Possible malware computer virus. Need help!!

[Keyboard Hound]

For the past couple of days I've been going on line at a hospital. I'd never had trouble with virus or anything until last night. When I got back home and tried to use the computer, after a few minutes, a virus scan took off on it's on. I use Avast and it was not Avast. The files were flying by to fast to read. My first thought was to get out without really looking at what it was so I hit the x to close it down. When I did that a message came up that I had been infected by malicious malware and it kept trying to go to Internet Explorer. I've never even used Explorer. It must have been pre-installed. Anyway, I just slammed the lid on the laptop. I'm using another computer now.

I'm pretty computer illiterate, but I don't know anyone to take it to that I trust. I have some pretty important files on here and a lot of pictures I'd hate to lose.

What's the first thing I should do? I guess my main question is: Will it keep ruining stuff if I reopen the computer? Should I try to get someone who knows more about it than I do to look at it?

 

[alleycat]

These guys are very good, and free.

http://www.malwareremoval.com/

If you can, download the latest version of HiJackThis and run it. Save the log file and post it to the malware removal website (there is a special forum for posting log files). Don't do anything else except run HJT and save the log.

You can download HJT from: http://free.antivirus.com/hijackthis/

You might be able to use Task Manager to shut down the software that runs when you log in.

 

[Lhun]

Sounds like a typical attempt at fishing or getting you to install malware. Unless you accidentally installed it with an administrator account, it's unlikely the thing has the permissions to cause any real harm. Start up avast and run a scan with that, and if it doesn't find anything, do the same with malwarebytes.
If the fake scan pops up again, try to close it by right-clicking on the tab in the taskbar and selecting close, instead of using the x in the actual window. or kill it with the task manager.

 

[AlexPiper]

If you can, download the latest version of HiJackThis and run it. Save the log file and post it to the malware removal website (there is a special forum for posting log files). Don't do anything else except run HJT and save the log.

As a note, ideally, download HJT on /another computer/. Downloading malware removal tools on a potentially-compromised machine is never the best approach; some of the more clever malware will catch that.

 

[Deleted member 42]

Also: Think about creating a non-Admin account for ordinary use.

 

[Keyboard Hound]

Thanks so much for all the replies. I think I got the virus off. It was Win32:fake.... I think it's contained in the virus chest.

Now the computer is so slow. It takes forever to type anything and it's always been fast as I could type. Any suggestions on that?

To get back on line. I turned off the LAN. Would that cause it. It kept saying that I could not get by the proxy server until I did that.

 

[Ink-Pen-Paper]

Go to Cnet and download Spybot S&D and run that. If you are running Windows you can download and run Microsoft security essentials. Those should get you back to a basic start point.

 

[maestrowork]

You probably still have malware process running and that's why your laptop is slow. Definitely use one of those malware apps.

 

[whacko]

Hi KH,

It's malware, so you need to download with one of the removal tools, I like Malwarebytes myself.

The chances are it's a shopping thing, I can't remember offhand what it's called, but it starts with a Z.

You could check what programs run on startup - go to Start - Run - type in msconfig - select startup from the labels.

Quite a lot of things can be disabled. But it all depends on what's running. Also, when you disable malware here, then reboot, you'll find that the malware always re-enables.

But definitely run a malware scan.

Regards

Whacko

 

[Keyboard Hound]

Thanks, all! I'm an electronic dummy. I tried downloading the Spybot from Cnet like some suggested and can't get anything happening. Any suggestions anyone?

 

[Torgo]

Thanks, all! I'm an electronic dummy. I tried downloading the Spybot from Cnet like some suggested and can't get anything happening. Any suggestions anyone?

Download Spybot (or Malwarebytes Anti-Malware) on a different computer and transfer what you've downloaded on to a memory stick. Reboot your PC and while Windows is loading hold down F8 and select 'Boot in Safe Mode'. Then install and run the anti-malware program.

Booting in safe mode should prevent whatever is lurking on your computer from running, and stop it interfering with your attempts to kill it.

 

[RJK]

You also need to adjust your interned LAN settings in IE or Firefox, or whatever you're using. You should not be using Proxy settings. This is another artifact from the malware that invaded your PC.

If you're using IE, go to Tools > Internet Options > Connections, then click the "LAN settings" button. Make sure the "Automatically detect settings" is checked. OK your way out. This should get rid of the "Incorrect Proxy Settings" message.

I agree that you need to install Malewarebytes. I would even recommend buying it. That way it will reside in your tray and run all the time, screening every webpage you go to and every file you open.

If you do decide to purchase Malewarebytes, it MAY refuse to open any of the AW forum pages. I believe that is because it sees the ads and cannot determine if they are safe. Malewarebytes will allow you to ignore the warning for AW's IP address, and then it will open the forum pages.

 

[BradCarsten]

this is one of the reasons I switched to ubuntu. In windows I was running an anti virus and 3 anti-spyware programs and now there is no need for any of that. Its great!!

 

[Keyboard Hound]

Thanks so much~!! All of you.

I just figured out how to run the Malwarebytes free software and I caught two of the nasty little critters:

Registry Keys Infected:
HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qjljyyut (Trojan.FakeAlert.Gen) -> Value: qjljyyut -> Quarantined and deleted successfully.

the laptop is running much faster now, and I'm thrilled I was able to figure it out. Thanks again for the help. You guys are wonderful. I may run the spybot one, too, in the morning.

RJE, I have both Firefox and Google browsers installed. I'll check out the proxy setting advice in the morning. Thanks so much,.