Virus (Solved)

Started by Jedikiller, May 03, 2009, 07:22:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 03, 2009, 07:22:14 PM Last Edit: August 02, 2009, 02:49:35 PM by invertus
So I was browsing the web earlier and AVG (antivirus) popped up with a box saying "Win32/Heur has been detected trying to run on your system." It listed an exe in the temp internet folders directory. I moved it to the virus vault, disconnected from the Internet, and ran a full scan of the computer (still ongoing), nothing yet).

Does anyone know what this virus is, what it does, and how to remove it from my system? I'm almost afraid to shut the thing down now, since I don't want it doing something bad to my bootup and make me have to reinstall Windows again <img src="{SMILIES_PATH}/sad.gif" alt=":(" title="Sad" /> The computer had been running somewhat slower, and Firefox has crashed a bit more recently.

From the little knowledge I was able to find on the Internet, it's a trojan, but I don't know what it does. I'm afraid to connect the computer to the Internet lest it upload my passwords or keystrokes or something personal to the Internet.

Can you all help me out here?


(•̪●)=ε/̵͇̿̿/'̿'̿ ̿ ̿̿ ̿ ̿"" (-_-*)
May 04, 2009, 05:48:35 AM #1
Sorry don't know anything about this. But this was copied from the DL site. There is a DL for a removal tool for the virus on the internet. http://www.scanforfree.com/07/remove-win32.heur.html.

Indications of Win32/Heur infection:

Slow internet performance, browser shot-downs, Strange running task processes and missing registry files produce general windows instability
Hijacked browser homepage, desktop wallpaper and tray icons
Fake Dr. Watson Security alerts on system startups
Win32 Heur malware recreates after removal, difficult to remove
Uknown applications
Modifies desktop background wallpaper
Disables pop up blockers, generates annoying popups even offline
Win32/Heur virus behaviors:

Use browser security leaks to infect the Computer with third party applications and trojans
Records online browsing activity to create matching pop up ads
Trojan Win32/Heu can deactivate anti virus and firewall
Collects activity and alter system tracks

If your afraid to connect to this site, I could DL and .ftp it to you. If there is another way I can help let me know.
May 05, 2009, 01:18:13 AM #2
cant avg just clean it?
May 05, 2009, 03:59:56 PM #3
It did, but JK's afraid it left some upload code for when he gets online again

My input: If you make regular backups of you computer, safest thing to do is restore to before you got the virus. I don't know that much about it other than what SchTick wrote, but I'm sure the AVG guys know what they're doing.

If you want to make sure the virus isn't leaving some code on the computer, here's a little tip on how to check

1. Boot the computer. (Yes, it may not be the safest thing in the world, but you can't do anything with a turned off computer. To be safe you can still leave the internet un-plugged)

2. Go to Start->Run (the right side) and type in msconfig

3. Click on the Startup tab. Scroll through the list to see if there are any suspicious programs. Look at the Name on the left and the path on the right. If there is anything you don't think you installed, and the path is to a "Program Files" or "PROGRA~1" folder, go ahead and un-check it, then post it. If it is a WINDOWS or %systemroot% folder don't un-check it, but still post it. If you are unsure, Google is your friend, if you have another computer to use

4. Do basically the same thing on Services. Not much mote to explain there, but remember if you are unsure about anything, check with Google

5. If you really are feeling worried, you can right-click on "My Computer" and click "Manage". Open the "Services and Applications" Category and select "Services". This is the list of Services that are currently running, as opposed to the other list which is what services will run on boot, which can be different. Do the same standard checking

6. You can also go through the process list in Task Manager. You know what to do

I'm just rattling off whatever ideas I have, and here's something else. A virus might be latching onto the shutdown process, re-setting itself for running on boot the next time around, so it can mask itself while the computer is running. A hard reset will keep this from happening, but not sure how much use it would be.

NOTE: After you make changes in msconfig, the next time you boot it will pop up a message. Just tell it to not show this message again, otherwise it will show on every boot

Hope it helps

Viruses are like the New York Lottery. "Hey, you never know"
Print
Go Up Pages1
User actions