I think I have a virus.. or something?
1 Attachment(s)
My internet started acting really weird last night. Random pages would not load, but others would load perfectly fine, and I knew that they were all available.
Today, whenever I search from my Google search bar, I get this weird pop up. Doesn't come up on any other pages, and doesn't come up if I go to Google and search from there. Any ideas? I know someone else posted recently asking about what programs to use to get rid of spy ware/viruses, but any recommendations? Key word - free. :) |
Nvm now its doing it from the Google website itself, and my Gmail isn't working. Must be them.
Anyone feel like trying a Google search? |
no problems here.
__________________ Best Car Insurance | Auto Protection Today | FREE Trade-In Quote |
Yeah its me, a friend just confirmed Google is fine. Trying Malwarebytes..
|
oh noes the notorious ruskie popup!!
|
I think I've tracked it down to csrss.exe, but it wouldn't delete.
Now whenever I search for it on yahoo/google, my search browser gets blocked. Sounds like that antivirus 2009 that someone else had. WEAK! |
Try this:
1. Backup all valuable files 2. Delete windows partition. 3. Create new partition. 4. Install Linux (Ubuntu ftw) 5. Never get a virus like that again. |
Ok I am officially lost.
All but one of these were deleted Malwarebytes' Anti-Malware 1.31 Database version: 1494 Windows 5.1.2600 Service Pack 2 12/12/2008 2:56:06 PM mbam-log-2008-12-12 (14-56-06).txt Scan type: Full Scan (C:\|) Objects scanned: 84688 Time elapsed: 49 minute(s), 20 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csrss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Mike\Local Settings\Temp\csrss7.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike\Local Settings\Temp\jlw2rty7.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike\Local Settings\Temp\e1ch3i5r.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Delete on reboot. I saw this in the thread about antivirus 2009:
Originally Posted by Saml01
(Post 334102)
Easy as cake to remove.
Go to bleepingcomputer.com and download Combofix.exe. Run it, dont worry about recovery console, just run it. I cleaned 5 computers with it so far without a hitch. Download MalwareBytes, run that after. Download Spybot Search and Destroy, immunize your computer and run the scan. DO ALL THIS IN SAFE MODE. Install Avast Antivirus. Done. |
you have to delete stuff while in safe mode...
|
Originally Posted by Braineack
(Post 340553)
you have to delete stuff while in safe mode...
https://www.miataturbo.net/forum/t28522/#post334102 This should be a sticky in the archive. |
all I know is when i open this thread, my Acrobat 9 asks where my debugger is loaded.....odd.
|
In Soviet Russia, bear-porn f***s you.
If this is a recent change, you can do a System Restore to a earlier date. You will lose information saved between then and now, however, the bug will be gone too. Then get something like AVGFree or SpyBot Search and Destroy on your PC. |
Tried running combofix but it just dumps right after I open it. I'm about to just have somene else do it, I have zero patience for computers!
|
I love the "K" bear. lolololoooool
|
Sam and Apex, I went to bleepingcomputer and searched for combofix, to no avail. Would you mind posting a link? Thanks.
|
Originally Posted by ApexOnYou
(Post 340540)
I think I've tracked it down to csrss.exe, but it wouldn't delete.
Now whenever I search for it on yahoo/google, my search browser gets blocked. Sounds like that antivirus 2009 that someone else had. WEAK! |
CSRSS7.DLL removal instructions:
1. Temporarily Disable System Restore, Reboot computer in SafeMode. 2. Locate CSRSS7.DLL virus files and uninstall CSRSS7.DLL files program. Follow the screen step-by-step screen instructions to complete uninstallation of CSRSS7.DLL. 3. Delete/Modify any values added to the registry related with CSRSS7.DLL, Exit registry editor and restart the computer. 4.Clean/delete all CSRSS7.DLLinfected file(s):CSRSS7.DLL and related, or rename CSRSS7.DLL virus files. 5.Delete all your IE temp files with CSRSS7.DLL manually, run a whole scan with antivirus program. I cannot verify that this will work, but it is worth a try. Alexa virus = POPUPTRAF.RU |
Thanks for the info, i'll give it one more try before I bitch out and re-format lol.
Its good to know the name of the virus at least. Crazy Russians!! |
Originally Posted by Fireindc
(Post 340551)
Try this:
1. Backup all valuable files 2. Delete windows partition. 3. Create new partition. 4. Install Linux (Ubuntu ftw) 5. Never get a virus like that again. after not playing with it for a few years i just reinstalled linux (ubuntu) on both of my computers. smartest thing i've done in a while. if i didn't need to run windows/ie for a select few things i'd be done with it entirely. to the op: ad-aware is pretty sweet |
I haven't played with Linux since Middle school, tried a bunch of different forms of Linux OS but never got it set up 100%, ended up going back to Winblows. Is there still a lot of down falls for running Linux, as in product support/drivers for hardware? What about just browsing the internet, you tube/applications and what not.
|
All times are GMT -4. The time now is 04:50 PM. |
© 2024 MH Sub I, LLC dba Internet Brands