GRRRR

freaking virus crap

I know this should probably be in the other forum, but I believe this attracts more people no?

My son’s been playing on my computer (he’s 6) and has possibly downloaded a virus or something…

The problem is I CAN’T get rid of it. Now, I’m a A+ certified technician, but I don’t have a lot of practical experience, so I thought maybe someone with extensive computer knowledge might be able to help me out…

Here’s the deal, there are 4 .exe files in my c:/program files folder that are marked read-only, hidden, and encrypted. I’ve used Msconfig to turn them off and they don’t seem to start on bootup, but I can’t delete the little f-ers. XP in a workgroup apparently doesn’t automatically set the admin up as a data recovery agent, so even after creating a certificate and enabling myself as the recovery agent I can’t decrypt the files. I can’t delete them either because they’re marked as hidden and read only, and I can’t change the attributes because they’re encrypted…

I don’t know what they do, and i can’t find any reference to them online either. When my computer booted it just took a really long time, but nothing out of the ordinary has really happened except an occasional popup when searching with MSN Search.

they are labeled

hogqnj.exe
iA.exe
iJ.exe
WYuKn.exe

The “user” who installed them is QwdSBpaKcjGgLiowt and he installed a certificate good for 100 years.

As far as I can tell the ony way to remove it completely is to re-format, but I don’t want to do that. If I can’t delete it I’d like to know what they do at least.

My suggestion… boot to safe mode and hit TrendMicro. Their online scanner is quite excellent and has gotten me out of a lot of tight spots in the past.

Getting rid of junk like that can be very tough indeed. I had that kind of trouble twice - but with PC’s I set up for other people. I was hooking up to the internet via ADSL without using a firewall, and that is a no-no… - silly me. I learnt my lesson.

Within seconds(!), the machine was filled with worms, that kept reappearing and was impossible to get rid of without resorting to some special techniques I did know of.

I disconnected (physically) from the internet, and got hold of a couple of utilities (via my own machine).

Boot in safe mode and run:
ProcessExplorer lets you view running processes and kill(!) the ones you find suspicious. Beware! you may rip the carpet from under Windows away in the process.

You may then run:
Autoruns, which lets you explore whatever processes are started up at boot time, and edit out whatever culprits you may find. Should also be used with caution and wisdom.

Then it should be possible to reboot in safe mode and search and delete the troublesome files. Set up Windows Explorer to show hidden files, or use a command promt to delete the garbage.

I agree with Bubbagump in that the Trendmicro Housecall does a great job finding viruses, worms and trojans.

When you eventually get everything cleaned up, I suggest you set up a profile on your PC especially for your son to play around with, where he can’t get into any trouble or download anything, but still have fun.

Hope you get it sorted out.

regards, Nils

There’s also quite a good little freebie program called Move on Boot, which automatically deletes selected files on the next PC startup if you can’t delete them straight away. It’s got me out of a few ditches over the last year or so. Although remember you do have to be absolutely sure that what you’re deleting is OK to be deleted, as the files dont go to the recycle bin. Anyway, here’s the link http://www.snapfiles.com/get/moveonboot.html

I think I may have figured out a solution I need to try tonight when I get home from work. I’ve successfully moved the programs to a different folder without trouble, so I’m gonna try and move them to my portable harddrive and reformat it. these programs don’t seem to autorun or have any other things like that associated with them (I already deleted their other parts I think). I can’t even delete them in DOS mode so I think it’s unlikely any of the above programs will be able to either.

I own a computer store… one of the best little known programs is Stop-Sign by Eacceleration. It works on most everything threatning to PCs… The company writes custom fixes for you if you need it.

http://www.eacceleration.com

or, you can buy a CD with a whole year of service from my store for 30$.

Stop Sign is great… Don’t waste your time with Norton or Mcafee.

I had to wipe my son’s computer several times.

It seems that the hackers are using kid’s game sites to plant 'em.

Another tip is to NEVER use IE for web browsing (the little pukes target the security holes in it to install programs); install Mozilla Firefox or another web browser and make everyone use it!!

Yeah Tim, don’t forget AIM, it is notorious for for allowing it’s users transmit things to each other.
Even with Mozilla one is not completely safe. When the pop up says “This download may include viruses” (which it says every time you downoad something. Don’t we often download anyway? Afterall it says that for every downloadable software.
Having something running like a spyware blocker, and virus protector would be prudent.

Advice to G69. BACK UP ALL YOUR FILES NOW.
While your machine is still running.
You may not get the chance to download a virus killer, or install it.

keep shinin’

jerm :cool:

fortunately I keep prety much ALL my actual files on a separate drive other than the OS drive. I do keep programs on the OS drive but even their install files are on my d: drive.

IE would be fine for me because as Jeremy pointed out, we pretty much say yes whenever something pops up. My kid usually asks me about it first, but he may not have this time. He doesn’t remember loading something, and he almost always tells the truth (to my knowledge at least) so I’m not really sure.

Part of my problem is that my computer clock was set incorrectly one time after I went to check a date and was that way for a month or so. so the files may have been installed either yesterday, or a month ago. I don’t really know. I just noticed that boot up was terribly run down and investigated it. I killed the processes and did a registry cleanup as well as ran adaware in safe mode. I’ve booted several times after and haven’t had ANY of those suspicious programs turn on yet so I believe I’ve disabled them at least. They’re just still hanging around which makes me a bit uncomfortable.

I tried moving them from the first volume to another but they won’t. I think it’s fairly safe to assume that if I change their location that a triggering program wouldn’t know where to find them. Fortunately I CAN move them on the same volume so I’m just gonna’ throw them somewhere random.

being that I am currently studying for the “Installing, Configuring, and Administering Windows XP Professional” certification as part of my MCSE, I believe the ONLY way to get rid of these files without the help of the hacker who put them there is a complete reformat. I’m not willing to do that currently because I have Windows XP Pro on my computer and was under the impression it was a legit copy from my computer friend who upgraded some hardware. Turns out it’s NOT a legit copy and if I reformat I have to go back to XP Home. Not a big deal, but there are a couple of features I’m using that I think require PRO. Plus I’ve gotten tired of taking 3 days to reinstall all my programs like they were.

I’d still recommend “Move on Boot”. It’s never let me down, and has removed programs that I couldn’t do manually, even in DOS mode. I’d be very surprised if it doesn’t work. It’s free, so what have you go to lose? :slight_smile:

I’m going to save this thread. Thanks, guys, for some great info.

so I tried your moveonboot, and unfortunately it didn’t work… thanks though :)