|
Post by Steve on Nov 11, 2005 23:25:19 GMT
You may have a problem still, if you can't connect directly to somewhere like Symantec. I would run Spybot - Search and Destroy and see what that finds. If you don't already have the program, download it and then download the latest virus definitions. Make use of the Immunise feature to block known bad sites in the future. Also check to see if HijackThis is able to run. Sometimes these viruses and trojans block it, so that might be another indicator.
|
|
|
Post by Steve on Nov 11, 2005 23:34:40 GMT
That would normally happen if you had an infected zip file, which contained two contaminated files within the zip. It would show a total of three but there would only be a need to delete one. So is it fixed now? Can I breathe freely again? I've still got the windows popup for file protection. I didn't know what to do with it as everytime I clicked cancel it said that I would keep the unrecognized file versions. So am I safe to click cancel or will it doom me forever because at the moment apart from supposedly having a virus my PC is working fine aside from refusing me connection to that website unless I'm through that anonymous thing. I think some of your system files have been overwritten, and even though everything appears to be okay, you may encounter problems which aren't yet apparent, when you use different programs. Your MSN Messenger may be infected - it may start sending out that link too. Do you know what webpage it sent you to? I'd like to go and see what it is and download the batch file.
|
|
|
Post by SpyMaster on Nov 11, 2005 23:37:08 GMT
Hijack this won't run. I downloaded Spybot though and I've set that going. I did have it at some point but I can't find it so I might have it installed twice (when this is over I'll check). Hopefully this will fix it. God I can't believe I was so stupid. I was worried about my security so I went and comprimised it.
Thanks again Steve. You're a miracle worker.
|
|
|
Post by Steve on Nov 11, 2005 23:40:55 GMT
I came across that a few weeks ago - I was cleaning somebody's PC which was badly infected and I didn't even have HijackThis to help me - it would open and run for a few seconds then gave an error message and closed. After I had cleaned everything manually and then using Spybot, HijackThis was able to run again. It's a weak point in the program - it is too easily disabled by trojans and viruses.
|
|
|
Post by SpyMaster on Nov 11, 2005 23:45:40 GMT
I think some of your system files have been overwritten, and even though everything appears to be okay, you may encounter problems which aren't yet apparent, when you use different programs. Your MSN Messenger may be infected - it may start sending out that link too. Do you know what webpage it sent you to? I'd like to go and see what it is and download the batch file. What so will I have to completely reinstall windows? So far the link hasn't appeared I IM'd all my contacts to warn them because I was waiting for my friend Max to sign on because he's a bit of a tech whizz and didn't want anybody to do what I did. No link. The address was something like I'm not sure exactly though and I can't see a way to check.
|
|
|
Post by SpyMaster on Nov 11, 2005 23:55:32 GMT
I ran spybot and it fixed 290 odd problems but three can not be fixed 180 solutions search assistant 180 solutions zango when you search desktop toolbar Now I use zango as an intant message client and indeed that's what I was using when I got the link not msn messenger. It suggests restarting my computer. I will do that if you say it's ok because I don't want it to not start again and just die on me completely because then I wouldn't know what to do and have no reference. Suggestions? ETA Zone alarm keeps asking for an IP configuration utility to access the internet. It did that before I got this link but it's doing it more frequently now. Also a possible complication my mp3 player was plugged into my comp at the time. Will this be affected?
|
|
|
Post by Steve on Nov 11, 2005 23:57:06 GMT
Okay thanks. I can't get anything to open from that link, even if I edit it back to the root url. As for reinstalling Windows, well I don't know - at the moment there doesn't appear to be any need for it but you still don't know what damage has been done to the operating system yet.
|
|
|
Post by Steve on Nov 11, 2005 23:59:53 GMT
I'll need to think about that for a moment.
|
|
|
Post by Steve on Nov 12, 2005 0:08:39 GMT
Is the IP config utility something which has always been there or is it something which appeared recently? I doubt that the mp3 being connected will be of any significance.
As for rebooting, there isn't much you can do really except make a Windows recovery disk if you don't already have one, but it may be a bit late for that now because you might be making a disk using infected files. If Windows fails to boot normally, then you might try booting into Safe Mode, by tapping the F8 key repeatedly as the PC starts up. That still works on XP, I think.
|
|
|
Post by SpyMaster on Nov 12, 2005 0:14:53 GMT
I believe that the IP config has only appeared recently. I've had something requesting access to veritas as well. I've been letting them both have it as I preumed it was to do with aol (it's always asking me permission for stuff) but just lately I've wondered about it.
I've run spybot twice more and now it only says that it has one problem which can not be fixed - 180solutions.zango - with a problem directory D:\Program Files\ZangoClient Zango was the program I got the problem over. Anyway I'm going to restart and see if it'll let me then get rid of this with spybot and then see if Hijack This will run.
Be back in a minute.
|
|
|
Post by Steve on Nov 12, 2005 0:21:40 GMT
Okay
|
|
|
Post by SpyMaster on Nov 12, 2005 0:27:44 GMT
This time when I ran spybot it said 99 problems found and then 99 problems fixed. However, when I tried to run Hijack This it crashed like before. Also lots of the problems which are supposed to be fixed turn up everytime I run spybot.
ETA. I also have this new exe file crss asking for internet access.
|
|
|
Post by Steve on Nov 12, 2005 0:31:10 GMT
Right, that's bad news and a definite indication that your PC is infected. Don't allow the exe file through until you find out what it is. I'll have a look now.
|
|
|
Post by Steve on Nov 12, 2005 0:37:02 GMT
Symantec shows four results for crss.exe: Symantec results If you can't go there directly, then right-click and 'Copy link location' and paste it into the proxy server page which I gave you earlier.
|
|
|
Post by SpyMaster on Nov 12, 2005 0:42:42 GMT
Symantec shows four results for crss.exe: Symantec results If you can't go there directly, then right-click and 'Copy link location' and paste it into the proxy server page which I gave you earlier. I clicked on the link and it let me there directly. However, I'm not entirely sure what I'm looking at or for. I mean it's search results for crss and I presume removal instructions are in there somewhere but which one do I follow?
|
|