My uncle's computer has TONS of malware, and I can't remove them?

just_bri · 02-27-2008, 09:21 AM

Hello everyone. =)

I consider myself to be at an "intermediate" level when it comes to computers and the internet. So when I was over my uncle's house last night (and I used his computer -- which is Windows XP, like mine at home), I noticed a few things:

(good program = bold black, potentially bad programs = bold red)

He uses Internet Explorer.
His computer has broadband connection, so it's always online.
Worst of all, I think he leaves his computer on ALL DAY.
There was an odd-looking toolbar on there, called Mirar.
The computer was acting a bit sluggish.
There were TWO prompt boxes on the screen. They looked kinda like this:

(Unfortunately, I do not remember the names of the actual programs.)

Anyway...I was pretty sure they were fake and would install spyware and virsues, so I clicked the "X". Which I realized was probably stupid...the virus would install if I clicked ANYTHING in that prompt. So I tried turning the computer off with the Power button, but I couldn't because it was stuck. So finally my little cousin came and helped me turn it off -- about 30 seconds later (though I'm sure 30 seconds was plenty of time for something to get on the computer).

I restarted the computer a few seconds later, and I noticed this:

1. The computer was even slower than before.

2. Every 1-3 minutes, a popup window (from sites like Zoombli and FuzzyPC) would appear. The longer it took for me to close them, the slower the computer would act.

3. There was some antivirus program on the computer called ContraVirus(?). And it said it found 776 viruses. o___________o

4. I decided to run Norton Antivirus (a program I knew about), but it was outdated (so now my uncle has to pay for renew it). Still, Norton said it found a number of Trojans (can't remember the name), and one of them was a DLL file (I can't remember the name though; sorry!).

5. Every time I went to sites like "Download.com" and searched for "antivirus" or "spyware", the computer acted REALLY slow, almost like it didn't like those search terms, or that website.

6. When I finally found and installed Ad-Aware (NOTE: I clicked "run"; I DID NOT save it to the computer and run it later), it found several viruses, including WinTouch.exe. But when I tried to remove it, the program "messed up" and closed.

7. I found an online virus scan called Kaspersky, and when I ran that and tried removing the viruses it found, the program also "messed up" and closed.

8. Oddest of all, ContraVirus, Kaspersky, Ad-Aware, and Norton found different amounts of viruses (ContraVirus found 776, Ad-Aware found 430..). And no two viruses/keys/etc. had the same name. o_O

Since I can't even use antivirus programs to fight it, it sounds like this virus has overtaken the computer. (><;) But what should I do? What CAN I do??? I'm going back to my uncle's house tonight, so what should my first step be: running HighJackThis in Safe Mode?...or should my uncle just take the PC to the shop because it's seriously screwed up?

Please, please, PLEASE help!!!

tetonbob · 02-27-2008, 09:52 AM

ContraVirus is crapware, even goes as far as adding fluff registry items for it to "find" and then goad people into purchasing it so it can then "remove" the same junk it placed there.

Your uncle's machine is infected. How infected, we can't tell yet. If you want help in trying to clean it, before taking it to a shop....we can certainly try, but we need more information. Toward that end...

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs in the HijackThis Log Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the HijackThis Log Help forum is extremely busy, and it may take a while to receive a reply.

just_bri · 02-27-2008, 10:04 AM

I like that term. "Crapware". xD

And wow, I did not notice that Malware page. I feel really bad now....

Also, I just looked over the steps, and I forgot to mention something!!:

-I tried going to "Add/Remove Programs", and IT NEVER LOADED. It stayed on the "Please wait while the list populates..." screen!!!

I'll print out the rest of the steps and following them when I get to my uncle's....but since I can't even do Step #1, is that a REALLY bad thing? =(

tetonbob · 02-27-2008, 10:07 AM

Don't fret if you cannot complete any of the steps. Simply make note of it and move on, and report it in your new thread.

Most important for the analysts will be Step 5, Deckard's System Scanner, which is a more comprehensive baseline analysis tool than HijackThis alone.

just_bri · 02-27-2008, 10:44 AM

Ah okay, thanks. I'll keep you posted on the progress (ie: I'll post in the HighJackThis thread, and then link that new thread in here).

Thanks again!!

02-27-2008, 09:21 AM	#1 (permalink)
just_bri Registered User Join Date: Feb 2008 Posts: 7 OS: Windows XP	My uncle's computer has TONS of malware, and I can't remove them? Hello everyone. =) I consider myself to be at an "intermediate" level when it comes to computers and the internet. So when I was over my uncle's house last night (and I used his computer -- which is Windows XP, like mine at home), I noticed a few things: (good program = bold black, potentially bad programs = bold red) He uses Internet Explorer. His computer has broadband connection, so it's always online. Worst of all, I think he leaves his computer on ALL DAY. There was an odd-looking toolbar on there, called Mirar. The computer was acting a bit sluggish. There were TWO prompt boxes on the screen. They looked kinda like this: (Unfortunately, I do not remember the names of the actual programs.) Anyway...I was pretty sure they were fake and would install spyware and virsues, so I clicked the "X". Which I realized was probably stupid...the virus would install if I clicked ANYTHING in that prompt. So I tried turning the computer off with the Power button, but I couldn't because it was stuck. So finally my little cousin came and helped me turn it off -- about 30 seconds later (though I'm sure 30 seconds was plenty of time for something to get on the computer). I restarted the computer a few seconds later, and I noticed this: 1. The computer was even slower than before. 2. Every 1-3 minutes, a popup window (from sites like Zoombli* and FuzzyPC)* would appear. The longer it took for me to close them, the slower the computer would act. 3. There was some antivirus program on the computer called ContraVirus(?). And it said it found 776 viruses. o___________o 4. I decided to run Norton Antivirus (a program I knew about), but it was outdated (so now my uncle has to pay for renew it). Still, Norton said it found a number of Trojans (can't remember the name), and one of them was a DLL file (I can't remember the name though; sorry!). 5. Every time I went to sites like "Download.com" and searched for "antivirus" or "spyware", the computer acted REALLY slow, almost like it didn't like those search terms, or that website. 6. When I finally found and installed Ad-Aware (NOTE: I clicked "run"; I DID NOT save it to the computer and run it later), it found several viruses, including WinTouch.exe. But when I tried to remove it, the program "messed up" and closed. 7. I found an online virus scan called Kaspersky, and when I ran that and tried removing the viruses it found, the program also "messed up" and closed. 8. Oddest of all, ContraVirus, Kaspersky, Ad-Aware, and Norton found different amounts of viruses (ContraVirus found 776, Ad-Aware found 430..). And no two viruses/keys/etc. had the same name. o_O Since I can't even use antivirus programs to fight it, it sounds like this virus has overtaken the computer. (><;) But what should I do? What CAN I do??? I'm going back to my uncle's house tonight, so what should my first step be: running HighJackThis in Safe Mode?...or should my uncle just take the PC to the shop because it's seriously screwed up? Please, please, PLEASE help!!! Last edited by just_bri; 02-27-2008 at 09:28 AM.

02-27-2008, 09:52 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,561 OS: 2000 Pro; XP Pro; XP Home	Re: My uncle's computer has TONS of malware, and I can't remove them? ContraVirus is crapware, even goes as far as adding fluff registry items for it to "find" and then goad people into purchasing it so it can then "remove" the same junk it placed there. Your uncle's machine is infected. How infected, we can't tell yet. If you want help in trying to clean it, before taking it to a shop....we can certainly try, but we need more information. Toward that end... Please follow our 5 Step process outlined here: http://www.techsupportforum.com/secu...oval-help.html After running through *all* the steps, please post the requested logs in the HijackThis Log Help forum, not here. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. Please note that the HijackThis Log Help forum is extremely busy, and it may take a while to receive a reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-27-2008, 10:04 AM	#3 (permalink)
just_bri Registered User Join Date: Feb 2008 Posts: 7 OS: Windows XP	Re: My uncle's computer has TONS of malware, and I can't remove them? I like that term. "Crapware". xD And wow, I did not notice that Malware page. I feel really bad now.... Also, I just looked over the steps, and I forgot to mention something!!: -I tried going to "Add/Remove Programs", and IT NEVER LOADED. It stayed on the "Please wait while the list populates..." screen!!! I'll print out the rest of the steps and following them when I get to my uncle's....but since I can't even do Step #1, is that a REALLY bad thing? =( Last edited by just_bri; 02-27-2008 at 10:06 AM.

02-27-2008, 10:07 AM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,561 OS: 2000 Pro; XP Pro; XP Home	Re: My uncle's computer has TONS of malware, and I can't remove them? Don't fret if you cannot complete any of the steps. Simply make note of it and move on, and report it in your new thread. Most important for the analysts will be Step 5, Deckard's System Scanner, which is a more comprehensive baseline analysis tool than HijackThis alone. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-27-2008, 10:44 AM	#5 (permalink)
just_bri Registered User Join Date: Feb 2008 Posts: 7 OS: Windows XP	Re: My uncle's computer has TONS of malware, and I can't remove them? Ah okay, thanks. I'll keep you posted on the progress (ie: I'll post in the HighJackThis thread, and then link that new thread in here). Thanks again!!