Virus?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I sure hope someone here knows what's going on with my computer.
I have been using Freedom Internet Security Anti-virus. Adelphia started
offering it for free a while back and it has been fine.

I can't do a scan. I can't even scan my 2nd hard drive which has nothing
much on it. It starts out flying through the files but part way through,
it bogs down and seems to stop except that the computer sounds like it
is working hard on something. After a while, the whole Freedom program
closes.

You may think it is simply a defect with Freedom but, read on:

I have used the free virus scan offered by Trend Micro. It also starts
out scanning through the files. It also gets to a point where it slows
down and, after a while, *poof* Internet Explorer just closes.

I tried running the computer in safe mode. Freedom doesn't work in safe
mode. Explorer works and the online virus scan worked great, right up to
where it said it had 40 minutes left. Same thing... it slowed down and
IE was just gone leaving me looking at the safe mode desk top.

What on earth is this? Some kind of new virus that shuts down any
program that looks at it too closely?

Steve

Re: Virus?


| I sure hope someone here knows what's going on with my computer.
| I have been using Freedom Internet Security Anti-virus. Adelphia started
| offering it for free a while back and it has been fine.
|
| I can't do a scan. I can't even scan my 2nd hard drive which has nothing
| much on it. It starts out flying through the files but part way through,
| it bogs down and seems to stop except that the computer sounds like it
| is working hard on something. After a while, the whole Freedom program
| closes.
|
| You may think it is simply a defect with Freedom but, read on:
|
| I have used the free virus scan offered by Trend Micro. It also starts
| out scanning through the files. It also gets to a point where it slows
| down and, after a while, *poof* Internet Explorer just closes.
|
| I tried running the computer in safe mode. Freedom doesn't work in safe
| mode. Explorer works and the online virus scan worked great, right up to
| where it said it had 40 minutes left. Same thing... it slowed down and
| IE was just gone leaving me looking at the safe mode desk top.
|
| What on earth is this? Some kind of new virus that shuts down any
| program that looks at it too closely?
|
| Steve

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

Open a Command Prompt.

In the Command Prompt type the following...

CHKDSK  C:  /F

If it replies..
"Chkdsk cannot run because the volume is in use by another process.
Would you like to schedule this volume to be checked the next time the system
restarts?
(Y/N)"

Choose - Y

type;  EXIT

Reboot the PC.

A full Check Disk will want to be performed, allow it.

When it reboots, perform a defragmentation of the hard disk.

You can get to the Defragmenting program easily by executing;  dfrg.msc

Start --> run  ->
type;   dfrg.msc


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Virus?

David H. Lipman wrote:
Quoted text here. Click to load it

Well, I did exactly as you said. It was late so I let the
defragmentation run over night. I got up early and checked. It was done
and all good. I turned on the virus scan and went back to bed, since I
have the day off. When I got back up, I looked and the virus program was
shut down and no record of a scan was shown.
No improvement at all. I haven't yet tried the online scan. I'll try it
but I suppose Explorer will just close again. We'll see.

Any other ideas?

Steve

Re: Virus?

PS
I'm really at adelph ia dot   net if anyone wants to answer by e-mail.

Re: Virus?

Steve wrote:
Quoted text here. Click to load it

I just tried the online virus scan (http://housecall.trendmicro.com /).
It starts out saying it will take 4 hours but it progresses at a faster
pace. It got down to where it says 1 1/4 hours remain. I was looking
right at it because this is the point where it scans the problem area. I
was watching it scan a bunch of temporary files when *bam* , I was
looking at a naked desktop. No task bar and no icons. In a moment the
task bar was back followed shortly by the desktop icons. No IE though,
it was gone. As an experiment, I had a 2nd Explorer window open to see
if it would close too. It did. It doesn't just close the window doing
the scan, it closes all Explorer windows.
A search for .tmp files shows that I have 1551 of them. Long ago, I
remember deleting all .tmp files. I can't seem to do that. A message
comes up that it can't find *something* and when I click OK, nothing
gets deleted. I tried doing groups at a time by finding the temp folder
that contains several files but the same thing happens.
I'm open to any other serious suggestions!

Steve

Re: Virus?


Quoted text here. Click to load it


I have seen this once before, but it was a couple of years ago. The solution
escapes me now, but I would try booting into Safe Mode and attempt to empty
the Temp folders. If this does not work, then try booting to DOS or opening
a C:\ prompt, depending on your version of Windows. Then navigate to the
temp folders and try to delete their contents.
If you are running WinXP, then you have to delete files in both the Temp
folder and Temporary Internet Files, and do this for *each* user.

See the following instructions:
Delete ALL sub-folders and files from the following (Do NOT delete the Temp
folders themselves):

*On Win9x*
C:\Windows\Temp
C:\Windows\Temporary Internet Files

*On WinXP*
C:\Documents & Settings\[each user name]\Local Settings\Temp
C:\Documents & Settings\[each user name]\Local Settings\Temporary Internet
Files

*Note:  If the above WinXP folders cannot be seen, use the instructions
below to make them visible.

Open My Computer or Windows Explorer.  Click on "Tools" in the toolbar along
the top.  From the drop-down menu, select "Folder Options...".
The Folder Options window will open. Select the "View" tab.
In the Advanced Settings section, select "Show hidden files and folders" and
right below it, uncheck "Hide extensions for known file types", and right
below this, uncheck "Hide protected operating system files".
These are the 9th, 10th, and 11th options down, respectively. Summarizing:
ON - Show hidden files...
OFF - Hide extensions...
OFF - Hide protected...

Please post back with the results.
pc doc



Re: Virus?


< snip ?

|
| Open My Computer or Windows Explorer.  Click on "Tools" in the toolbar along
| the top.  From the drop-down menu, select "Folder Options...".
| The Folder Options window will open. Select the "View" tab.
| In the Advanced Settings section, select "Show hidden files and folders" and
| right below it, uncheck "Hide extensions for known file types", and right
| below this, uncheck "Hide protected operating system files".
| These are the 9th, 10th, and 11th options down, respectively. Summarizing:
| ON - Show hidden files...
| OFF - Hide extensions...
| OFF - Hide protected...
|
| Please post back with the results.
| pc doc
|

The settings...

ON - Show hidden files...
OFF - Hide extensions...
OFF - Hide protected...

are for the USER not the oS and AV scanners.  An AV scanner will see the files
no matteer
what.

I like to demonstrate this trick.

Go to "My Computer" an browse to the folder;   %windir%\Downloaded Program Files

On my PC, Windows Explorer shows 24 files.

Now when I open a Command Prompt and view the same folder by issuing the DIR
command.
Now I see 89 files listed.

Windows Explorer knows the folder "%windir%\Downloaded Program Files"  is
special at it
HIDES files.

Anti virus scanners care what Explorer is doing, it will see all 89 files listed
even though
Windows Explorer shows only 24.

I redirected the DIR command so I could copy and paste my folder contents...

 Volume in drive C is HDISK C
 Volume Serial Number is 5C89-64A2

 Directory of C:\WINNT\Downloaded Program Files

03/24/2006  03:27p                 284 ArcaOnline.inf
07/21/2006  01:55p             258,720 arclib.dll

< snip >

05/26/2005  04:19a                 291 wuweb.inf
06/09/2004  05:56p             435,712 xscan53.ocx
03/02/2005  02:00a                 224 zdone.dat
              89 File(s)     33,583,237 bytes
               2 Dir(s)  36,750,671,360 bytes free


Getting back to the orginal problem, his disk structure and file structure are
inttact.
However scanners are bombing out.  This could be becuase of a ZIP Bomb
(doubtful) or a Ghost
Image or other very large compressed file that is causing the scanner to "quit".
 It is also
possible that a rule of the OS was broken such as a folder with too many
characters and/o is
too deep and exceed to the 254 char. length.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Virus?


Quoted text here. Click to load it

Yes, David, I am well aware of this...there is no need for a demonstration.
I thought that my instructions were quite clear in giving Steve two
different methods to try and delete the files manually from the temp
folders. One from safe mode, and the other from a dos prompt. If the OP
wants to try and delete those temp folders from either normal or safe mode,
and the folders are hidden, (by WinXP default), then he will have to un-hide
the folders.
I have been using these instructions in spyware removal forums for the past
2 or 3 years while helping people clean there systems. No one has ever had a
problem with them before.

[snip]

Quoted text here. Click to load it

It sounds as if the 254 char. length may have been exceeded (based on new
posts from the OP). Can Scandisk/chkdsk repair this? I know that it could
with Win9x. I have never seen it happen on WinXP.

pc doc



Re: Virus?



|
| Yes, David, I am well aware of this...there is no need for a demonstration.
| I thought that my instructions were quite clear in giving Steve two
| different methods to try and delete the files manually from the temp
| folders. One from safe mode, and the other from a dos prompt. If the OP
| wants to try and delete those temp folders from either normal or safe mode,
| and the folders are hidden, (by WinXP default), then he will have to un-hide
| the folders.
| I have been using these instructions in spyware removal forums for the past
| 2 or 3 years while helping people clean there systems. No one has ever had a
| problem with them before.
|

I see it often stated and is incorrect.  I don't hang in forums.  I have been
here for since
this groups inception and I had to comment on it.

I also had to post the Explorer hiding concept because YOU and I are not the
only ones
reading this thread  :-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Virus?


Quoted text here. Click to load it

David, what is incorrect? My instructions for un-hiding the folders are only
relevant if the user is trying to view the Local Settings folders and beyond
in WinXP, and from Normal or Safe Mode. These instructions do not apply to a
dos window/command prompt.
Unless I am wrong about what you are refering to be incorrect...

...Or perhaps this will explain my reasoning for recommending to try and
manually search for and delete the file:  I once had a file in a Temp folder
that I could visably see with Windows Explorer/My Computer, but I could not
find any way to move it, rename it, delete it, delete the folder(s) it was
located in. Nothing worked while I was in Windows Normal or Safe Mode. No
Scanners, disk repair programs, or defrag could get rid of it. It was not a
malware or virus file. Just a corrupted file.
I was finally able to delete it by opening a command prompt and browsing to
the appropriate Temp folder. But...I knew where the file was specifically
located by unhiding the Local Settings, etc., folders and locating the file
in the Temp Folder while I was still browsing with Windows Explorer.

pc doc



Re: Virus?

pc doctor wrote:
Quoted text here. Click to load it

I still have a ton of files in
C:\Documents & Settings\windows\Local Settings\Temp
What about all of those? If I don't here back soon, I'll try to dump
those too. It looks like the vast majority of .tmp files are in there.

Steve

Re: Virus?



|
| I still have a ton of files in
| C:\Documents & Settings\windows\Local Settings\Temp
| What about all of those? If I don't here back soon, I'll try to dump
| those too. It looks like the vast majority of .tmp files are in there.
|
| Steve

Dump them and all files in; %windir%\temp

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Virus?

David H. Lipman wrote:

Quoted text here. Click to load it

Thanks Dave. I'll do that now and try to scan once again.

Re: Virus?

David H. Lipman wrote:
Quoted text here. Click to load it


Also, make sure the settings for keeping messages received and sent,
etc, are set to the lowest values compatible with your needs. Eg, if you
"keep for 20 days", the files or folder storing these messages will be
larger than if you set for 10 days. That can make tens or even hundreds
of megabytes difference in disk space, depending on your browsing
habits. (I found this trick by searching for a couple of very large
files that refused to defragment.)

HTH

Re: Virus?


Quoted text here. Click to load it

OK, this turns out to be the area that wouldn't let me just delete all
.tmp files.
To overcome this, I deleted sections of about 200 files at a time. I
finally narrowed it down to one file:
Inside :\Documents & Settings\windows\Local Settings\Temp there was a
folder named Temporary Internet Files and inside there was a folder
called Content.IE5. Which can't be deleted but the contents can except:
Inside that folder is another folder called 1AR1V2XT which couldn't be
deleted but all the contents can except:
Inside there were lots of pictures and one thing:
a thing with a huge long name. The name starts with
"Type=click&FlightID=15993&ADID..........etc...."
What ever that is, when I right click it, the only 2 choices are "Open
With" or "Send To". It can't be deleted, it can't be renamed and it
can't be dropped into the recycle bin.
I didn't try going to save mode yet. Maybe tomorrow. What is that thing
and what is it doing in there?

Re: Virus?

the hamburger meat, threw it on the grill, and I said "Oh Wow"...

Quoted text here. Click to load it


You can open up a command prompt, navigate to the C:\WINDOWS

(Your main drive may have a different letter)

attrib temp -h -r +a

That should unlock the temp folder itself and let you do a dir on it.

You may have to repeat the attrib for the individual files themselves.
I wouldn't recommend deleting the temp folder itself.

You can use this little trick (not really a trick, nitpickers) on any
folder in your drive. I'd navigate to the last directory displayed
where the scans bog down and see if there's some kind of bad file in
there. At this point I do need to caution you that snipping the wrong
files can lead to crashes/problems in programs or worse. Make sure you
know what you're deleting before you delete it.


--
trippy
mhm31x9 Smeeter#29 WSD#30
sTaRShInE_mOOnBeAm aT HoTmAil dOt CoM

NP: "To Live And Die In L.A." -- Wang Chung

"Now, technology's getting better all the time and that's fine,
but most of the time all you need is a stick of gum, a pocketknife,
and a smile."

-- Robert Redford "Spy Game"




Site Timeline