Korean Job Discussion Forums

toomuchtime · Posted: Sun Jul 04, 2004 3:58 am Post subject: My computer's FUBAR.

Can somebody help me?
My computer is F-C-U-K-ed (that's French Connection UK, for the censors). I've got some serious virus-y stuff going on. I used a Trojan horse prog., but every time I open explorer, my homepage (or whatever the first screen you see is called) is always changed to this weird warning page, and then a pornographic ad-site pops up. I go to 'tools' and reset the page to the Yahoo site, but it doesn't stick. It keeps going back to the porn-linked one.
Oh yeah, now I can't access the add-remove function in Program Manager.
What the heck should I do? I'm thinking I should reinstall my harddrive and be a lily-white web surfer, but I've done that in the past and I still got all sorts of viruses and horses.
Any ideas would be appreciated.

Cheers,

TMT

huck · Joined: 19 Jan 2003

I would scan your computer for viruses with a really good antivirus program, install a firewall, such as ZoneAlarm, and stop using Internet Explorer.

I use Opera....Other people like Mozilla...But you have to stop using Internet Explorer.

FUBAR · Joined: 21 Oct 2003 Location: The Y.C.

Reboot your computer in safe mode and do a virus scan. You should also be able to access the add/remove program function from this mode.

Demophobe · Joined: 17 May 2004

Yeah, it's a virus with a browser hijacker involved.

Reboot into Safe Mode and do a virus scan.

Go to Run (in the start menu) and type "regedit" into the field there. Look in 'HkeyLocalMachine/Software/Microsoft/Windows/CurrentVersion/Run and see what programs are running on your bootup. If you see something you KNOW is not right, make note of the name...don't delete that entry yet. *BACKUP THE REGISTRY FIRST!* This is done again, in Regedit...check the top fields and find backup entire registry.

After you have found (if you have found) something suspicious, make a note of it and put the name of this entry into the "search" function, again in the start menu. YOu have to find out the association of the file....it may be legit. The search will reveal where more of that program is placed on the hard drive. Look carefully at this location and decided if it is the culprit. If it IS the virus/trojan, then delete all found files in safe mode, then delete the registry entry.

I realize this is daunting, but the worst case scenario is you have to format and re-install windows.

So again..., in Safe Mode...open Regedit - backup-go to the location I gave - look carefully at the entries to see if they are legit-if you find a suspect one, make note of it's name and location - go to "search" and enter that suspect name again-let it search-note locations of any matches - delete the files - do a virus scan - do a malware/trojan/spyware scan (you will need the programs to do this).

Do an online virus scan as well.

Remember to backup the registry and be SURE that the suspect files are bad.

Use a better anti-virus in the future and use Zonealarm. The program you installed would need permission to access the net, at which time you could have denied it and checked what it was. If these trojans don't get out, they are easier to get rid of.

In the future, pay more attention to security, especially if you are going to questionable sites. Don't run anything you don't know from a site you don't trust. Trojans are user-installed, packaged with other programs or files. You have to let them in. Not trying to be a "Demodad" Laughing

but hey...the net is a dangerous place.

Don't use Internet Explorer...man....the list of things you need to do is long...and there are so many places on the net to learn about it. Protect yourself through knowledge...in a day you could have all the basics down.

Hope this post is clear enough...probably not....only 1/2 way through my morning coffee. Wink

ulsanchris · Joined: 19 Jun 2003 Location: take a wild guess

is netscape still around?

FUBAR · Joined: 21 Oct 2003 Location: The Y.C.

Demophobe, doesn't he also need to make sure that System Restore is set to OFF?

lush72 · Joined: 18 Aug 2003 Location: I am Penalty Kick!

toomuchtime · Posted: Mon Jul 05, 2004 1:55 am Post subject:

Guys,
Thanks for the tips. I'll try some of them out. However, my OS is in Korean, so it will be an adventure.

Cheers,

TMT

Demophobe · Joined: 17 May 2004

toomuchtime · Posted: Mon Jul 05, 2004 5:06 am Post subject:

Demophobe · Joined: 17 May 2004

Press F8 when the machine is booting, but after hard drive detection and you should be taken to the Windows Advanced Options Menu screen.

If you miss the screen, let the machine boot normally, then shut it down and try again.

On the boot screen, you can start repeatedly tapping the F8 key as soon as the detection of the hard drives is complete and virtually ensure success in finding the Windows Advanced Options Menu, where "safe mode" appears.