Computer Hope
Microsoft => Microsoft Windows => Windows XP => Topic started by: KnockMeDown27 on December 28, 2011, 12:30:35 PM
-
Hello, this is my first time posting on CH, though I've been looking through the forums for the last few days to see if my issue had been posted before. I couldn't find anything, but please forgive me if this is a repeat. Also, I think this might be an issue with a driver, but I'm not 100% positive, so that is why I posted this in the Windows XP forum.
I tried asking this on Yahoo! Answers first (the forum intimidated me a bit) but all I got was a guy telling me to completely reinstall Windows, and surely there must be something else I can do because that is quite extreme. It also sounded like he didn't really read all of the information that I put, but I'm confident somebody here will take the time to read everything. /ramble
Okay, first some info about my computer. I'll post all that I know:
Acer Aspire 5000
Windows XP
Avast! free antivirus
Service pack 3
I use Mozilla Firefox
No firewall besides Windows (will download ASAP once I have internet!!)
Do not know how much RAM I have.
If there's anything that I need to post please let me know and I will try to figure it out!
Late at night on December 20, I was browsing on DeviantART when all of the sudden the Avast said it put two files in the sandbox, then a virus was detected, then windows said my firewall was turned off. This all happened in a few seconds. So I ran a boot scan but as the computer was shutting down an end program window opened and mentioned Windows Antivirus 2012 or something like that, which I know must have been the virus. I fell asleep during the scan :P but when I woke up the next morning there were two new items in my virus chest:
Name: folder\Ump_45.class Original location: C:\Documents and Settings\Admin\Application Data\S... Virus: NSIS:Zugo [Adw]
Name: netbt.sys Original location: C:\WINDOWS\system32\drivers Virus: Win32:Alureon-AOW [Rtk]
The second one immediately worried me much more than the first. I ran a second boot scan but Avast! found nothing. The Antivirus 2012 or whatever it was called hasn't shown it's face at all after the first scan, which I think is a good sign. In fact, everything is normal except I cannot connect to the internet.
I have gone into my wireless network settings and made sure that "Obtain an IP address automatically" and "Obtain DNS server address automatically" were checked under Internet Protocol Properties, which they were, so that made no difference.
I used System Restore to return my computer back to Dec 17 to see if maybe that could undo any damage, but nothing really changed.
So then I downloaded Microsoft Windows Malicious Software Removal on the MacBook that I am using now (it is a school computer, loaned to me for the year) and transferred it to my Acer by burning it on a CD because it turns out my mom stole all my flash drives for work. I figured maybe Avast! didn't catch everything, but MWMSR didn't find anything either.
So on Dec 25 (I'd been doing something different every day, as I was busy with Christmas preparations) I ran Windows Error Checking on the C: drive to see if it could fix any corrupted folders or drives or anything, but it didn't say anything and nothing changed.
I didn't go through the Malware removal steps, because I'm fairly certain that the virus has stopped spreading, and also because I don't have a flash drive (and no money to buy a new one :P) I would have to download A LOT of stuff onto the school MacBook and then transfer it using blank CDs ($$$!).
Like I said, I think this might be an issue with a driver, maybe the rootkit damaged something before it was put into the virus chest. If anyone has any helpful insight or needs more information I would be glad to do what I can. Like I said, trying to avoid downloading a lot of things as it's a difficult thing for me, but I understand if I don't have much choice. Thank you for your time!
Rachel
-
Hello Rachel - a warm welcome to the Computer Hope forums.
C.Hope has a dedicated team of Malware Removal Specialists who hang out in the Computer Viruses and Spyware forum, I think it may be of benefit to you if your query is initially handled by one of them as it is always best to ensure that your system is clean before tackling any other problem. A moderator may move your post to that forum.
Please see this post. (http://www.computerhope.com/forum/index.php/topic,46313.0.html)
Good luck.
-
Thank you, but I don't think the virus is my problem anymore (for the most part) I think my problem is the damage that it caused to my computer.
-
Thank you, but I don't think the virus is my problem anymore (for the most part) I think my problem is the damage that it caused to my computer.
And the Malware Removal Specialists also, in most cases, can advise on how to recover from any damage.
-
Name: netbt.sys
run sfc /scannow to copy a fresh version of this, since it was deleted when it was "cleaned".
-
Guess what computer I'm typing this from! :)
Thanks again, Dusty. And I never thanked you for the welcome, so thanks for that too!
And thank you BC_Programmer. The Macbook was using the last wireless connection our internet router allows, so it took some time for my computer to connect, at first I thought it didn't work. Who knew the answer would be so simple!
Looking forward to becoming involved with the CH community, and downloading some more protection to the Acer as well! (-:
-
KMD27 - Great news - thank you for coming back to advise of your success.