Recommended Posts

OK, because it's the "blind leading the blind" here....help!!!

Daughter's 4 month old computer is running slower than mollasses and she complained of issues with shutdown--it just hangs at the desktop with the hourglass and she has had to shut it down by pushing the power button. No blue screens or goofy restarts, just pokey.

I'm pretty sure she has no antispyware on it, as the kids kicked me out of her dorm room when they set up her computer and never gave me a chance to nag. AND she told me that her "now-ex boyfriend" played on her computer in January, and she got porn pop-ups for the next couple days afterwards, so I'm guessing he downloaded "something"......she's a pretty safe surfer (I could wring his neck!)

First things I'm going to do is to check to make sure Windows Firewall isn't enabled (she has Mcafee Firewall) and to check Control/Alt/Delete, Processes, to see if something's taking up 100% CPU and then...

I'm thinking of these options

System Restore

Installing and running Adaware, Spybot, Spywareblaster

Running Ewido (I've never used it, but have heard it's wonderful from this place!)

My dilemma----Which order should I do these and is there anything else I should try?

Of course, if none of these work, I'll be posting a hijack log, but with her being an hour away, that is my last resort! And I've never done hijack this and I'm a chicken with new things.... :)

She has XP SP2, AutoUpdates, so she's up-to-date (so she tells me) , IE6, Mcafee AV and Firewall (also auto updates) and is on her College Internet Network.

Thanks a bunch,

Liz

Link to post
Share on other sites

Heya Liz! Ok, lets start at the beginning. The order you run those scans doesn't matter really. However, I'd run Ewido before the other tools. Adaware and Spybot were great in their time, but with most 'modern' infections, they don't do too much :( . Ewido is a very good anti-malware tool. At this point, Ewido may be able to weed out a lot.

I would NOT consider system restore. Unfortunately, system restore points can become infected, just like the rest of the system, and it may be a waste of time (this is all assuming malware is infact the issue here). Running Spybot and Adaware won't hurt though.

Spyware blaster won't fix anything thats currently on the system, but it certainly is a good prevention tool to ward of future infections.

I'm assuming you've already done a full system scan with McAfee?

Don't fear HJT, we'd get you and your daughter fixed right up! :lol: If it is too hard for you to be there to do that, you can always have her post the HJT log herself. ;)

Oh and Liz, this wasn't a dumb question! :P

Matt

Link to post
Share on other sites

Thank you, Matt! :wub:

According to Kate, her Mcafee "popped a pop-up", saying she had a virus, but according to her, it didn't specify what virus she had and didn't specify whether it "killed it" or not....which is weird for Mcafee (?? she's less techy than I am! Yes, there IS such a thing, she IS naturally blonde! :D ) she said she ran a scan which showed no viruses (again, ?? I'm guessing that pop up said Mcafee "killed the virus" and she just didn't read it right...panic mode *gasp, a virus?* does it to me!)

I'm hopefully going down there sometime this week, and I'll run ewido and see what it comes up with. Then I'll run Adaware and Spybot and see if her dilemma is gone. Of course, I'm adding SpywareBlaster (I LOVE that program!)

Anything I need to know about Ewido that might throw me for a loop? Download it, run it and let it do it's thing? I'm familiar with Adaware and Spybot, but again, I've never run Ewido.

Thanks, and I'll keep y'all posted!

Liz

Link to post
Share on other sites

no i agree with matt

i remember once on techtv

becky worley said the only dumb Q is the one that isnt

asked.

now as matt suggested sys restore may not be needed

but for safety sake it would be wise to go in and disable restore

because it can get infected in there.

what i do i disable it. then i go to

clean my disk and delete those restore points

that way any virus up to your recent restore points are deleted

i normally reboot but it isnt nessecery

then as matt suggested scan with what ever scanners you use

after you finish scanning turn on your restor program

once you have cleaned the sys

i haven any suggestion as to what scanner

we al have our preferences

one other thing get your daughter to go to safe mode

in networking

and scan and delete from there

post back on your progress

good luck

marty

Edited by martymas
Link to post
Share on other sites

You plan sounds good, just make sure to let her know to keep spyware blaster up to date and to enable all protection everytime it updates. After you run all the scans run them all again in safe mode. Last thing, since she uses IE I would recommend IESpyad which puts a very large amount of bad sites in the restricted sites zone, google it if you don't already know.

--Mistabigshot

Link to post
Share on other sites
Anything I need to know about Ewido that might throw me for a loop? Download it, run it and let it do it's thing? I'm familiar with Adaware and Spybot, but again, I've never run Ewido.

Thanks, and I'll keep y'all posted!

Liz

Liz:

After you D/L Ewido, click update before you run a scan. It updates very quickly. If it finds anything, a pop up window will ask if you want to clean or something like that, answer yes clean all, so it won't keep asking you every time it finds something. It will clean and put it into quarantine (spelling) I'd stop after that and come back here and tell Matt or anyone else what you found before you delete it completely. Let them advise you from there.

Ewido

Good luck

Link to post
Share on other sites
Anything I need to know about Ewido that might throw me for a loop? Download it, run it and let it do it's thing?

I would suggest you read this guide on setting up and running ewido. There are a few things you need to do when scanning that are slightly different than most scanners. As barb said, it will ask you what to with the files. Ewido will generate a report of what it did during the scan. I'd suggest posting that.

Btw, i'm moving this to Spyware/Adware Information. If a HJT log is needed, I'll move it to the HJT section. ;)

Link to post
Share on other sites

If you use IE-Spyad with SpywareBlaster it is recommended by Eric Howes to not enable SpywareBlaster's Restricted Sites option. His IE-Spyad program uses SpywareBlaster's definitions plus many others and places them in the same area. Just enable all of the other sections of SpywareBlaster.

Link to post
Share on other sites

Thank you all soooo much! :wub: Couple more questions (surprised?)

From the ewido tutorial:

"Now save the report .txt file to your desktop" Ummmmm, how do you do this? Is it an option if I right click it? Go ahead and laugh, y'all know I don't mind :D

Should I run ewido in safe mode? I've always run Adaware and Spybot in "normal mode"

When I was on the phone with a tech with the Possessed Gateway, he taught me a way to go into safe mode without pressing F8 (because neither computer beeps at startup and neither shows a "bios page" at startup) If I remember right, I went "somewhere" and clicked "restart in safe mode". After I was done "fixing", I went back and unclicked it and it restarted in "normal mode". It seemed easier than guessing when to press F8. Where did I go to do that? Misconfig? Task Manager?

Thanks....oh, and don't be surprised if Kate's friend Chris posts on my account--I'm sending him a link to this page. He is also going to help her, and I gave him my screename and password for here. You'll certainly know it's him, he's much techier :D Yup, we got more help! It takes a village....

Thanks,

Liz

Edited by blim
Link to post
Share on other sites
"Now save the report .txt file to your desktop" Ummmmm, how do you do this?

It will be an option after scanning.

Should I run ewido in safe mode?

Wouldn't hurt. From my experiences, it won't make much of a difference, but you never know, it may work better in safe mode.

When I was on the phone with a tech with the Possessed Gateway, he taught me a way to go into safe mode without pressing F8 (because neither computer beeps at startup and neither shows a "bios page" at startup) If I remember right, I went "somewhere" and clicked "restart in safe mode". After I was done "fixing", I went back and unclicked it and it restarted in "normal mode". It seemed easier than guessing when to press F8. Where did I go to do that? Misconfig? Task Manager?

I'm assuming youre using XP:

* Close all open programs.

* Click Start, Run and type MSCONFIG in the box and click OK

* The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.

* The computer restarts in Safe mode.

* Perform the troubleshooting steps for which you are using Safe Mode.

When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab, uncheck "/SAFEBOOT" and click OK to restart your computer

Good luck!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...