blim Posted April 17, 2006 Report Share Posted April 17, 2006 OK, because it's the "blind leading the blind" here....help!!!Daughter's 4 month old computer is running slower than mollasses and she complained of issues with shutdown--it just hangs at the desktop with the hourglass and she has had to shut it down by pushing the power button. No blue screens or goofy restarts, just pokey.I'm pretty sure she has no antispyware on it, as the kids kicked me out of her dorm room when they set up her computer and never gave me a chance to nag. AND she told me that her "now-ex boyfriend" played on her computer in January, and she got porn pop-ups for the next couple days afterwards, so I'm guessing he downloaded "something"......she's a pretty safe surfer (I could wring his neck!)First things I'm going to do is to check to make sure Windows Firewall isn't enabled (she has Mcafee Firewall) and to check Control/Alt/Delete, Processes, to see if something's taking up 100% CPU and then...I'm thinking of these optionsSystem RestoreInstalling and running Adaware, Spybot, SpywareblasterRunning Ewido (I've never used it, but have heard it's wonderful from this place!)My dilemma----Which order should I do these and is there anything else I should try?Of course, if none of these work, I'll be posting a hijack log, but with her being an hour away, that is my last resort! And I've never done hijack this and I'm a chicken with new things.... She has XP SP2, AutoUpdates, so she's up-to-date (so she tells me) , IE6, Mcafee AV and Firewall (also auto updates) and is on her College Internet Network.Thanks a bunch, Liz Quote Link to post Share on other sites
Matt Posted April 17, 2006 Report Share Posted April 17, 2006 Heya Liz! Ok, lets start at the beginning. The order you run those scans doesn't matter really. However, I'd run Ewido before the other tools. Adaware and Spybot were great in their time, but with most 'modern' infections, they don't do too much . Ewido is a very good anti-malware tool. At this point, Ewido may be able to weed out a lot.I would NOT consider system restore. Unfortunately, system restore points can become infected, just like the rest of the system, and it may be a waste of time (this is all assuming malware is infact the issue here). Running Spybot and Adaware won't hurt though.Spyware blaster won't fix anything thats currently on the system, but it certainly is a good prevention tool to ward of future infections.I'm assuming you've already done a full system scan with McAfee?Don't fear HJT, we'd get you and your daughter fixed right up! If it is too hard for you to be there to do that, you can always have her post the HJT log herself. Oh and Liz, this wasn't a dumb question! Matt Quote Link to post Share on other sites
blim Posted April 17, 2006 Author Report Share Posted April 17, 2006 Thank you, Matt! According to Kate, her Mcafee "popped a pop-up", saying she had a virus, but according to her, it didn't specify what virus she had and didn't specify whether it "killed it" or not....which is weird for Mcafee (?? she's less techy than I am! Yes, there IS such a thing, she IS naturally blonde! ) she said she ran a scan which showed no viruses (again, ?? I'm guessing that pop up said Mcafee "killed the virus" and she just didn't read it right...panic mode *gasp, a virus?* does it to me!)I'm hopefully going down there sometime this week, and I'll run ewido and see what it comes up with. Then I'll run Adaware and Spybot and see if her dilemma is gone. Of course, I'm adding SpywareBlaster (I LOVE that program!)Anything I need to know about Ewido that might throw me for a loop? Download it, run it and let it do it's thing? I'm familiar with Adaware and Spybot, but again, I've never run Ewido.Thanks, and I'll keep y'all posted!Liz Quote Link to post Share on other sites
martymas Posted April 17, 2006 Report Share Posted April 17, 2006 (edited) no i agree with matti remember once on techtvbecky worley said the only dumb Q is the one that isnt asked.now as matt suggested sys restore may not be needed but for safety sake it would be wise to go in and disable restore because it can get infected in there.what i do i disable it. then i go toclean my disk and delete those restore points that way any virus up to your recent restore points are deletedi normally reboot but it isnt nessecerythen as matt suggested scan with what ever scanners you useafter you finish scanning turn on your restor program once you have cleaned the sysi haven any suggestion as to what scanner we al have our preferencesone other thing get your daughter to go to safe mode in networking and scan and delete from therepost back on your progress good luck marty Edited April 17, 2006 by martymas Quote Link to post Share on other sites
Mistabigshot Posted April 17, 2006 Report Share Posted April 17, 2006 You plan sounds good, just make sure to let her know to keep spyware blaster up to date and to enable all protection everytime it updates. After you run all the scans run them all again in safe mode. Last thing, since she uses IE I would recommend IESpyad which puts a very large amount of bad sites in the restricted sites zone, google it if you don't already know.--Mistabigshot Quote Link to post Share on other sites
bar5 Posted April 17, 2006 Report Share Posted April 17, 2006 Anything I need to know about Ewido that might throw me for a loop? Download it, run it and let it do it's thing? I'm familiar with Adaware and Spybot, but again, I've never run Ewido.Thanks, and I'll keep y'all posted!LizLiz:After you D/L Ewido, click update before you run a scan. It updates very quickly. If it finds anything, a pop up window will ask if you want to clean or something like that, answer yes clean all, so it won't keep asking you every time it finds something. It will clean and put it into quarantine (spelling) I'd stop after that and come back here and tell Matt or anyone else what you found before you delete it completely. Let them advise you from there.Ewido Good luck Quote Link to post Share on other sites
Matt Posted April 17, 2006 Report Share Posted April 17, 2006 Anything I need to know about Ewido that might throw me for a loop? Download it, run it and let it do it's thing?I would suggest you read this guide on setting up and running ewido. There are a few things you need to do when scanning that are slightly different than most scanners. As barb said, it will ask you what to with the files. Ewido will generate a report of what it did during the scan. I'd suggest posting that.Btw, i'm moving this to Spyware/Adware Information. If a HJT log is needed, I'll move it to the HJT section. Quote Link to post Share on other sites
TheTerrorist_75 Posted April 17, 2006 Report Share Posted April 17, 2006 If you use IE-Spyad with SpywareBlaster it is recommended by Eric Howes to not enable SpywareBlaster's Restricted Sites option. His IE-Spyad program uses SpywareBlaster's definitions plus many others and places them in the same area. Just enable all of the other sections of SpywareBlaster. Quote Link to post Share on other sites
blim Posted April 18, 2006 Author Report Share Posted April 18, 2006 (edited) Thank you all soooo much! Couple more questions (surprised?)From the ewido tutorial:"Now save the report .txt file to your desktop" Ummmmm, how do you do this? Is it an option if I right click it? Go ahead and laugh, y'all know I don't mind Should I run ewido in safe mode? I've always run Adaware and Spybot in "normal mode"When I was on the phone with a tech with the Possessed Gateway, he taught me a way to go into safe mode without pressing F8 (because neither computer beeps at startup and neither shows a "bios page" at startup) If I remember right, I went "somewhere" and clicked "restart in safe mode". After I was done "fixing", I went back and unclicked it and it restarted in "normal mode". It seemed easier than guessing when to press F8. Where did I go to do that? Misconfig? Task Manager?Thanks....oh, and don't be surprised if Kate's friend Chris posts on my account--I'm sending him a link to this page. He is also going to help her, and I gave him my screename and password for here. You'll certainly know it's him, he's much techier Yup, we got more help! It takes a village....Thanks,Liz Edited April 18, 2006 by blim Quote Link to post Share on other sites
Matt Posted April 18, 2006 Report Share Posted April 18, 2006 "Now save the report .txt file to your desktop" Ummmmm, how do you do this? It will be an option after scanning.Should I run ewido in safe mode?Wouldn't hurt. From my experiences, it won't make much of a difference, but you never know, it may work better in safe mode.When I was on the phone with a tech with the Possessed Gateway, he taught me a way to go into safe mode without pressing F8 (because neither computer beeps at startup and neither shows a "bios page" at startup) If I remember right, I went "somewhere" and clicked "restart in safe mode". After I was done "fixing", I went back and unclicked it and it restarted in "normal mode". It seemed easier than guessing when to press F8. Where did I go to do that? Misconfig? Task Manager?I'm assuming youre using XP: * Close all open programs. * Click Start, Run and type MSCONFIG in the box and click OK * The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted. * The computer restarts in Safe mode. * Perform the troubleshooting steps for which you are using Safe Mode. When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab, uncheck "/SAFEBOOT" and click OK to restart your computerGood luck! Quote Link to post Share on other sites
blim Posted April 18, 2006 Author Report Share Posted April 18, 2006 (edited) I was thinking it was Msconfig, but I would have searched and spelled it wrong (Msconfig, not misconfig...)! Thanks!Liz Edited April 18, 2006 by blim Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.