NekoMx
October 29th, 2006, 06:14 PM
Hey all, new to the forums and I have a problem.
I'm pretty sure that my computer has been infected with some kind of virus/worn/trojan, but im not sure what it is.
I think it started when i opened an e-mail that said 'mandatory update' (heh kinda stupid of me) i was using yahoo, and it didnt say that there was an attached file, so i opened it, the page did not load, so i just exited my browser (no the browser did not freeze, the page just didn't load)
Information:
I have a custom computer.
Windows XP
Norton AV
Zone Alarms Security Suite
Ad-Aware
Spybot Search and Destroy
A2 (A Squared)
Wormguard
(need more info? ask please :))
Symptoms:
(all kinds of symptoms...)
1. Random startup/login errors. Sometimes, when i login, i get random messages like 'Windows cannot find user profile, logging into temporary profile' (or something like that, this was just from memory, so i dont remember the exact words, but thats all there was to it, and when it logged me in with that 'temporary profile' it was like i just reformatted. When i would restart, it would log me back into my old profile. Odd, huh?
2. System Restore Error - well, when i tried to run System Restore to try to fix this problem, worm guard blocked it. Of course i didn't run it the first time, but as I got frustrated with this, i let it run anyway... the System Restore ran... in 5 minutes it was over, i thought 'wow that was fast' and when windows started up, it said that the restore failed, and of course i was frustrated at that time. Obviously something wrong there.
3. In the 'My Computer' folder under files stored on this computer i HAD two files, Documents and Anthony's Documents, now i only have one in there... Documents. the folder 'Anthony's Documents' still exists on my computer, i know because i checked, but it just doesn't show up in the 'My Computer' folder anymore. Strange....
4. I use diskeeper to defragment my computer, and whenever i defragment they have sections called:
Blue - high performing files and folders
Red - Low performing files and folders
Pink - low performing system files
White - unused space
Green/White - Reserved System Space.
Hard to explain without an image but here it goes....
When my computer was clean, the Defragmenter would do its job and it would never touch or move the System files/space. When i got infected, the Reserved System Space (Green/White ) moved.... to the middle row (it was originally near the bottom) and it seems like the Reserved System Space was cut in half, of course another sign that my computer is in trouble.
those are the major problems, I've had minor problems too, but i bet they are just the effects of the virus/worm/trojan.
I've done research and stumbled upon this page:
http://www.wilderssecurity.com/showthread.php?t=8548
I've read it and i think i might have the same problem as him, can anyone post steps on how to clear all the system restore points? and how to make a new 'clean restore point?
also, I noticed that this post was from the year 2003, and that worm was also 'spreading' through peoples computers in 2003, so, can i be infected with this worm here in the year 2006?
So far, my progress dealing with this problem, is kinda slow, im not even sure what kind of virus/worm/trojan this is, but i know that my computer is infected with something because its slower and the startup time is very slow. I have disabled my system restore and restarted, that is all, I'm not sure what to do now, that is why i ask for someone to post a simple step by step instruction on how to delete all the system restore points and make a new 'clean' restore point. Also, i ran norton AV, but it didn't detect anything, I ran spybotSD, only cookies. I ran Ad-Aware, nothing. A-Squared, nothing again)
Did more research, found out that the W32.Gluber or W32.Berglur worm 'turns off' when they detect an ,antivirus or any other scanner, run(I forgot which one does this but its one of those) So, i ran in safe-mode and when the login sceen showed up, there were two profiles, the Administrator and Anthony (Mine). I'm thinking, 'maybe this is normal?' maybe it is normal, but anyway, i logged into the Administrators profile and ran Norton AV. Norton scanned more files than usual..., when i don't run in safe mode, Norton scans about 220,000 files, when i ran in safe mode it scanned almost 400,000 files. Anyways, the scan in safe mode came up clean, no detections. So i restart (not in safe mode of course) now I'm absolutely lost, without knowing what kind of threat is in my computer, i came here, looking for help, hope you guys can help me =). reformatting is not an option to me!!!!!
I'm pretty sure that my computer has been infected with some kind of virus/worn/trojan, but im not sure what it is.
I think it started when i opened an e-mail that said 'mandatory update' (heh kinda stupid of me) i was using yahoo, and it didnt say that there was an attached file, so i opened it, the page did not load, so i just exited my browser (no the browser did not freeze, the page just didn't load)
Information:
I have a custom computer.
Windows XP
Norton AV
Zone Alarms Security Suite
Ad-Aware
Spybot Search and Destroy
A2 (A Squared)
Wormguard
(need more info? ask please :))
Symptoms:
(all kinds of symptoms...)
1. Random startup/login errors. Sometimes, when i login, i get random messages like 'Windows cannot find user profile, logging into temporary profile' (or something like that, this was just from memory, so i dont remember the exact words, but thats all there was to it, and when it logged me in with that 'temporary profile' it was like i just reformatted. When i would restart, it would log me back into my old profile. Odd, huh?
2. System Restore Error - well, when i tried to run System Restore to try to fix this problem, worm guard blocked it. Of course i didn't run it the first time, but as I got frustrated with this, i let it run anyway... the System Restore ran... in 5 minutes it was over, i thought 'wow that was fast' and when windows started up, it said that the restore failed, and of course i was frustrated at that time. Obviously something wrong there.
3. In the 'My Computer' folder under files stored on this computer i HAD two files, Documents and Anthony's Documents, now i only have one in there... Documents. the folder 'Anthony's Documents' still exists on my computer, i know because i checked, but it just doesn't show up in the 'My Computer' folder anymore. Strange....
4. I use diskeeper to defragment my computer, and whenever i defragment they have sections called:
Blue - high performing files and folders
Red - Low performing files and folders
Pink - low performing system files
White - unused space
Green/White - Reserved System Space.
Hard to explain without an image but here it goes....
When my computer was clean, the Defragmenter would do its job and it would never touch or move the System files/space. When i got infected, the Reserved System Space (Green/White ) moved.... to the middle row (it was originally near the bottom) and it seems like the Reserved System Space was cut in half, of course another sign that my computer is in trouble.
those are the major problems, I've had minor problems too, but i bet they are just the effects of the virus/worm/trojan.
I've done research and stumbled upon this page:
http://www.wilderssecurity.com/showthread.php?t=8548
I've read it and i think i might have the same problem as him, can anyone post steps on how to clear all the system restore points? and how to make a new 'clean restore point?
also, I noticed that this post was from the year 2003, and that worm was also 'spreading' through peoples computers in 2003, so, can i be infected with this worm here in the year 2006?
So far, my progress dealing with this problem, is kinda slow, im not even sure what kind of virus/worm/trojan this is, but i know that my computer is infected with something because its slower and the startup time is very slow. I have disabled my system restore and restarted, that is all, I'm not sure what to do now, that is why i ask for someone to post a simple step by step instruction on how to delete all the system restore points and make a new 'clean' restore point. Also, i ran norton AV, but it didn't detect anything, I ran spybotSD, only cookies. I ran Ad-Aware, nothing. A-Squared, nothing again)
Did more research, found out that the W32.Gluber or W32.Berglur worm 'turns off' when they detect an ,antivirus or any other scanner, run(I forgot which one does this but its one of those) So, i ran in safe-mode and when the login sceen showed up, there were two profiles, the Administrator and Anthony (Mine). I'm thinking, 'maybe this is normal?' maybe it is normal, but anyway, i logged into the Administrators profile and ran Norton AV. Norton scanned more files than usual..., when i don't run in safe mode, Norton scans about 220,000 files, when i ran in safe mode it scanned almost 400,000 files. Anyways, the scan in safe mode came up clean, no detections. So i restart (not in safe mode of course) now I'm absolutely lost, without knowing what kind of threat is in my computer, i came here, looking for help, hope you guys can help me =). reformatting is not an option to me!!!!!