Computers and viruses (help appreciated...)

Stinky Chicken

(Banned)
1,928
Okay, so this is how it is. I keep getting my virus protector popping up with a blocked file, and then after that a webpage pops up.

Here's the virus protector:

desktop4yn.gif


This box pops up, then a little while later THIS page opens up, in internet explorer: http://540.scmg.net/randomsites/banner.aspx

Just a heads-up: this link apparently takes you to material listed as "bad" under the rules of this site. DON'T click it.

Now that page doesn't seem to do any harm to my PC, because it's been happening about half a dozen times a day and nothing's happened yet. (I was going to post this earlier, but I wanted to observe what happened over a day or so period first.)

What I think it's trying to do is, execute a virus with a link to that page, but F-Prot is stopping the virus from executing.

It might be the most obvious answer in the world, but does anyone know how to get into System Volume Information? I was thinking I might delete the file manually as none of the AV or spy/ad/malware software I use seem to be able to pick it up...

Help appreciated! :cheers:
 
First, remove the hyperlink from your post. Just have the website URL, but don't have it activate if you click on it. I clicked it several times and there was some bad material that came up, like some questionable sites, and some sites had links to other bad sites.

It sounds like spyware is causing this. If you have some bad spyware it will send popups to your IP, even if you don't currently have your internet browser open. You can run your virus scanner over and over and it most likely won't find anything. Try running a spyware removal tool, like AdAware.

Download AdAware Free - http://www.lavasoftusa.com/support/download/ - (This takes you to Lavasoft, the designer of AdAware's, website. It does not directly link to a download location)
 
Very amusing, James. :P

Cardude:

cardude2004
First, remove the hyperlink from your post. Just have the website URL, but don't have it activate if you click on it. I clicked it several times and there was some bad material that came up, like some questionable sites, and some sites had links to other bad sites.

Okay, first off: You can't just have the website URL, it's impossible - the site wraps it in "url" and "/url" tags even if you only type out the address. For example: www.gtplanet.net - now quote this post, you'll see that the GTP URL is wrapped in "url" and "/url" tags.

Second:

cardude2004
It sounds like spyware is causing this. If you have some bad spyware it will send popups to your IP, even if you don't currently have your internet browser open. You can run your virus scanner over and over and it most likely won't find anything. Try running a spyware removal tool, like AdAware.

Download AdAware Free - http://www.lavasoftusa.com/support/download/ - (This takes you to Lavasoft, the designer of AdAware's, website. It does not directly link to a download location)

Stinky Chicken
I was thinking I might delete the file manually as none of the AV or spy/ad/malware software I use seem to be able to pick it up...

This includes Ad-Aware.

Thanks for your help anyway, I guess. :indiff:
 
The file is located in one of your system restore point directories, hence you're not able to delete it. You need to disable System Restore, then start the machine in Safe Mode, and then you will be able to delete the file. I would do a manual check of the Registry for the URL and for the file name.
 
GilesGuthrie
The file is located in one of your system restore point directories, hence you're not able to delete it. You need to disable System Restore, then start the machine in Safe Mode, and then you will be able to delete the file. I would do a manual check of the Registry for the URL and for the file name.

Okay, I should be able to take it from there. I'd just like to clear on thing up though - the "System Volume Information" folder should be accessible after stopping System Restore, yes?

And I had a look in the registry, I went through every Internet Explorer part in the registry, but I'm not exactly what one might call "experienced" in that area though, so I don't really know where to look...
 
In XP go to Run the type in "regedit". Without the quotes or period and then you can search your registry. You can do a find by going to edit -> find or CTRL + F, or you can just open and close folders. I don't know much about editing the registry, as I don't do it much because you can harm your system if you do the wrong thing.
 
You can usually mess around in the registry without harm, just make sure that you have a backup handy 👍.
 
icemanshooter23
You can usually mess around in the registry without harm, just make sure that you have a backup handy 👍.

I do have a backup, but it isn't always without harm. If you modify some startup files you computer won't start and it is hard to get it to start, even with a backup.

Another thing to remove this virus, tell you virus scanner to scan on boot. This way if it needs to fix or delete system files it can do so.
 
Back