Virus?

[buhwhyen]

So I've been having problems with my laptop the past 2 days or so. I'm still not sure exactly what the problem is, but basically the computer hangs (lags/freezes) until you hear a tone and you have to force shutdown via holding the power button down. Story to follow , but the short end of it is I don't know if its a virus, or trojan of some sort, nor do I know when I got it (if it is a virus). But since we lan'd recently and this problem only cropped up this past week, you should all check your computers to make sure you don't have something on your computer.

I tried letting my computer idle to see if it was overheating (I'm doubting its overheating). But it runs fine as long as I don't stress the processor. It mostly occurs when you try to run multiple applications simultaneously and normally your computer would slow down, but eventually process everything and return to normal. In my case the computer slows down, then hangs, then dies (no blue screen). I also let it cool overnight and during class (overall ~13 hours) before I turned it on, which made no noticeable difference, running any game that requires a lot of processor power/ram to boot up leads to the computer freezing.

I first thought it was b/c I was really low on hard drive space, but I've cleared ~30 gigs defragged, ran disk checks and it still froze. So I've been running a number of spyware, malware removal tools (and one for conficker, which you should all run if you haven't), none of which helped. So I disabled all my start up programs in "msconfig" and ran a bunch of registry cleaners, and more malware removal programs. Now, at this point I can play starcraft, surf the web, and for the most part use my computer again. But I have had another crash while accessing my D drive (second hard drive, which is also low on HD space =/) and loading a webpage w/ firefox (which I also thought might be a problem b/c the first time my computer froze/crashed was when I was browsing the web via firefox. But I've done a full reinstall of firefox, wiping all my add ons and everything else except bookmarks.

At this point, I figured it had to be hardware related, otherwise I'll probably have to clean install if its a virus b/c I've run an excessive number of malware/trojan/spyware removal programs. But I've run the built in disk checker (which I'm pretty sure sucks, but I haven't had a chance to look for anything better yet) which says my HD is fine. And I just finished the microsoft windows RAM test, which says my ram is working fine. So I'm at a bit of a loss. I haven't installed any new programs in over a month and I haven't changed any of the hardware (which is why I first thought it was malware or a virus).


If you're paranoid, follow this spyware removal guide.
www.tech-forums.net/pc/f51/spyware-removal-guide-osiris-161792/

or type in "osiris spyware removal guide" in google

List of programs used:
-cc cleaner
-msconfig clean up
-cleanup452
-malwarebyte anti-malware
-trojan remover
-vundo fix
-kcleaner

Yeah, and I just crashed while trying to post this.

[Pikachu]

Conficker?

[dyuman]

Yea, I'm thinking it could be conflicker.

Try to go to www.symantec.com if it stops you then you prolly have it.

Also grab WinPatrol, it's a free software that lets you see everything from msconfig, task manager, and other stuff in a cleaner and more easily viewable interface.

[buhwhyen]

I guess I should have made it more clear. But I DON'T have conflicker. I ruled that out early on. I went to the Bit Defender and Symantec websites, downloaded both conficker remover programs and both said I don't have it.

Conflicker is a worm (not an actual worm, damnit) that was discovered by I forgot who, but the basic idea is it caused such a scare that it caused just about all the big computer security companies to band together in order to make sure it was killed.

What conficker does is it takes over your computer, more or less. The really scary shit about it would be that it was designed to protect itself. What that means is it limits your access to websites (symantec, bit defender, antivir, avg, any other big name security company), and even to your own computer. It could disable parts of your computer, namely some antivirus stuff to make it even harder to remove. There's special remover exe's designed just for this because of its potential to fuck over your computer really easily. It was also really aggressive in spreading itself, it could infect computers in your network w/o direct connection (if you say had 3 computers at home connected to a router, and all 3 were online, but not interacting in any way. If one computer was infected, it could spread itself to the other 2 even though there was no active connection between them), and it also infected autorun.exes in flash drives (usb sticks) and spread itself that way too.

Conficker has been known about since...I'm not sure when. There have been 4-5 different versions of it floating around since November of last year. It basically just laid dormant, only spreading itself to other computers supposedly until April 1st, when it was said to "start protecting itself" and also starts to actively look for instructions on April 1st, which is basically like saying its a huge network of parallel computers listening for a prompt from the host.

Actually, if you remember the xbox360 spam attacks on xboxlive. It works similarly because the best way to avoid being infected was to keep updated with windows service packs and other updates. So really this worm mainly targets all those pirated copies of windows that aren't up to date.

EDIT:
Just run windows update, if you haven't done it recently. Also visit symantec, bit defender, or whatever website and download their conficker removal tool and run it. Recent windows updates prevent the exploit that allowed Conficker to spread itself to your computer.

[feedback]

Hmm, not sure what's wrong with your computer. Have you tried doing a system restore to a point before all this bs started happening? I'll look into it, but you covered all of the obvious solutions already. About the only thing left to do would be to run HiJack This and stare at that for awhile and see if there's anything there that shouldn't be. You might be better off asking a tech forum about this since they're better versed in this sort of thing than we are.

Edit: Try running CC cleaner again and clean out all of your temp folders. Go under options->advanced->click off the option to not remove temp files younger than 48 hours. Might help, but probably won't fix your problem.

[buhwhyen]

I'm at a complete loss for words. This is mostly me bitching (actually, its just me bitching).

I found out that I had picked up the "malware removal bot" somewhere, which is basically a fake anti spyware/malware program that is actually itself malware. Funny thing is one of my malware scanners picked it up, but froze every time you tried to remove it. So I actually chalked this up to the computer freezing up again and/or the program was too demanding or whatnot. I had to go into safe mode to remove it, and had to repeat this because I forgot to turn off system restore. Short side note: system restore is a big pile of gay alfred fucking failure. Any actually dangerous virus/trojan infects your system restore and uses it to reinfect your computer if you don't disable it and remove the virus in safe mode, which is what I ended up having to do.It gets even better. After removing 80% of the programs, and other misc stuff, my computer still froze when I played a few games of starcraft. At this point, I knew there HAD to be something wrong that wasn't associated with software and/or viruses/malware/spyware. Which is when it hit me. The majority of times my computer froze was when I was either watching videos, locally stored or streamed on youtube, etc. Or when I was playing games...So I thought that my video card was probably the problem. Low and behold I did some reading, apparently windows update can install new drivers for you. Why would I be ridiculously angry that windows overrides my driver files? Because I HAD specially modified drivers to get my video card to work when I upgraded to XP from Vista. So it ends up that windows update replaced just enough files in my drivers that they would still work, but they also caused a memory leak (I think, but it makes sense that after a while my computer would "freeze" b/c of this). Which would pile up way faster when you're say...watching videos, or playing games.

Of course I thought that while I was at it, I might as well upgrade to a newer version driver (I really should have been smarter). But for whatever reason, the new drivers decided to make it impossible to change resolution to anything other than 640/480 (my native resolution is 1280/800). What I mean by this is, you would first install the driver. Then you reboot, when you reboot it loads into 640/480 resolution. You either go to settings or the nvidia control panel and change resolution to 1280/800, or whatever. The screen goes black and comes back at 640/480...? Regardless of what I did, changing the monitor settings, color bits, resolution, none of it ever stuck, it would always remain unchanged when you clicked apply. This was the case for all 5 drivers I tried. Keep in mind you actually NEED to use a 3rd party application to remove all the registry files that the Nvidia uninstaller doesn't actually remove because the installer will overwrite -some- of the files that weren't deleted. This means that there are still a few unused files from your old driver that will eventually make you more annoyed when they cause random ass problems, yes ass problems. So I loaded the old driver I used back in December and my computer works fine till you reboot, at which point the screen resolution reverts to 640/480 and can't be changed again. I've looked at my boot up options in msconfig and the use default resolution box is unchecked. I also tried turning my hardware acceleration off, which does nothing. My account is an admin account, so there shouldn't be privilege problems. So I ended up loading a newer driver version and then found a work around (no homo) that's another 3rd party app that I have to run every time I log onto my computer that is able to change the resolution. Even better, my computer still isn't fixed. FML.

EDIT:
My hijackthis log doesn't show anything that would cause a problem, there's barely anything in it at this point. I'm pretty sure its something with my install of XP, so I would do a clean install of XP (I actually would have done this earlier this week) but my cds are in Cupertino.

[feedback]

Well that sucks. Do you want us to mail you your cds so you can do another clean install? If so where are your cds?

[dyuman]

Found 4 Worms on my laptop yesterday using AVG.