I was transferring files from a netbook to my PC because I was hoping to return the netbook to Curry's for a replacement/repair as it was running really slow and would not work unless plugged in. After a few USB transfers, I noticed music playing from my PC though I could not locate which browser/website it was from. To my horror, it continued playing even after I closed Firefox. Infected? Yep. 2 seconds later, MSE tells me it caught some trojan/malware and blocked it. Whew. But then the PC started acting strange --- websites being redirected, SimHQ pages taking forever to load, etc. F*ck!

Did a complete scan in safe mode, cleaned out a few stuff, then rebooted. It isn't as intrusive now, but I know it's still in my PC. MSE still "catches" something every now and again.

I've done some searching about how to clean my PC, but most sites I see have people advising the "victim" to download one program or another and post log files... which kinda scares me. Anybody here know of a reputable virus troubleshooting website I could trust?

I hate it when this happens.

Websites to try, I don't know. First thing is from Mcafee. It's just an executable but is regularly updated.

http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

Then the free version of Malwarebytes might help.

Also check that your browsers are not using a proxy because that's the first thing the virus programs change.

Then if you get it fixed, download Spybot and let it run the Teatimer part all the time. The Teatimer will prevent changes to the registry unless you allow it.

For someones computer other than my own, the only sure way is to nuke it from orbit, and you know what that means.

Much appreciated, speedbump.

I use MSE and Spybot regularly. MSE just "catches" this every now and again, a Spybot scan found nothing. I've downloaded Malwarebytes again and a scan caught a few bugs, but I don't think these are the ones playing with my system for the simple reason that the files have been in my HDD for oh, about 6 months. So, it didn't seem to find the "new" bugs. I've got a copy of HiJackThis, but I don't know how to use it and most of the time all I see is people asking for logs from HJT. Every now and again, a notice pops up from Malwarebytes stating it's blocked outgoing/ingoing access from various IPs/websites, so I'm guessing whatever's infected this PC is still here.

I'm using Firefox as my only browser, and checking Tools > Options > Advanced > Network > Connection settings, it was on "Use system proxy settings". I've changed it to "No proxy" now, is that what you meant?

I'm pretty sure people here come across virii/malware/trojans every now and again, simply because it comes with the territory of being a PC user. Surely nobody's been fixing everything themselves... so where do you guys go for help?

I'd give the computer a wipe if I need to, my OS is in a different partition just for this one, but since this is my main PC and gaming rig, I'd prefer not to do it if I can.

You can try Trendmicro's Housecall free online scanner.

http://housecall.trendmicro.com/

Z

Yes, the use proxy setting you found will be in all your browsers.

Mine got so infected recently I did a dirty reinstall where I overwrote my OS and it worked perfect. I just had to roll SP1 into my DVD since it's a pre SP1 OEM.

The only hitch was I should have backed up my favorites in Firefox since for some reason they went to neverland. I had a year old back up so I got most back though. The only thing that survived was the virus proxy setting in all my browsers. Easily fixed.

What do you mean by dirty reinstall?

Also, do malware still only infect the OS partition? ie, will a reformat + reinstall fix most malware problems?

Doing a Stinger scan and a second Malwarebyte scan now, Stinger found a few more infections but since it is on a \Windows\system64 .dll file, I cannot tell if it is the new bug or just an old dormant infection.

Let me take this opportunity to ask about protection software as well. I have Spybot S&D and MSE, but just use the default Windows Firewall, which for some reason I cannot turn back on. Malwarebytes has been stopping so many "potentially malicious" access that I'm thinking of getting the full version as well. While I'm on a shopping spree, is there anything else worth looking at?

Sounds like a bit of a stubborn infection there. If Malwarebytes is telling you about blocking outgoing connections then I guess you said yes to trialing the full version. It won't become any more effective if you pay. Before you do a full reinstall try running Microsofts own Malicious Software Removal Tool. I've not found a virus or Malware that can't be removed by a combination of Malwarebytes, MSRT and a bit of judicious process killing.
Alternately try using a 'system restore' to take you back to before your infection event.
As for the websites, I wouldn't know which to recommend, Maybe the one that has the most 'thank-you you saved my life' posts!

Malwarebytes pay version has continuous protection rather than just when you manually scan. I run the pay version on my wife's laptop since she freaks whenever it gets infected. Also auto updates itself.

I gave up on MS Security Essentials since it is so easy to be compromised and just turned off by a rogue virus. I had it just turn itself off twice before so there is something in the code that is just lame or weak. Then I was running Avira free and they just updated it last week and after the update, it would not update the virus definitions automatically. Then you go to their website and it gives you all these hoops and registry edits to get the blasted thing to work like it should.

I just switched to Avast free. And it's pretty annoying asking to be updated to the pay version everyday.

I don't run the windows firewall since my router has a hardware firewall anyway.

Dirty reinstall is where ever thing stays. I was never a fan of it with XP since it seemed to leave all the bad stuff you were trying to get rid of. But 7 seems to work great. Plus it only takes an hour or so.

I guess it should be referred to as a repair install. It took out the virus.

http://www.sevenforums.com/tutorials/3413-repair-install.html

If you can't turn back on your windows firewall, you are still infected and vulnerable unless you have a hardware firewall in your router.

There is a point I make that if you have to spend the same amount of time to try and fix your OS as it would take to do the dance, you should do the dance and that way it's nuked from orbit and you are sure it's gone. If you have a decent backup, it's no big deal to do the repair install. Just remember that if something goes wrong, it will happen half way through it and then you are so screwed. I've been there. That's why I have several big external hard drives.

Just make sure you don't try to do a dirty reinstall with a pre SP1 disk if you are running SP1. You will have to go to one of the several sites that walk you through how to roll SP1 into your disk. Or borrow one. It will work as long as it's the exact same version, you use your serial, and it's the same OEM or retail. I did not even have to validate my OS after the repair.