Ok so now basically, my computer belongs to them. My task manager says it's been disabled by the Administrator, when I try to do system restore, I pick the date, and when I click next, nothing happens. The desktop background changed to all black with some bogus warning, saying my computer is under attack and it's recommended I download some crap. Basically I can't do anything, right now i'm in the safe mode.
Also, at startup, when I try to do the 'restore to last known good configuration' or whatever, I get a message saying "file missing, windows root>\system32\ntoskml.exe"
Also, the random 'warning your system is under attack' messages, and also popups that open in my actual firefox lead me to:
antivirus-xppro-2009.com/?code=0000049
and
onlinescanxpp.com/land/eurl/?code=49
if that's any help.
I've noticed not too long ago I kept getting messages at startup saying my chip fan failed, later the other two, when they're working fine.
I've also been getting popups(still get them in safe mode), when I'm using firefox, I get a pop up from IE but the logo on it looks just like the firefox logo, except the globe thing in the middle is a bit lighter then the actual one. Same thing happens when I'm using safari.
My antivirus found(and continues finding) various trojans in windows/system32, I decided to start putting the files in the quarantine since I guess I can't really fix it.
the trojans are:Vundo.Gen
Dropper.Gen
Downloader.Gen
Crypt.ULPM
Crypt.MWPM
Stuh.dvk
Small.69120.A
Also have some random droppers & exploits.
Mostly in windows/system32
bunch in System Volume Information, and in a couple of other places
probably tons more, I use Avira Antivir.
I'm kinda a noob but I realize I'm major screwed.
Also the dumbass that I am, I don't have anything backed up.
So right now, I just want to save whatever I have left, my whole My Documents folder seems clean, so I'm just going to attempt to salvage that, and reinstall windows. I really don't want to do that, my whole life is on this computer.
Do you recommend doing anything else?
Or have a way to fix all this?
Or have ANY information on...well any of this? How it got there etc.
My friends use this computer a lot when I'm not here, so I'm guess ing it has something to do with what they did, though they deny doing anything suspicious.
Thanks so much.
Also, at startup, when I try to do the 'restore to last known good configuration' or whatever, I get a message saying "file missing, windows root>\system32\ntoskml.exe"
Also, the random 'warning your system is under attack' messages, and also popups that open in my actual firefox lead me to:
antivirus-xppro-2009.com/?code=0000049
and
onlinescanxpp.com/land/eurl/?code=49
if that's any help.
I've noticed not too long ago I kept getting messages at startup saying my chip fan failed, later the other two, when they're working fine.
I've also been getting popups(still get them in safe mode), when I'm using firefox, I get a pop up from IE but the logo on it looks just like the firefox logo, except the globe thing in the middle is a bit lighter then the actual one. Same thing happens when I'm using safari.
My antivirus found(and continues finding) various trojans in windows/system32, I decided to start putting the files in the quarantine since I guess I can't really fix it.
the trojans are:Vundo.Gen
Dropper.Gen
Downloader.Gen
Crypt.ULPM
Crypt.MWPM
Stuh.dvk
Small.69120.A
Also have some random droppers & exploits.
Mostly in windows/system32
bunch in System Volume Information, and in a couple of other places
probably tons more, I use Avira Antivir.
I'm kinda a noob but I realize I'm major screwed.
Also the dumbass that I am, I don't have anything backed up.
So right now, I just want to save whatever I have left, my whole My Documents folder seems clean, so I'm just going to attempt to salvage that, and reinstall windows. I really don't want to do that, my whole life is on this computer.
Do you recommend doing anything else?
Or have a way to fix all this?
Or have ANY information on...well any of this? How it got there etc.
My friends use this computer a lot when I'm not here, so I'm guess ing it has something to do with what they did, though they deny doing anything suspicious.
Thanks so much.
