Help me please (just in case that thread is inactive)

MadxMikey · #1 (**permalink**) February 17th, 2010

I already posted all this on the Stick thread "viruses, spyware and other nasties", but just in case no one reads that thread anymore i wanted to start a new one.

If that is considered Spam I'm sorry, Mods go ahead and do as you see fit.

Ok I think i have a virus issue.

I was using limewire (it was the latest free version) for the first time in a looong time and i accidently downloaded something i didnt want to download and didnt notice till it was too late. I deleted the file and then removed limewire (only because i didnt need it anymore).

I then started experiencing my problem. My IE would start opening ads to random ads or bing.com sometimes it was even related to what I was already browsing. I then downloaded firefox thinking if i just left IE alone nothing would happen, but then IE started opening on it's own and i noticed that loading time for pages (if they loaded) was extremely slow.

I began searching the internet for information and came up with "vundo" as being my issue. I immeadiatly used symantec's vundo remover, but it said i didnt have vundo so i ran it in safe mode just to be sure. still no "vundo"

so i began searching again and found a lot of things similar to my problem but nothing exactly like it. i tried running IE without add ons, and that made the issue less frequent but did not stop it. I downloaded the free version of AVG and did a scan that found 4 infected files and 1 warning

"C:\Users\Mike\AppData\Roaming\SystemProc\lsass.ex e (4316)";"Virus identified Packed.DelfCrypt";"Reboot is required to finish the action"
"C:\Users\Mike\AppData\Roaming\SystemProc\lsass.ex e";"Virus identified Packed.DelfCrypt";"Moved to Virus Vault"
"C:\Users\Mike\AppData\Roaming\SystemProc\lsass.ex e";"Virus identified Packed.DelfCrypt";"Moved to Virus Vault"
"C:\Users\Mike\AppData\Roaming\SystemProc\lsass.ex e";"Virus identified Packed.DelfCrypt";"Moved to Virus Vault"

"HKU\S-1-5-21-2868092215-1466753397-881608756-1000\Software\Microsoft\Windows\CurrentVersion\Run \\RTHDBPL";"Found registry key with reference to infected file C:\Users\Mike\AppData\Roaming\SystemProc\lsass.exe ";"Moved to Virus Vault"

i removed them as AVG told me to, and then opened IE, AVG then told me i had a trojan which it quarentined and i removed it. I tried opening IE once again, but the problem is STILL HAPPENING.

I am mostly computer Illiterate when it comes to virus removal, which is why i try my hardest not to get them and why i fell like an idiot for downloading that stupid file. Can Someone please help?

File_Girl71 · #2 (**permalink**) February 17th, 2010

AVG is not the most trusted antivirus software after my opinion!I would recomend you to change the software to Avast instead off!I t will never let you download the file in the first place...I know you use p2p software and download the virus that way, but Avast has a p2p shield that stop the file from entering your computer if you by mistake download a virus infested file!Give Avast the chance, and it will clean your pc for you!

MadxMikey · #3 (**permalink**) February 17th, 2010

is avast free?

MadxMikey · #4 (**permalink**) February 17th, 2010

Ok i installed AVAST, but now it's finding hundreds of rootkits??? all of them are exactly the same too

MadxMikey · #5 (**permalink**) February 17th, 2010

ok i found the file that avast keeps Isolating, and i watch it (re-generate?) is there something i can do?

the file is C:\Windows\System32\dsuiewt32.dll

infection: Win32:Rootkit-gen

File_Girl71 · #6 (**permalink**) February 17th, 2010

First of all Avast is free for home users...After 30 days the demo license key will expire,you can register for a new key which will last 1 year and still 100% free for home users!You must use boot scan to remove this kind of infections.That means Avast will scan before your pc is fully stared up!If you now use Avst 5 the newest one it's easy to do boot scan!Click on the Avast icon in system tray, and open Avast...So click on Boot-Time-Scan...Then click on Areas to scan, and choose all harddisks or if it's only in the system choose the system disk...Then finally click Shedule Now button, your pc will restart and Avast will scan yor hard drive and you can safly remove the infected file!

MadxMikey · #7 (**permalink**) February 18th, 2010

well i booted in safe mode and deleted the file, which seemed to work except when i restarted my computer my AVASTdownload was gone so i had to re-download it