|
Post by SpyMaster on Nov 11, 2005 21:15:36 GMT
I am desperate here.
I was on msn and a friend sent me a link of a php page which appeared to have a profile of my e-mail address on it. I clicked it because I wanted to know what the hell my address was doing some place I didn't know and that appeared to be what my friend was asking as well. As soon as the profile download (it was an MS DOS file but appeared to be something else) I scanned it and then opened it. It then promptly disappeared. I then got a popup reading.
One slight problem I don't have a service pack 2 disc. I have a service pack 1 disc but I download service park 2 from the internet as that's what it wanted you to do. It won't accept my windows service pack 1 disc.
What can I do?
I spoke to my friend after clicking on the link and they responded with "Oh crap don't click on the link" apparently they're infected with something and it sends out this link to all your contacts.
So help!
Thanks Spy_Master
|
|
|
Post by SpyMaster on Nov 11, 2005 21:25:31 GMT
I tried to access system restore but it said it had been turned off ??
I don't think that I would have done that.
I turned it on and I can't access any data backup points.
|
|
|
Post by Flick on Nov 11, 2005 21:59:45 GMT
That doesn't sound good, even to me.
|
|
|
Post by SpyMaster on Nov 11, 2005 22:07:25 GMT
That doesn't sound good, even to me. Well no it's not good. Does Steve ever come online this late because he's the only technical person I know? I need help to fix this because I don't know what to do. I could order a disc but despite putting a hole in my pocket it would take awhile to get here. I need a fix for this now. Totally stressing out.
|
|
|
Post by Flick on Nov 11, 2005 22:12:06 GMT
He is sometimes on this late. Which I know from being on this late before on a Friday because I have no social life!
|
|
|
Post by SpyMaster on Nov 11, 2005 22:18:30 GMT
He is sometimes on this late. Which I know from being on this late before on a Friday because I have no social life! I'm always on this late but I've never noticed anybody else on. Panicking . . .
|
|
|
Post by Steve on Nov 11, 2005 22:30:35 GMT
It sounds like you have downloaded a dodgy dos batch file, Spy_Master. Trojans which are circulated via Yahoo Messenger, MSN Messenger etc. are not usually detected by anti-virus and anti-spyware programs. Anyway, what to do about it now is the question. Can you find it by searching for files called: *.bat and specify 'Modified within the previous 24 hours', otherwise it will show all of your regular dos files. Hmmm, that may not work because the date may show as the date when it was written, which could be months ago. Anyway, if you can find it, open it from within Notepad - open Notepad, then File - Open - and you can read it as an ordinary text file and you can see which files it has modified and/or deleted. You may be able to run System Restore if you reboot in Safe Mode. XP has that option somewhere but I can't remember off the top of my head where it is - you probably know where it is though eh. If not, Google will tell you (I'm still using 98 here). Have you been able to download service pack 2? Edit: I was just reading about the Windows File Protection feature, and it should ask for whichever version of Windows you are running, so I wonder why it's asking for service pack 2. support.microsoft.com/?kbid=222193
|
|
|
Post by SpyMaster on Nov 11, 2005 22:46:50 GMT
AVG has picked up a virus but I'm worried. Surely if it's infected and uncleanable it'll have to be deleted but if that's a windows file that could crash my whole PC. I haven't been able to d/l service pack 2. I did download it and I tried to run it and it said that the file was corrupt. I don't understand how I can use system restore because it said it was turned off? Is that a feature of this trojan? I'm running the search now to see if it'll throw anything up.
|
|
|
Post by SpyMaster on Nov 11, 2005 22:54:09 GMT
The search didn't pick up anything up at all
|
|
|
Post by Steve on Nov 11, 2005 23:01:46 GMT
If it was me, I'd look first for the batch file (filename.bat) and have a read of it to see what it had done and see if I could recover from it manually.
Edit: you've just replied that you didn't find it, so...
Next I'd check for info on the virus, and see if somebody like Symantec had either released a file to fix it, or instructions on how to do that manually.
If I was still stuck, then I'd concentrate on getting hold of a useable copy of SP2.
|
|
|
Post by SpyMaster on Nov 11, 2005 23:04:30 GMT
The virus scan just finished.
Infected - 3 Cleaned - 0 Moved to vault - 0 Deleted - 1 Errors - 0
I have one file in the virus vault and it says I don't. Also where did the other two files go?
|
|
|
Post by SpyMaster on Nov 11, 2005 23:06:22 GMT
I tried to go to Symantec.com but it kept saying connection refused. Could this trojan have blocked access to places that could help me?
Thanks for all your help. I know it's late but this was scary. You are a godsend!
|
|
|
Post by Steve on Nov 11, 2005 23:08:31 GMT
That would normally happen if you had an infected zip file, which contained two contaminated files within the zip. It would show a total of three but there would only be a need to delete one.
|
|
|
Post by Steve on Nov 11, 2005 23:16:41 GMT
Yes, it could well be blocking you from accessing the site. I can reach it no problem. The way around that is to connect via a proxy server. Try this one: anonymouse.org/
|
|
|
Post by SpyMaster on Nov 11, 2005 23:18:27 GMT
That would normally happen if you had an infected zip file, which contained two contaminated files within the zip. It would show a total of three but there would only be a need to delete one. So is it fixed now? Can I breathe freely again? I've still got the windows popup for file protection. I didn't know what to do with it as everytime I clicked cancel it said that I would keep the unrecognized file versions. So am I safe to click cancel or will it doom me forever because at the moment apart from supposedly having a virus my PC is working fine aside from refusing me connection to that website unless I'm through that anonymous thing.
|
|