I recently built a new media PC for my living room and was installing and upgrading Windows XP while doing the service pack upgrades I decided to find a free antivirus program and install it while I waited, I did a search and went to a site claiming to have reviewed these programs... it turned out to be a well SEO'd attack site and before I knew it my computer was getting infested with all sorts of malicious software. The virus blocks my access to sites like Trendmicro.com and to Spybot S&D's server so I cant download the programs or run online anti-virus sweeps. It also blocks processes like a hijackthis isntall to run on the machine and won't let me install any browsers except IE and FireFox (my guess is it exploits them to block the antivirus sites). The virus also hijacks google and yahoo search results transforming each click taking me to surprisingly larger etailer sites like ebay and others. I am amazed at the sophistication but really want to get rid of this virus without exposing my other pc's directly to it. Is there any antivirus that can scan network drives for viruses?
Buy Norton or other quality AV program and boot from the CD. Your only other choice is format C: fdisk and fdisk /mbr for which you will need a boot disk. Good luck. Makes you want to whack a virus person doesn't it.
yeah im not formatting. it took forever to get XP Media edition working with my hardware i dont look forward to doing that again. I own norton but it won't run.. the virus blocks the process and it just hangs until the pc locks up. im telling you this thing is horrific.
Run msconfig and disable most of what you find in the startup bat file. Get it down to the bare minimum. Then try again. It has to be loading something on startup. Post back if you do not know what msconfig is.
nope. msconfig does me no good. I tried disabling and it just re-enabled them, i tried running in diagnostic mode and it changed my mode to 'selective startup' and selected just two dll's to run while keeping everything else shut off. now it won't let me change the config settings as it just keeps switching back to this setting. says the location of the dll's is HKLM\Software\Microsoft\CurrentVersion\Run but i dont see that in my registry. the files it keeps loading are: rudadiza.dll fefiweta.dll
These are random dll files names created by the same critter. Substiture your dll filenames in the instructions below. General instructions found on the web: 1. Temporarily Disable System Restore, Reboot computer in SafeMode; 2. Locate CIETGKAQ.DLL virus files and uninstall CIETGKAQ.DLL files program. Follow the screen step-by-step screen instructions to complete uninstallation of CIETGKAQ.DLL. 3. Delete/Modify any values added to the registry related with CIETGKAQ.DLL,Exit registry editor and restart the computer; 4.Clean/delete all CIETGKAQ.DLLinfected file(s):CIETGKAQ.DLL and related,or rename CIETGKAQ.DLL virus files; 5.Please delete all your IE temp files with CIETGKAQ.DLL manually,run a whole scan with antivirus program ; Frankly as much as it pains me to say it. Unplug the net cable and format c: is looking prettty good about now.
hmmm. thanks for all the advice. I just pulled out the drive and slaved it to my main machine and ran malwarebytes anti-malware and norton on it. Cleaned it up in a few hours. Im gonna boot it up now and see if it got it all.
I'm prepared against this. Once I installed my OS and installed the programs and files that I need I made a backup of my C drive to another drive. Now if anything goes wrong I can format my C drive and copy over the backup which has most of the stuff I need installed. I made the backup before I got adventurous and started installing stuff that I didn't have experience with. So I know the backup is in a pretty clean state.
always a good move. btw. If anyone is reading this and you get the same infection please note that Norton will not clean it. You will see a 'trojan' that Norton can not clean or quarantine. Run Malwarebytes Anti-Malware on a full scan and it should remove all but one file. Run it again and it should remove that last file. Then run a quick scan if it comes up empty set it to run on your next boot up. The scan should be clean but this is just a precautionary measure. If you choose to do what I did and use a second machine to remove the infection from the hard disk please make sure you have Norton running as it will catch viruses being downloaded by the trojan program. If you do not have it running the trojan will install approximately 50 new viruses and malware programs on your other machine and will interrupt the Malwarebytes Program from running the second scan. You also might want to disconnect the internet connection from the computer as a precautionary measure. ***WARNING*** A new attack site is being distributed by hacker bots on Myspace, Facebook and other social networking sites. The bots post 'wall post' or 'comments' telling you that your profile pictures are posted on a new website. The website is an attack site and will download this same, very new, trojan horse program to your computer.
Glad you got it cleaned up without having to reinstall. So Norton will stop it from getting onto your machine but it will not clean it after it does?? Did I understand that correctly?
no no. Norton stops the other junk that it downloads, but it cant stop or get rid of the main problem (as of yet). Norton seems to be aware of it and what it can do just doesnt have a fix in place yet. Btw. this trojan also downloads a virus that bypasses the Microsoft Firewall and lots of other fun little things. I recommend using Spybot SD after the the Malwarebytes scan as well since it seems to catch a couple of other critters on the system.
There is a free version of Malwarebytes Anti-Malware and a paid real time version costing $24.95. Not a bad price for a software that can handle a trojan that Norton can't fix.
yeah not bad at all. the free version appears to remove just as much as the paid version, just lacks the ability to schedule and a few other bells and whistles. after dealing with it and cleaning it up I issued a virus warning to my web development and pc repair clients. Hopefully that keeps me from having to fix this thing a couple more times. you can read my entire experience with this sucker here: http://www.dotmediaweb.com/blog/?p=73 just as a side note I was getting ready to reset my iphone anyways so i visited the attack site before I did. The attack site did attempt to install the virus and it did launch random safari windows. so it appears that it scans and downloads different versions of the virus for apple and windows versions. I offer a suggestion on how to avoid it on the iphone in the above blog post.
Although you slaved the drive to your other PC and ran the various scans and appear satisfied it is 'clean,' I would still treat the HD as if it was radioactive and in need of complete decontamination. There's no way you can ever be sure it's clean without formatting (and turning off to take care of any memory residents) and reinstalling Windows. As a footnote, it looks as though Prevx can also handle it.
hmmm well it's running perfectly fine and MBAM did catch some bugs when it booted up. But it's checking clean by everything now. Unlike you I have faith that these programs can actually root out all the problems, even if it takes three different ones to do it. I have had the same version of Windows XP running on a machine in my house for 5 years without reformatting one single time and it still runs like new. I guess it's just all in how you care for your pc. This one that was infected and became my guinea pig pc to play with this virus will be my 5th running computer in the house alongside my gaming rig, my music server (internal and net radio), my shits-in-grins Pentium3 pc and my laptop. I rarely have the need to format a drive and havent lost any data since 2005 when a drive of music failed on me, luckily it was all backed up on CD's.