Dammit! I've finally got a virus... (or something)

XboxMaster · May 2, 2005

Dammit, dammit, dammit! I've avoided a virus on this computer since I got it (over half a year ago) and it's finally happened. There's this one virus, worm, whatever that uses AIM to work its evil. It will open up your buddy list and IM different people on your list a link to the virus. I'm not really sure how it determines what people it will IM. I had been prompted with this link a lot from one person I used to talk to and he told me the first time it IM'd me that it was a virus.

Well, Saturday night someone IM'd me with that same message. I was multi-tasking and I forgot what significance the link had. Needless to say, I clicked on it, it opened up a web page, it prompted me to open or save, and I clicked "Open". Right after that, the person told me it was a virus...it was too late. I thought I might've been safe because I clicked "Open", but I still got infected.

Since then I've been experience different problems. One; some random toolbar appeared on my browser and is there to stay. Two; different programs I use on a day-to-day basis have started crashing a lot. And three; my computer is just generally slower now.

It was late, so I just turned off my computer and started trying to get rid of it the next day. I did a full system scan with Norton and problems I started recieving after I got infected were still present. Then I did a Spybot scan and still to no avail. I noticed that a new toolbar icon had been added after I got infected, so I uninstalled that and that did nothing. Hell, the toolbar is still up on my browser!

All I can do now is sign off AIM when it starts IM'ing people because I don't want anyone else to get it. Someone tell me how to get rid of this monster.

Trancendental · May 2, 2005

This board is awesome.

The people there will tell you how to fix it.

http://boards.cexx.org/viewforum.php?f=1

Oktoberfest · May 2, 2005

wait is this that "omg check this out" thingy?
oh and I heard uninstalling AIM then reinstalling it will do the trick...

KwanzaaTimmy · May 3, 2005

I think he might be referring to what I have gotten this weekend as well-- My roomate uses my computer and is normally good about these things- but told me that he may have opened a link from a buddy that didn't do anything---

The omg check This(underlined) out, is one going around,

but there is another that just sends a link, which I've gotten on my computer.

I'm using another computer right now, as my shit is fuck

ed...

Lorik · May 3, 2005

A couple of my friends got the "hey check out this" worm the other night and they claimed this helped.

http://www.jayloden.com/AIMFix.exe

I will not personally vouch for this file however because I did not run it myself. Use it at your own risk.

XboxMaster · May 8, 2005

OK, here's an update. From what I gathered, I had recieved a virus from AIM and Bearshare in close proximity and possibly something else. I uninstalled and deleted both programs and I plan to reinstall them. Problem is, I can't re-download them! I have some stupid-ass toolbar that I can't get rid of and I'm pretty sure it's the cause of this chaos. When I try to download things, either a window comes up saying, "Your current settings do not allow this" (not exact). Or it mirrors me to some random spam website.

Just yesterday I looked through my computer and cleaned up a little bit. A few programs I didn't recognize here and there. It seems that little effort did nothing so I booted up SpyBot once again and did a scan. I found the toolbar on the list of problems, "EliteBar". I fixed it and the toolbar was gone from my Explorer window, but I still couldn't download anything. I restarted my computer and once I logged in again it was still there!

I just boot the computer in Safe Mode. I tried SpyBot again, supposedly fixed the EliteBar, and tried again. Once I did that, I went to the "Install Google Toolbar" icon on my desktop and I installed the Google toolbar once again (it had disappeared). I'm pretty sure toolbars aren't supposed to show on Safe Mode (correct?), so the Google toolbar isn't showing right now. I tried to download AIM again and again it wouldn't let me!

I don't know what to do!

punqsux · May 8, 2005

backup, format, reinstall.

it sounds like alot of work, but its so much simpler than trying to fix a problem if you have no clue.

punqsux · May 8, 2005

also, google toolbar? am i to understand youre browsing on IE? tsk tsk.

jaykrue · May 8, 2005

[quote name='XboxMaster']OK, here's an update. From what I gathered, I had recieved a virus from AIM and Bearshare in close proximity and possibly something else. I uninstalled and deleted both programs and I plan to reinstall them. Problem is, I can't re-download them! I have some stupid-ass toolbar that I can't get rid of and I'm pretty sure it's the cause of this chaos. When I try to download things, either a window comes up saying, "Your current settings do not allow this" (not exact). Or it mirrors me to some random spam website.

Just yesterday I looked through my computer and cleaned up a little bit. A few programs I didn't recognize here and there. It seems that little effort did nothing so I booted up SpyBot once again and did a scan. I found the toolbar on the list of problems, "EliteBar". I fixed it and the toolbar was gone from my Explorer window, but I still couldn't download anything. I restarted my computer and once I logged in again it was still there!

I just boot the computer in Safe Mode. I tried SpyBot again, supposedly fixed the EliteBar, and tried again. Once I did that, I went to the "Install Google Toolbar" icon on my desktop and I installed the Google toolbar once again (it had disappeared). I'm pretty sure toolbars aren't supposed to show on Safe Mode (correct?), so the Google toolbar isn't showing right now. I tried to download AIM again and again it wouldn't let me!

I don't know what to do![/QUOTE]

Look at your process and see if you find any *.exe files that you don't recognize... or better yet, take a screenshot so I and other computer-knowledgable CAGs can look at it... or even better yet, get HiJackThis and post the log that you get here so we can run through your processes. I think the screenshot way will be fastest but HiJackThis will be more thorough. I suspect that although you're deleting the toolbar via Spybot/Adaware, it's not deleting the core registry values that reinstall the spyware. There's a few out there that like that. I once got hit by this spyware redirector called SearchThis which would install a toolbar in my IE and whenever I would uninstall it, it would reappear. I finally got rid of it by uninstalling it in Safe Mode and then going line by line through the registry using regedit and deleting all instances of SearchThis and it finally cleared up. I DON'T recommend messing w/ your registry if you don't know what you're doing. It's a great way to royally fuck

up your machine. The regedit technique should be a last resort and even then should be done by someone who knows how to use it.

Murcielago77 · May 8, 2005

[quote name='punqsux']also, google toolbar? am i to understand youre browsing on IE? tsk tsk.[/QUOTE]

I concur, Firefox is the way to go, not that IE crap

jacobv · May 8, 2005

[quote name='Murcielago77']I concur, Firefox is the way to go, not that IE crap[/QUOTE]
Don't forget Opera. It shouldn't be overlooked even though it often is.

punqsux · May 8, 2005

opera and firefox are apples to oranges, but dont freakin use IE.

Oktoberfest · May 15, 2005

ok the virus took a new form... "check out my pictures"

Dammit! I've finally got a virus... (or something)

XboxMaster

CAGiversary!

Trancendental

CAGiversary!

Oktoberfest

CAGiversary!

KwanzaaTimmy

CAGiversary!

Lorik

CAGiversary!

XboxMaster

CAGiversary!

punqsux

CAGiversary!

punqsux

CAGiversary!

jaykrue

CAGiversary!

Murcielago77

CAGiversary!

jacobv

CAGiversary!

punqsux

CAGiversary!

Oktoberfest

CAGiversary!