10 | Khahan
ID: 373143013
Wed, Feb 09, 2011, 15:33
|
Am I the only one who read the title of the thread and assumed it was in the politics forum? I thought for sure it was another wild right wing post from our friend.
Something bad? You mean like a liberal moving in next door to me?!? Ack, run for the hills!
A complete reformat may be the easiest thing. I've had the comp 1 year. All I'd lose is WoW and an antivirus program along with (I think) Civ3).
|
| 11 | Frick
ID: 5310541617
Wed, Feb 09, 2011, 16:00
|
Depending on how sure you are that you were are were not infected, copying your WoW folder to an external HD is a good idea. Reinstalling it is a very long and annoying process. WoW doesn't "install" you could run it from external drives. Plus if you have done any customizing or have any addons you'll lose all of that data. But, if it is infected, it isn't worth it.
|
| 12 | Khahan
ID: 373143013
Wed, Feb 09, 2011, 17:00
|
Not sure whats infected. But my old comp was 'old' and the hd was 30. Barely big enough to hold WoW. So I already have it on an external. :)
Addons will be inconsequential for me.
|
| 13 | Khahan
ID: 361581016
Thu, Feb 10, 2011, 17:58
|
Yeah, dell won't help me. I took delivery of the computer 51 weeks ago. Its been in my possession since Feb 16. However, Dell is basing their 1 year warranty off the day I went online and ordered it. In other words, my 1 year warranty started ticking before they even built the computer. Oh wait, they will help but they want a credit card and want to bill me while they search for viruses, etc.
Its not a virus. It appears it is as guru said. Everything just reset somehow to the factory settings. Its acting as if I just turned it on for the first time.
So don't buy a Dell. :)
Can anybody help me do a restore point?
|
| 14 | Frick
ID: 5310541617
Fri, Feb 11, 2011, 08:35
|
If you don't have them turned on, sadly the answer is no. Which version of windows are you running?
I bought a Dell a long time ago, but won't anymore since they use proprietary motherboards and upgrading them is a PITA.
|
| 15 | Khahan
ID: 373143013
Fri, Feb 11, 2011, 09:38
|
Well, its not a virus. Its a corruption in the hard drive. Tried a restore point to feb 1 and it could not complete. Just did a reinstall of windows. But from what I'm being told, its an issue that may arise again and just destroy my whole harddrive.
|
| 16 | Farn
Leader
ID: 451044109
Fri, Feb 11, 2011, 11:10
|
If there's a corrupt part of the hard drive it will almost certainly happen again.
If possible, you could replace the hard drive with a new one and eliminate the problem. Much cheaper than buying a new PC.
|
| 17 | Khahan
ID: 373143013
Fri, Feb 11, 2011, 11:49
|
True farn, but a new comp means new everything and I can get a better video card, slighlty more ram etc. :)
|
| 18 | Ref
Donor
ID: 539581218
Fri, Feb 11, 2011, 15:53
|
I've successfully fixed things by going to a restore point. Definitely check that first.
|
| 19 | Farn
Leader
ID: 451044109
Fri, Feb 11, 2011, 15:55
|
Well if you can swing a new PC, go for it. I was thinking of saving you cash. But if you can get one, go for it.
|
| 20 | Khahan
ID: 373143013
Fri, Feb 11, 2011, 16:16
|
ref - post 15. :)
|
| 21 | Mike D
ID: 180392919
Fri, Feb 11, 2011, 19:16
|
1st, add an external hard drive-----less than $100 bucks for a big one-----then back up anything important. This added hard drive can stay plugged in all the time and "may" help your computer run better and put less strain on your other/original one. It will buy you time to look around and the computer may run well in the meantime.
2nd, run "check disk" on your original hard drive. It will usually require you to shut down the PC so that it can run it after Windows tried to reboot. This will find and fix any errors. It may solve your problems.
|
| 22 | Mike D
ID: 180392919
Fri, Feb 11, 2011, 19:18
|
Chkdsk
|
| 23 | loki
SuperDude
ID: 4211201420
Fri, Feb 11, 2011, 21:10
|
If you are thinking about a new computer, is a Mac feasible?
I had been using pcs since my 1st 280 machine from Quantex Microsystems until my daughters convinced me to buy a Mac about a year ago. I found the difference impressive and should have made the change years ago. There are some programs for which I need Windows and for that I partitioned the hard drive with the included Boot Camp program and installed a copy of Vista that I had at home. Just an idea.
|
| 24 | Khahan
ID: 301311119
Sat, Feb 12, 2011, 09:33
|
I'll look into that Loki. Any option is good. More than likely I'll be doing a 'build from scratch' comp optimized for gaming.
|
| 25 | Frick
ID: 5310541617
Mon, Feb 14, 2011, 11:34
|
If you want optimized for gaming, a Mac isn't the way to go. I like Mac and they are great for many things, simplicity being one of them. Cheap and playing games is not their strength.
If you want to play games and your computer has a an 80G hd (and it is not an SSD) it is probably time for an upgrade.
|
| 26 | Great One
ID: 36213210
Wed, Mar 02, 2011, 11:13
|
As most of you know i got that email phishing/spam thing that Pete had... Gmail confirmed that an IP address in China was logged in earlier this morning.
I logged them out and changed my password. Anything else i can do?
|
| 27 | Khahan
ID: 373143013
Wed, Mar 02, 2011, 11:31
|
I was just introduced to a new (at least new for me) spyware program. Go to malwarebytes.org and download their removal program.
If a chinese ip address logged in, you could have a simple keylogger. I'm not sure this program would do for keylogger removal. But I was told this is a more indepth scan than avast which is pretty popular.
Maybe do a yahoo or google search for keylogger removal?
|
| 28 | Great One
ID: 36213210
Wed, Mar 02, 2011, 12:59
|
I'm wonder if i got it at work or at home though... at home I had been using an unsecured WiFi while I was in the middle of moving.
But at work yesterday in the Dirty Dozen thread every time i clicked on it it tried to download something on my work computer here.
I can't really download software here at work though to search without admin privilege.
|
| 29 | Boldwin
ID: 18643169
Thu, Aug 09, 2012, 09:03
|
I ran into a chinese hacking problem once where I believe they took my name and password from the account I used in a game run out of China and tried that password in my yahoo account which worked for them for about 12 hours. Enuff time for them to do one round of mailouts to my contacts.
Gamers beware.
|
| 30 | Frick
ID: 14082314
Thu, Aug 09, 2012, 13:24
|
I would suggest that everyone use a password manager program of some type. LastPass, KeePass, Roboforms are a few examples.
I would also suggest that you turn second validation if you have a smartphone or can receive texts. The idea being use something you know and something you have to gain access to your most important accounts. I just started using Google's Authentication App for my gmail and password program. You can set trusted computer's, so you don't always need to use the 2nd validation on a home computer or laptop.
Google and other security minded websites will let you create 1-time use passwords that you can use to log-in at a computer that you don't trust (basically any computer that you don't own.) The 1-time passwords are 36 characters, which would take 2X10^30 years to brute force.
|
| 31 | Khahan
ID: 39432178
Thu, Aug 09, 2012, 13:52
|
I would suggest not accessing any site or playing any game run out of China.
Probably cut your chances of being hacked in half just with that.
|
|
|
|
Post a reply to this message: I got something bad
|