This JUST happend to me... Thank god it's resolved!!!

This is a very scary PC story (TO ME)

When I booted up my computer... I went on the internet (Like Usual) on
google, and looked up stuff. When I went to a website of the serch engine...
BAM!! PC infected... Then I wanted to get out of there... So I clicked the
"X" in the top windows corrner. I wont work!! I did CTRL+ALT+DEL, and the
infection disabled it... What luck! Windows expoloer.exe finaly cached, from
the CPU charge... and explorer,exe came up again.... but now it's fishy
looking... now all of these pop-ups came up!!! Now I did a emergency shutdown
(Wich I call "Pull the power cord out of the wall!!!") I rebooted... logged
into a diffrent user... and now I was in for it... The screen went black...
with a warning message saying "Microsoft Windows has a viral infection, and
will now shutdown." I was freaked out!!! Never in my life have I seen this
before. I faced the fact the PC was dead... but then I rememberd... I have a
Dual-Booting windows millenium edition partition. I logged in to that (They
are TWO COMPLEATELY DIFFERENT file systems, FAT32, and NTFS) and it's very
sluggish, but I never got any errors... so that made my day. I went on the
internet, and looked up these symptoms... andI have alot of infections... but
I didn't know that I had over 100 viruses on that partition. I found out if I
boot in to Safe Mode with Networking, I can go on the net to Micro trends
Housecall, and It will kill the infections... but durring the proccess...
FAKE windows security center windows came up saying that there is a virus...
and It will kill it. Obveousely, I exited out IMMEDIATLY, and the scan
stoped... it fixed evreything... but noy really. Screw that plan... The next
thing I'll do is download Avast! Pro edition... and I did. I ran the scan...
and it needed to restart because of viruses in operating memory, and wanted
to do a scan in the boot proccess... when the virus was inactive. it stoped
the scan successfully, reporting that 122 viruses was on the pc... 23
trojans... at least 200+ spyware, and malware issues, and 64 damaged system
files... dogonit!!! but wait... IT REMOVED ALL THE INFECTIONS, AND FIXED ALL
OF THE DATA ERRORS!!! THANKS AVAST!!!! But wait... one more piece of
buissness to take care of... DISCONNECT THE INTERNET CABLE, for a percaution.
This Windows XP SP1 system, survived all of this thanks to avast!

"I recumend Avast Pro edition 4 for being good quality, next to Norton
Antivirus, and McAffe Anti virus"

*** NOTE TO MICROSOFT" MAKE YOUR OPERATING SYSTEMS MORE SECURE... LIKE
APPLE'S DO! YOU ALMOST COST MY FAMILY $1,000 OF CASH TO FIX, AND GET A NEW
COMPUTER, IF NECCECASRY!!! ONCE AGAIN, THANKS AVAST***

On Sun, 23 Dec 2007 21:56:01 -0800, dragonfly wrote:

I wouldn't be so confident

[scary story snipped)

It's about time you educate yourself browsing the net securely.

It's about time you upgrade your OS from SP1 to SP2.
http://www.microsoft.com/windowsxp/sp2/default.mspx

Well, sort of...
"The only way to clean a compromised system is to flatten and rebuild.
That¢s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/com...mt/sm0504.mspx
*see footnote.

Not the retail versions. Free AV apps are available and doing a reasonable
job.

It's *your* responsibility to make it more secure!

You can't compare Apples with WINDOWS, only Apples with Apples :-)

It's about time you develop a meaningful security concept, take charge of
your pc, accept responsibility and overcome your shortcomings by educating
yourself. You are the operator; Stop whining and stop blaming M/S!

Applying the Principle of Least Privilege to User Accounts on Windows XP
http://technet.microsoft.com/en-us/l.../bb456992.aspx

1. For day-to-day work/browsing operate as a 'normal' user i.e. utilize the
Limited User Account (LUA) and use the Administrator Account (AC) only
when absolutely necessary.

2. Secure, tighten up your Operating System (OS).

3. Keep your OS and all software on it updated/patched.

4. Reconsider usage of IE and OE.

5. Don't expose Services to public networks.

6. Use the WinXp SP2 in-build firewall and if applicable use a router.

7. Do not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC and
leave TCP/UDP ports 135, 137-139 and 445 closed.

8. Routinely practice Safe-Hex.

9. Routinely backup your data, Develop a Back-Up concept.

10.Familiarize yourself with 'flatten' and rebuild your OS.

11.Review your installed 3rd party software applications;
Remove clutter.

12.Utilize some monitoring utilities developed by Mark Russinovich
and Bryce Cogswell; Beginners may wish to employ a real-time AV
application.

Detailed elaborations pertinent to the above mentioned points can be
provided.

*footnote:
If reformatting the HDD is beyond your capabilities then get professional
help.
In the meantime you may wish to download David H. Lipman's MULTI_AV.EXE
from the URL:
http://www.pctipp.ch/downloads/siche...ning_tool.html

The web site is in German but the MULTI_AV scanning tool is in English.
Anyway, go down to near of the bottom of the page and you'll see a box
titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see: Download
von www pctipp.ch and the link to download:
Once you've clicked this link, it will bring to:
http://www.pctipp.ch/index.cfm?pid=1411&pk=28470.

You will have to wait for a few seconds or so and the 'Download file'
window should appear - just follow the prompts to download Multi_AV.exe

If however the 'Download file' window does not appear don't panic, don't
click, don't do anything, just look for:
Der Download started in wenigen Sekunden automatisch.
Fall nicht, klicken Sie bitte -hier-.

Translated to English:
The download process is going to start in a few seconds.
If not, click -here-.

This should be pretty self-explanatory.

Additional Instructions:
http://pcdid.com/Multi_AV.htm
Ignore the links displayed within this site as they are not valid anymore
and have not yet been updated to current status.

Still no luck? Go to:
http://www.elephantboycomputers.com/...moving_Malware

Read, comprehend and implement.

Good luck
--
Security is a process not a product.
(Bruce Schneier)

On Dec 23, 11:56*pm, dragonfly <dragon...@discussions.microsoft.com>
wrote:

[40 lines of garrbled crap snipped]

***NOTE TO BOZO***: learn to spell, punctuate and to paragraph.

dragonfly wrote:
Macs are considerably more vulnerable to malware than Windows.

That Macs don't get infected as often is a completely different issue.

Note to User: Your unsafe browsing habits infected the machine. MS can't do
anything about that. (Though if you were running Vista, there's a good
chance that Windows would have alerted you to a possible problem early on.)

I wouldn't be so sure the machine's 100% clean just yet. Such
Zlob/SmitFraud infections usually bring along several friends which Avast
can't identify or remove.

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

dragonfly wrote:

*** NOTE TO FRICKEN GRUMPY DUDE***

I realy don't like it when fricken people, like your fricken self, say stuf
like that to me. Please don't put crap like that here. Go hug a hobo... Freak.

***NOTE TO EVREYONE ELSE***

Merry Christmas...

I like it when people post on my things, giving me POSITIVE feedback.

"Uncle Grumpy" wrote:

Hey, thanks for the SP2 link. Now I am waiting for SP3 to come out in 2008

"Kayman" wrote:

On Mon, 24 Dec 2007 07:49:13 -0600, "HeyBub" <heybub@gmail.com> wrote:



I'm not disputing that, because I know next to nothing about the
Macintosh. But I've never heard it before, and I'm curious about it.
Do you have any links to sites that demonstrate or explain that?



--
Ken Blake, Microsoft MVP Windows - Shell/User
Please Reply to the Newsgroup

I will repeat (pretty much what Grumpy posted), either learn to spell, or
slow down and spell correctly, your on a public forum asking for help, so
make your postings legible. if your not taking the time to spell check or
proof your postings, they may get ignored, as some will think them posted by
an 8 year old.

"dragonfly" wrote:

On Dec 24, 4:38*pm, sgopus <sgo...@discussions.microsoft.com> wrote:

Or a friggin' moron.

I think he's more representative of the latter than the former.

His post is all that we need to verify that. ;->

On Dec 24, 4:38*pm, sgopus <sgo...@discussions.microsoft.com> wrote:

"your" = should be "you're".

"if your" = should be "If you're".

Whats your age... NINE? ;->

dragonfly,

I don't mean to burst your bubble (Grumpy does!), but do yourself a favor
and read this article by one of the MVP's:
http://aumha.net/viewtopic.php?t=285...=asc&highlight

--
HTH,
Curt

Windows Support Center
http://www.aumha.org/


"dragonfly" <dragonfly@discussions.microsoft.com> wrote in message
news:0897B615-A770-4425-AA99-E34232F72A94@microsoft.com...

Tis unfortunate that these newsgroups have people such as you and Grumpy
more concerned
about spelling than technical and/or program problems.
"sgopus" <sgopus@discussions.microsoft.com> wrote in message
news:4D8F6272-3623-469E-8E4C-54E6568E08E0@microsoft.com...

Unknown wrote:
We call them Net Nannies. It's about all they can do.

Alias

Unknown wrote:

While some people do go over the top criticizing simple, harmless
mistakes (not in this case, though - the original post was unreadable; I
wouldn't even try to decipher it), they do have a point. How can we
help someone if we cannot understand what he/she is trying to say?
Precise, accurate language and descriptions are essential to the proper
identification and resolution of technical issues. Remember, as you
say, we're here to help resolve technical issues, not spend time trying
to guess what the OP means.


--

Bruce Chambers

Help us help you:
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

Ken Blake, MVP wrote:
Here ya go:

http://blogs.zdnet.com/security/?p=758

You can help simply by ignoring what you don't understand.
"Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message
news:%23XxSy7xRIHA.5288@TK2MSFTNGP04.phx.gbl...

Ideal name!
"Alias" <alias@aliasmail.com> wrote in message news:fkre9l$ja2$1@aioe.org...

If, as you say, precise, accurate language and descriptions are essential
to the proper
identification and resolution of technical issues, I submit you cannot be a
technician,
diagnostician or solver of any of these problems.
"Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message
news:%23XxSy7xRIHA.5288@TK2MSFTNGP04.phx.gbl...

On Tue, 25 Dec 2007 12:00:23 -0600, "HeyBub" <heybub@gmail.com> wrote:


Thank you.


--
Ken Blake, Microsoft MVP Windows - Shell/User
Please Reply to the Newsgroup