Possible Virus nightmare:

**Bubba** · #1 4th Oct 2008, 11:02

A friend just dropped her computer off because it is having problems. Her boyfriend visits a bunch of porn sites and she has no virus protection. Before I start on it though I have a few questions.

1). My internet comes through my cable modem to a Linksys router (WRT54G). If i run a line from the router to her computer, there is no way the infections can jump to any of my other computers is there? I have not officially set up a network, I have two hardlines out to my two desktops, which are linked to the extent I can use the printer with both of them, my wife's laptop and daughters desktop are wireless, (daughters not accessing signal but that's another thread in a different place lol).

2). I have a copy of Hijackthis on my Vista machine. Can I copy it to a jumpdrive and transfer it to hers, or should I just download off the web a copy on hers?

3). I have Norton Internet Security 2008 (legal copy) that didn't work with my Vista 64. Should I put it on her computer or should I use a different (free lol) AV from the web and her XP MS firewall? (edit: I just saw the Komodo thread. That's a good AV isn't it?)

4). Should I do the AV before or after I clean the computer.

Evilfantasy: After I get the Hijack this answer and post the results, if i need to do the same first step as the person in the Automatic IE opening thread, just say so instead of typing it all out again lol. I read the thread.

**evilfantasy** · #2 4th Oct 2008, 11:24

1. Update then transfer over Dr Web. Do a full scan and remove anything found.

2. After Dr Web is done and the PC restarted it should be safe to run a line from the router to her computer, then run HijackThis and post the log.

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now Click OK to start.
- This is a short scan that will scan the files currently running in memory.
- If or when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button.
Then click the Green Arrow Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
Copy and paste that log in the next reply

**thingie2** · #3 4th Oct 2008, 11:32

1) it shouldn't do, but why does it actually need to be on the net?

2)are you meaning a pre-installed version, or the downloaded file?

3)Well I advise against using Norton, it slows everything down too much, Personally I use Avast as AV. it seems to work quite well.

4) I wouldn't say it rearly matters, both have merits.

**4D(Fordy(Ford) Ollie** · #4 4th Oct 2008, 14:06

I'd back Avast, great stuff and completely free, I used to have Norton, which costs, however Avast I find much better, faster, easier to use, and of course infinty% cheaper.

I'd download both Avast and Hijack This directly on her computer, no risk that way.

**Bubba** · #5 4th Oct 2008, 15:08

Thanks guys. I've done the first step Evil. i have guests coming over for supper and then the Talledega race tomorrow to go to so I'll get you the results posted probably Monday, although it's possible for later tonight/ early tomorrow morning or Sunday night late. Time got away from me trying to cook, watch football and fix a computer lol.

**Bubba** · #6 4th Oct 2008, 19:39

Ok. her computer won't connect to the internet now. Her computer won't let me defrag or run any other disk management tools. I even tried to put an install disk of XP in and it boots to her already installed XP even though I went into BIOS and made boot from CD the only option.............

**evilfantasy** · #7 4th Oct 2008, 19:43

You might want to run Dr Web on it before trying to do too much. If it is virus related then trying to do normal things is pointless as the infection will just cause unnecessary gray hairs....

**Bubba** · #8 4th Oct 2008, 19:52

LOL Bro, I already ran Dr.Web. See my post three above, concerning the first step, (which was run Dr. Web). On the first quick scan there was 1 thing to delete and the complete scan only got three. I saved the file as well. I wrote one down since I couldn't connect, but decided to try to nuke the Hard drive so didn't write the others down. The one I wrote down said.:

kdokx.exe C:\\WINDOWS\system32; POLY!CRYPT-unpack error; Deleted;

EDIT: The attempt at nuking the hard drive failed as well BTW.

**evilfantasy** · #9 4th Oct 2008, 19:55

I see.

Can you get a HijackThis log posted?

**Bubba** · #10 4th Oct 2008, 20:11

In order to do that, I would have to run it on the infected computer, copy the results to a jump drive, download it (and a possible if not probable infection) on this computer to do so. I am unwilling to take that chance lol. Or am I just being paranoid?

One question I haven't asked, is there any possibility that my jump drive was infected by plugging it into the other computer when downloading DrWeb to it?

If you think there is no, or little chance of infection on this machine, I will do the hijack this thing, also I will need to know if my flashdrive could ahve been infected. (Sorry, I keep calling it a jump drive).