MetaChat - OhMyFreakinStarsNGarters Hope Me. Anyone 'puter savvy want a challenge?

MetaChat is an informal place for MeFites to touch base and post, discuss and chatter about topics that may not belong on MetaFilter. Questions? Check the FAQ. Please note: This is important.

26 January 2012

OhMyFreakinStarsNGarters Hope Me. Anyone 'puter savvy want a challenge? Like, a Chinese boxes-in-boxes puzzle? I don't know where to start. Computer is buggy in freaky ways.→[More:]

So today I used Windows Defender Offline Beta as per this discussion. I booted off a USB drive instead of my hard drive. I often can't update virus definitions with Microsoft stuff, though, maybe (?!?) because Internet Explorer is not my default browser (I use Mozilla Firefox) and I never reconfigured IE when I switched off dial-up. I dunno. But I ran Offline Defender without updating virus defs anyway. It found nothing.

I did this 'cuz just a while back I beat the Windows 7 Security virus mainly with this from MalwareHelp.org and then free Malwarebytes and Microsoft Security Essentials, but while the virus seemed 99.9% disabled, I still was getting that little icon in the right side of my toolbar tray when I'd start the PC. So I tried free AVG & Avast to no avail. So I thought maybe the offline trick would wipe the icon.

So after booting off the rescue USB drive and then restarting after all that's over, I went to Facebook and it and several other pages wouldn't display properly -- I couldn't navigate or use the websites at all. And my Bank's website wouldn't let me log in to see my balance, it wouldn't accept my 100% correct password, so I'm really freakin' out. Until finally I think, well, I'll finally try Google Chrome. So I do, and all those pages display okay. THEN I open up Mozilla, and all the pages work again, including my bank login.

WTF.

Now my volume control is missing from the right lower toolbar. Just gone. And when I start the PC I get this freaky message, which actually started a couple days ago when I seem to have caught a minor bug that Malwarebytes removed today AFTER Widnose Off Defebnder found nothing. And random programs show up on my right side toolbar tray, things like iTunes and OpenOffice that should be over on the LEFT side.

Also, from the process of (mostly) beating Windows 7, I have maybe four antivirus programs installed (plus CCleaner, which rocks), which is slowing my system down and isn't healthy... but I'm unsure what virus software to keep, or whether to buy McAfee or something... but NONE of them seem to prevent the Windows 7 virus anyway, so are they any good?

Btw, Microsoft Security Essentials usually DOES update properly, but now it won't update either. But Malwarebytes DOES at least think it updates virus definitions successfully, so it doesn't seem as if (?) a virus is blocking my antivirus programs(?)

Ghaaah.

post by: shane at: 20:50 | 12 comments

You can turn updates back on. (It's needed to update virus definitions.) Control Panel->updates (I think)

posted by Obscure Reference 26 January | 21:17

Is catalyst something you run ordinarily?

posted by Obscure Reference 26 January | 21:18

Naw, I never touch Catalyst. I think it's part of my video card program. Weird, eh? Is there a virus trying to change my settings or something?

posted by shane 26 January | 22:10

Oh, the automatic updates thing!

No, Automatic Updates ARE turned on. That's not a real Windows icon. That's a leftover from the "Windows 7 Security" virus, I believe. I'm not about to click on it, but if I do, I should be redirected to a page that tells me I need to buy an antivirus program and, in fact, every browser window I open after that will redirect to that page, and even most all programs other than Internet browsers will also redirect to that page, etc. etc. until I run that widget from MalwareHelp.org that installs itself, I think, by disguising itself as part of the virus, then fixes the register entry that the virus installed. That's the Windows Security virus.

posted by shane 26 January | 22:35

I think this is beyond MetaChat's expertise level. Try AskMe or barring that, just go right to Defender support forums. I'm amazed at how helpful and diligent volunteer antivirus/support people are.

posted by Miko 26 January | 22:46

Catalyst is the interface for your video card driver. Have you changed your user account to not be an administrator as part of your war on malware? That could be why you are getting the message that you don't have access.

Having multiple anti-virus programs installed can cause problems, as they can detect each other as threats and, as you have found, they suck up a lot of resources. I've stuck with AVG (free version) and Spybot for years now and have (touch wood) not been infected with anything except once when someone borrowing the machine used IE (how they found it given that I'd deleted all menu shortcuts I'll never know). I've had very bad experiences with McAfee and would never buy it - it's practically a virus in itself, given the harm it does to a system.

The lack of a volume control icon could also be a result of your war - you should be able to return it by right-clicking on the task bar and following your nose from there.

It's understandable to be paranoid, but the problem with accessing sites you experienced could just have been a temporary connection issue of some kind - I've fallen for that myself in the past and concluded that the whole thing was a coincidence when I found there was a reported outage by my ISP at the same time.

As far as the update icon goes - try going into your Security Center via the control panel (not by clicking the icon) and make sure the anti-virus updates are set to be manually managed - I've also seen this go strange.

If you really are still infected with something, I think Miko is right that this is beyond MeCha and possibly into the territory of having to take the machine to a real person or doing a complete re-install.

I don't want to make light of what may be an on-going serious issue, but sometimes virus cures leave artefacts that need to be tidied up.

posted by dg 27 January | 01:23

Thanks, dg. That all makes a lot of sense. The volume control popped back up on its own. I don't know -- maybe booting from an external drive temporarily messes up settings. It's entirely possible that the Automatic Updates icon is legit, too, and simply is not registering that updates are in fact on.

I'll avoid McAfee. The only thing I don't like about AVG is: Have you ever tried to uninstall it? It doesn't happen, whether you go through AVG's uninstall or through Add/Remove Programs. It becomes inactive but stays in your system dormant and sometimes even prompts you to scan (and thus reinstall). Other than that it has been great to me.

Re Catalyst, I haven't changed my user account, so that remains a mystery.

Miko, I might check out the Defender forums. Microsoft Security Essentials seems valuable.

If anyone here becomes infected with the Windows Security virus, I really recommend this tool from MalwareHelp.org, and I recommend MalwareHelp.org in general for anything you nasty catch. Their tool removed 99.9%, maybe 100%, of just about the nastiest virus around, when MetaFilter seemed mostly convinced that only booting the 'puter off an external drive would do that. MalwareHelp.org is VERY cool.

posted by shane 27 January | 08:51

The "security virus" I had actually did turn off updates and made them difficult to turn back on. Are you sure yours are on? It also changed .exe files to be non-executable. I have various means of attack available but I'm not sure that you don't have the full thing back.

posted by Obscure Reference 27 January | 14:23

Good point, thanks, O.R. I'll run Win 7 Security Tool Analysis and Removal tonight again and see if anything improves. I'm tempted to download Kaspersky to a flash drive and boot offline from it, too, just to see what happens. It's all kind of interesting. One of the people in that MeFi thread ran just about everything you could think of before finally totally wiping this virus.

posted by shane 27 January | 17:42

Those viruses can change a lot of settings that the malware/antivirus programs won't change back. Check your internet settings to see if there is a proxy server set up that you aren't expecting. Try googling about the specific virus you had. There are often good instructions on the net for eradicating the virus and fixing your machine. Still, you have to make a good decision on whose instructions to trust. Check the posting date of the instructions you use to make sure they're fairly recent. Combofix might be a very last resort if you can't fix things any other way.

My copy of microsoft security essentials always updates fine, and I use firefox here as my main browser. Lately though, I'm using AVG on my slower laptop.

posted by DarkForest 27 January | 18:30

whoops... don't know how that block quote got in there. sorry...

posted by DarkForest 27 January | 18:31

Thanks, DarkForest. It turns out the icon pop-up that I thought was a virus leftover is actually legitimately Microsoft Security Essentials not registering that Automatic Updates are already turned on (D/T the virus changing settings?), so you and a few others called it right.

posted by shane 02 February | 12:55

← Bunny! OMG! || Bunny! Butterfly hat! →

HOME || REGISTER || LOGIN