Halp

[Crow]

I got some weird virus a couple days ago. It changed my desktop to plain blue, and it wouldn't let me change it back to anything. If I went into properties it would show my wallpaper.

I did a full system scan with Norton and it went away, my desktop was restored to the wallpaper I had been using. A day later it changed back to plain blue, and a Norton scan does not fix it. Also, I can't connect to a lot of major sites, such as google and yahoo, so I can't search for a solution or find out what this is.

Any ideas?

Edit: Repairing my connection let me connect to things, but my computer is really slow and my backround is still messed up.

 

[zeus9860]

Well i had a weird virus issue like 6 months ago too... It was a virus that took effect on some of my computers drivers, like removable hardware, dvd/cd rom, and a few others. I managed to clean it out from my laptop using avast, just to find out that i still couldn't use any removable hardware on my laptop. Then i tried a few steps on my own, untill i managed to fix it doing a system restore for lost files on the process (my antivirus basically detected the threats and deleted them -.-'), it fixed some major issues after the virus, but it isn't completly fixed. So if you want to give a try about that... not sure if it will help your case.

 

[Snow Wolf]

Hijack This / Spybot Search&Destroy?
don't know about Norton, do you have 'Internet Security' or 'Anti-virus'?

 

[Thothie]

Sounds like a Smitfraud virus that didn't take hold. Norton (aka. The Virus Protection of Fail) may have caught bits of it but not all of it (I'm impressed it detects it at all, given its track record).

Tricky to get rid of a virus as pervasive as Smitfraud once it's in though. I've got some cleaners, but they are for very specific versions - and in most situations, I just use them to retrieve critical data off the infected system, then wipe it for safety's sake.

Might try getting a real virus scanner (maybe a demo version of eset), and hoping the virus doesn't mess up its install, plus a root kit cleaner. If you were more puter adept, I'd say grab HijackThis, but I suspect you'd do more harm to your system than good. ^_^

Safest thing to do, however, is grab everything critical (including your MAPS FFS ><), wipe it, reinstall, and scan what you recovered before copying it back over. (Or as I tell my clients, "Nuke it from orbit - it's the only way to be sure.")

 

[Crow]

Well renewing my IP worked for about 5 mins, now I can't connect to much agian, including that thing you linked, and reparing my connection doesn't work anymore ><

 

[Thothie]

Yeah, installing a virus scanner after the fact rarely works. You can do a full system scan with it and pray, but odds are there are already system files infected that it can't get at, or the virus itself will prevent the OS from detecting them (and/or block the scanner from installing proper). You can try it from Safe Mode (hold F8 on boot), but even then, it's not hopeful.

You can boot into safe mode and try the ones in this kit:
http://www.thothie.com/random/smitfraud_repair.rar
Password for that kit is gaz (because any virus scanner my host has will detect them as viruses, for they have bits of the smitfraud code in them).

There's one other common virus that causes desktop/wallpaper replacement like that, but I've no cleaner for it. (Also can't recall the name off hand.)

Even if those work, you'll probably be left with some "holes" in your OS, causing various little issues - also possibly undeletable registry entries. So again, best bet, evacuate the base then nuke it from orbit.

 

[Drathamus]

I wish I had you when I got that very virus, Thothie.

All I did to "fix" it was re-partition my hardrive and got me a $5 copy of Win7 64-bit professional.

Try "malwarebyte's anti-malware", and "AVG 9.0" - both are free, and might be able to help you.

 

[Crow]

I booted in safe made and ran that thing. Now When I try and log in through windows, it says I need a registered version, "click ok to register" or w/e, then it goes in and says "your copy of windows is already registered" and logs out.

Sooooooooooo yea, I can't get in through windows. Luckily for me I had a copy of kubuntu installed, so I'm in through that right now. Ima head to the store here in a bit and get an external hard drive and save all my things and nuke it from orbit. Thank god for kubuntu.

Edit: Btw, when I do reinstall everything, the best virus protection I can get is eset?

 

[Age]

Avast all the waaaaay

 

[Crow]

What is your opinion of kaspersky Thoth.
My friend has an extra cd key.

 

[Thothie]

Avast is alright...

Kaspersky is so-so...

I usually recommend Eset because I'm usually working with office computers, which tend to kinda suck, and Eset seems to give the most bang for your buck, in terms of resources used vs. effectiveness. Eset only uses two TSR's totaling maybe 50MB, and it can't be beat, performance wise. Effectiveness wise, it catches 42 entries in my 48 virus collection file, which ties it with Avast, and is more than double Norton's or McAfee's pathetic counts.

Avoid Norton, McAfee, and AVG. Kinda sad on the last, as there was a time when AVG was quite good - but it's sh*t now - although I think it is still the only free AV with a web shield - and that's all you really need - except that AVG's web shield sux, and it requires 12 different programs with nearly a gig of overhead now.

Also tend to use Knoppix or better yet BartPE for file recovery, as they both provide OS's (or partial OS's) that can be run from CD's without installing them. (And BartPE has full, safe, winderz compatible NTFS read/write).

I can give ye something to fix corrupted windows activation on XP installs, but yes, you are better off nuking it, so as you were.

 

[Crow]

Eset it is then. Here I go.

 

[Crow]

Remember kids, don't leave your friends external hard drive with all you backed up files on it connected when you are wiping all your hard drives, because you might just mistake it for one of yours and wipe it clean.

Not only would you have lost all your stuff, you will have lost all your friends stuff that was on it, and along with that it will be non functional.
















Yay.

 

[Thothie]

If ya just formatted it, any half-assed data recovery software can get it back.

Same if windows effed with the fat tables of the removable drives during install - as it often tends to do. Always disconnect your USB drives when installing winderz.

 

[Crow]

I didn't even format it, I just hit delete partition so its just unpartitioned right now.

I was going to shell out the 120$ to get the data recovery his external HD brand sells, but if there is other stuff out there that is free...

 

[Thothie]

I didn't even format it, I just hit delete partition so its just unpartitioned right now.

I was going to shell out the 120$ to get the data recovery his external HD brand sells, but if there is other stuff out there that is free...

I've a messload of not-so-free ones, but for something simple like this, the free ones tend to work just as well:
http://download.cnet.com/PC-Inspector-F ... ag=mncol;6
http://download.cnet.com/Easeus-Data-Re ... ag=mncol;2
http://download.cnet.com/Pandora-Recove ... ag=mncol;3
http://download.cnet.com/Data-Recovery/ ... ag=mncol;4
http://download.cnet.com/MiniTool-Power ... g=mncol;10

All freeware versions of tools I've used before. As a general rule with these, the less fancy it looks, the more apt it is to work (although I suppose that rule applies to most all software).

SuperFdisk might be able to fix a deleted partition by merely recreating the same partition in non-destructive mode, but you more or less need a professional nerd on hand to use it - at least with an operation that delicate.

In some cases, the way Winderz deletes partitions can make data recovery software go full-retard. Even in those situations, the data recovery software should still eventually get the files, it's just you may wind up running in the background for a day or two before it does. If data recovery software offers to recover the partition table, or write to the drive in any way, try another piece of software before you risk it failing in that endeavor, thus making the partition harder for other software to recover. IOW - recover all the files you can to a HD before attempting to recover the partition.

 

[Age]

I'm not at my desktop ATM, but I'm pretty sure the version of Avast it has on it has a web shield, though I'm not sure where the version I have came from, because I'm not the one that installed it. Damn ninjas installing anti-virus software on my computer.