Last Resort

ok folks, hopefully this is the right place for this - here it goes:

my os is 32bit vista. when browsing the net i had a java "popup" appear that looked like java was starting up. a few minutes later my microsoft security essentials stopped working, my desktop wallpaper changed to an anti-virus warning, fake anti-virus popups started coming from my taskbar and i basically lost control of my computer. i ran the microsoft online system scan twice, first time it had 4 severe findings, 3 of which were java exploits and 1 was a trojan. i don't remember the exact details but i can get them if it would help. first time the scan said it couldn't fix them, second time it found the same ones but this time it said they were resolved (didnt work).

my guess is that i have a fairly nasty trojan that hasnt been detected by the scans ive run so far. my next course of action is backing up my files and reloading my os. before i do that, does anyone have any ideas that i could try? i've tried running stinger but for some reason my computer keeps shutting down (hopefully an unrelated hardware problem) but in the past i've had little success with stinger anyway. i also looked into updating java to the latest version but i dont know if that would help my virus issue. I can't do anything outside of safemode.

Any suggestions would be much appreciated!!

Brian

3 issues were variations of the exploit:java/cve-2007/8/9. the other one was trojandownloader:java openconnection.es

Welcome Brian,
I want to be sure that you get the best possible help. I will refer this to our security people. Trust me, they know their stuff and will help.
It will probably be morning when they arrive (it is 11PM now) So turn off the computer, get a good rest and check back tomorrow. I cant promise that you do not have toreinstall, but I can promise that you will get the best help this forum has to offer. Good luck.

richc46 said:

Welcome Brian,
I want to be sure that you get the best possible help. I will refer this to our security people. Trust me, they know their stuff and will help.
It will probably be morning when they arrive (it is 11PM now) So turn off the computer, get a good rest and check back tomorrow. I cant promise that you do not have toreinstall, but I can promise that you will get the best help this forum has to offer. Good luck.

Click to expand...

sounds great, i'll check back tomorrow. thanks!

I have notified her already. I have seen her perform miracles. If she tells you to reinstall, it will not make the process any more pleasant, but you will know that you did what had to be done.

Please download ATF Cleaner Welcome to the Frontpage - www.atribune.org
Click "Main" > check 'select all' (except Prefetch) this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

Now, let's clear the DNS cache and restore MS's Hosts file.
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot/restart itself.

Next, download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.50.1 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

hi jacee. a few things:

i'm going to back up all of my files before i go any further with this so i probably won't be able to try any of your suggestions until tonight.

i've already run ATF cleaner based on one of your responses to a previous poster.

as far as installing malwarebytes, i can't install anything in "normal" mode because the fake antivirus virus flags everything as infected and stops it. i've tried uninstalling java in safe mode but vista is telling me that installing/uninstalling can't be done is safe mode. any way i can circumvent that?

also, my computer has been randomly shutting down when i try to run scans off of it (vs the online scans i've done in safe mode with networking). others have told me that my registry has been affected by the virus, does this make sense to you? the only reason i ask this is that i'm afraid the same will happen when i try to run malwarebytes.

thank you!

If you have the use of a clean computer, download one of these Anti-virus Rescue CD's. It will be in the form of an .ISO file. Burn the .ISO to a CD using ImgBurn at a slow speed.
FREE Bootable AntiVirus Rescue CDs Download List

The Official ImgBurn Website

Have you tried to run in Safe Mode with Internet? Then try downloading Malwarebytes

jacee and randomcomputer - thanks for the suggestions, i appreciate your help! i havent been here in a bit but basically my computer continued to get worse to the point that anything i tried to do (install/uninstall, run scans, start up in normal mode) was blocked by the virus. so, i caved and went with the system restore (currently on 22 of 109 system updates!!).

thanks again!!

you're welcome