PDA

View Full Version : Simple Virus the NAV cant get rid of



bmac8903
08-04-2005, 04:16 PM
ok, im running XP on a year old falcon northwest fragbox. the computer is working fine but a few days ago (maybe a week) i got this virus. at first it didnt effect me becuz i rarely shutdown my computer. but now, everytime i boot the computer and let it load, the computer lets me sign-in my user name, then just as my desktop is loading, a DOS window opens up and a line similar to "C:\Documents and Settings\Aaron_2\(randomnumbers)shutdown -t00 -s -f" appears in the black window, and the computer shuts down. if i can X-out the box fast enough the computer doesnt shutdown,but this has gotten harder to do. it seems as though the box pops up faster and i can only X it out 1 in 10 startups. however, i can start the computer in SAFEMODE with no problems.

my father's IT guy said it was probably an "lssas" virus. so i googled LSSAS and google told me to search LSASS instead. so, i found a lot of viruses that effect the lsass. i downloaded some removal tools (including symantec's). they didnt find anything on the infected computer. neither did NAV 2005 (recently updated), the microsoft anti-spyware, ad-aware, spybot s&d, and some other anti-spyware progams. those programs only found some spyware and only when the computer was running normally (not in SAFEMODE). this virus is soooo annoying and i would LOVE some help.

my friend told me to check around in the C:\Documents and Settings\Aaron_2 folder for any new files/folders, but i found nothing doing this. please, please help me. this virus is sooooooooooooo stupid

4bes
08-04-2005, 04:49 PM
Try one of the online virus checkers like the Symantec (http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym) one.

Have you had a look in your startup folder for any strange files?

pheonix
08-04-2005, 05:15 PM
Try running a hunter/killer called Stinger (http://vil.nai.com/vil/stinger/)

theother1
08-04-2005, 05:55 PM
bmac are you the one still using NAV? :)

Speedy Gonzales
08-04-2005, 06:22 PM
Since u can get into Safe Mode try this

Boot into safe mode, go to start/run type msconfig, see whats under the startup tab. Tell us whats there. Any strange filenames

Also, try this.

Boot into safe mode again. Go to start/run type regedit. Then go here

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

And the 4 entries under this. Tell us what files are there.

And also go here.

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run

And the 4 entries under this. Tell us whats there. Whatever it is MAYBE running under one of these entries, and executing on bootup.

drcspy
08-04-2005, 06:31 PM
oh lol..........online virus checker.........hahaha....they'll have to be extremely quick i'd say hahah

Billy T
08-04-2005, 07:44 PM
. if i can X-out the box fast enough the computer doesnt shutdown,but this has gotten harder to do. it seems as though the box pops up faster and i can only X it out 1 in 10 startups.

I assume you mean you were using your mouse to close the box, and if so, that is definitely far too slow.

Alt-F4 will shutdown multiple pop-ups faster than they can appear so killing one box is no problem. I know that is no substitute for fixing your problem, but it is helpful to know.

Cheers

Billy 8-{)

Speedy Gonzales
08-04-2005, 09:08 PM
Make a shortcut in safe mode and type in shutdown -a and put it on the desktop.

Call it Abort or something for now. Then try and go thru what I posted before. See what commands are showing there. If u think uve found the command or dunno what it does/is post back here, and let us know what the file/s, commands are.

And once u think u have it, if it happens again in normal bootup dbl click on that abort and it'll stop it till u can fix it.