help me!!!!! big problem!!

I've got idiots who live with me, and they DL'ed a ---V----i----r---u-----s--- (ha, if I spell the word it shuts me down) that I absolutely cannot get rid of. I cannot use anything to get rid of it because it shuts EVERYTHING down....all the online ---s---c------a----n--s and my --Mc-------Afee.

Does anyone here have the slightest idea of what kind it might be, or how I can get rid of it? I think I'm gonna have to restart every thing if I can't figure it out in just a little while.


AHHHHHHHHHHHHHHHHHHHHHHH!!!!!!

 

Sounds like the Sasser virus, which has been going around for quite some time. Microsoft's website has a tool you can download to get rid of it. There's an executable you can turn off in your Task Manager to keep everything from shutting down while you fix the problem, but I can't remember the name of it. It had a bunch of numbers in it. Do a search for Sasser on the Microsoft downloads website, you can find the instructions there.

Also, make sure you have downloaded the most recent update files for McAffee once you get it running. Sasser's an old enough virus (worm) that they should have the patch for it now. Hope this helps!

 

P.S. - reloading Windows will generally not get rid of a virus. A lot of them reside on the boot sector. It can actually make things worse if you try to reinstall it. The only way you can reinstall everything to get rid of it is if you reformat your hard drive, and delete the boot sector, but this will wipe out EVERYTHING on your computer. Make sure you backup any files you want to keep frequently!

 

Here is the link to the sasser removal tool from microsoft:
http://www.microsoft.com/downloads/results.aspx?productID=&freetext=SASSER&DisplayLang=en


And you will want to do a complete virus scan after as well. TrendMicro has a great free virus scanner. Better than McAffee in my opinion. And it is easy to use.

http://housecall.trendmicro.com/housecall/start_corp.asp

But it is always good to have somehting monitoring incomming files, I use eTrust but you can still use McAffee for that.

Then I would suggest downloading Spybot Search&Destroy and using that to immunize your system and get rid of any spyware. It is a free download so if you don't already have it here is a link:
http://www.safer-networking.org/en/download/index.html

 

the tool for editing what happens at startup is

Start-->Run-->msconfig

there is a "startup" tab. uncheck anything you don't recognize.

and yeah, spybot rocks. won't stop viruses, but is great for stopping spyware. well, some viruses. but you still need an up to date antivirus.

actually, just go here. i've given this speech before.....

http://www.hipforums.com/forums/showthread.php?p=334279#post334279

 

dude! thatsa pretty smart virus!!

 

Ah, don't backup now. You never know if that file is corrupt or not. Like music files and other such things are pains for that reasons. Lots of virus/worms/trojins come that way. You can NEVER really trust anything online. Mainly in P2P networks.

 

you can backup your mp3s. an mp3 never contains any executable code, thusly they're safe.

...atleast for now i guess...

 

Well, I *think* we got rid of it, but it was a fucking BITCH to deal with. I've never seen anything like it before.

I use ad-aware since spybot S&D doesn't update it's free stuff anymore. It was at least able to find out where it was at. That damned thing fucking somehow DELETED my Mcafee shit (even though I never used it, it still pissed me off) and locked us out of the "regedit"....we had to pull all kinds of bullshit to get there. Sprout was able to get into it though somehow and delete a coulpe of the files (they were WELL hidden) and after that we were able to get back online and use T.M's housecall. It found almost 500 infected files. I ran it twice more, and nothing else ever came up. Since then everything seems okay, but we went through an agonizing 6 hours of hunting down the virus. I swear, you couldn't type in the words worm, virus, blaster, and a whole ton of others because it would shut down IE. You couldn't type anything into Run because it would either shut it down OR a message saying that we didn't have permission from our system administrator (WTF?!?) would pop up. I though we were fucked....LOL< and if sprout wasn't so damn hard-headed and persistant we would have been

 

spybot stopped updating it's free one? damn, i really liked spybot. i had noticed that there were no updates for a while though.

 

The trick is not to let things get jacked up in the first place but as you now know it sucks....I use a combo of sypsweeper, window washer,mcafee and zone alarm and have no issues and got most the codes for them for free from kaza. You might run the repair feature on your os disk if things dont seem right since you had to remove so much for the fix.....good luck.