PDA

View Full Version : Computer Virus, HELP!!!



Nubbs
08-24-2006, 06:21 PM
Hey all,
I've got some sort of virus on my computer. After searching the web for a while, some "error" window will popup saying a terminal error has occured and my computer will restart in 60 seconds. After the time expires, the computer logs off and restarts, regardless of what I do. I've also seen some messages mentioning win32 and svchost. I've tried running the scan program at trendmicro.com, but my computer restarts before it can run. Any computer wizards got any tips/tricks for me to get rid of this virus? Any help is greatly appreciated. It's cutting into my time on ***boat :mad:
Thanks
Nubbs

Jyruiz
08-24-2006, 06:44 PM
Try booting up in safe mode with networking and try it again.

rrrr
08-24-2006, 06:54 PM
That shit invaded my business computers.....
Had to call in a hired gun to get rid of it. Hope the little fuker that invented it gets hit by a bus. :mad:

Nubbs
08-24-2006, 06:54 PM
Try booting up in safe mode with networking and try it again.
Uhhh.......how do I boot up in safe mode with networking?
I also got another error message. It goes like this:
This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initated by NT AUTHORITY/SYSTEM.
The system process C:\WINDOWS\system32\lsass.exe terminated unexpectedly with status code 128. The system will now shut down and restart.

Jesster
08-24-2006, 06:57 PM
Reboot and keep hitting F8 key until a menu comes up then select safe mode. Ive never used the with networking option but if jyruiz says so I think he might be in that business. Run the program from there.

Jesster
08-24-2006, 06:59 PM
Do this
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. In Registry Editor, navigate to the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Winsock2
4. Right-click Winsock2, and then click Delete on the shortcut menu that appears.
5. Click Yes to confirm the deletion of the key.
6. Repeat steps 3 through 5 to remove the following registry subkeys (if present):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W insock2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\W insock2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\W insock2
7. Quit Registry Editor.
8. Restart Windows normally.
i hope this will solve your problem...

502 JET
08-24-2006, 06:59 PM
I am no expert but you could try a system restore.You can go back in time and restart the computer there.If your system has this.
Click start-accessories-system tools-system restore and follow the instructions.

Nubbs
08-24-2006, 06:59 PM
Reboot and keep hitting F8 key until a menu comes up then select safe mode. Ive never used the with networking option but if jyruiz says so I think he might be in that business. Run the program from there.
Great, thanks for the tip. I'll give it a try. My computer is sooo jacked up right now. The virus can't even function properly. lol

YeLLowBoaT
08-24-2006, 07:02 PM
BFH It will work right the 1st time or never again, one of the two. :crossx:
If you have a Anti virus software( like norton) you can boot form that disk.

Jyruiz
08-24-2006, 07:07 PM
I am no expert but you could try a system restore.You can go back in time and restart the computer there.If your system has this.
Click start-accessories-system tools-system restore and follow the instructions.
No, the SVC host virus attaches it self to the restore file. You actually have to turn off the system restore (if in regular mode) before doing the scan, once the virus is removed, you can activate the system restore.
You have the worm nachi.a or a viriant, similar to the msblast worm. Here is what you need to do to remove it,
Open a command prompt window. Click Start>Run, type CMD and then press the Enter key.
At the command prompt, type the following:
NET STOP "Network Connections Sharing"
Press the Enter key. A message should indicate that the service has been stopped successfully.
Do the same to stop the following service:
NET STOP "WINS Client"
Close the command prompt window.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>
Still in the left panel, delete the subkeys:
RpcPatch
RpcTftpd
Close Registry Editor.
Removing Malware Components
This procedure removes the malware's other components:
Double-click the “My Computer” icon from the desktop.
Look for the Windows system folder.
(Note: Windows system folder refers to the Windows system folder, usually C:\WINNT\System32 on Windows 2000, and C:\Windows\System32 on Windows XP.)
Double-click the following folder:
WINS
Right-click the following files and select Delete from the pop-up menu:
SVCHOST.EXE
DLLHOST.EXE
Click Yes when asked for confirmation.
Good luck, in only looks intimidating.

Jyruiz
08-24-2006, 07:21 PM
One more thing, do all your Microsoft updates so this does not happen to you again. Always do your MS critical updated.

Nubbs
08-25-2006, 06:02 AM
Thanks for all the help. I lost my internet connection last night and couldn't get back on to ***boat. I'll give it a shot when I get home tonight.
Thanks
Nubbs

Boozer
08-25-2006, 06:06 AM
Also, if you don't have an anti virus Microsoft recently bought out a software manufacturing company that makes antivirus software. The software is now currently in beta and microsoft is offering it free of charge. If you go into the online windows security center you will find the software. I have read a few reports talking about various bugs but I have been using it for about a month now without any problems on windows XP pro.

Cheap Thrills
08-25-2006, 06:15 AM
Say goodbye to viruses.
Knoppix (http://http://iso.linuxquestions.org/distro.php?distro=5)
Mandrake (http://iso.linuxquestions.org/distro.php?distro=3)
:D
C.T. :wink:

Riverless
08-25-2006, 07:34 AM
Nubbs,
Might sound like an obvious question, but do you have a firewall, hardware or software version? A firewall will usually block nachi or msblast until you can get all your windows updates installed. I'd hate to see you remove the virus, only to get it again the next time you plug into the Internet. If you have Windows XP SP2 there is a built in firewall that is turned on by default.

RitcheyRch
08-25-2006, 07:42 AM
www.trendmicro.com
They offer free virus and spyware scans

Nubbs
08-25-2006, 08:45 AM
Thanks

Riverless
08-25-2006, 10:08 AM
Some good options in this thread but nobody has told you how to stop your computer from restarting so you can actually do the work they suggest.
You don't necessarily have to go into safe mode but its always better to if the tools your going to use work in safe mode. I have come accross a couple that still run the shutdown command in safe mode.
As soon as the computer starts and you can see the start menu.
Start - Run -
shutdown -a <enter>
That will cancel the shutdown process that was run.
From there you will have time to fix your problems.
Good call, I wasn't aware of the cancel shutdown process, thanks for the tip, I'll have to add it to my bag of tricks. :)

Tequila-John
08-25-2006, 10:31 AM
I got nailed a few weeks back. I had to restore sucked bud

Nubbs
08-28-2006, 05:52 AM
Ok, the situation has gotten worse. This virus has jacked my internet explorer. I can't get on the internet. I tried all the fixes listed above, but something is still not right. Everytime I open IE, it just says cannot open this page. Is there some sort of software I can load? Not being able to get on the internet sucks. Also, it deletes my files as I open them. I tried to open two excel files and it immediately deleted them.
Nubbs