Possible virus?


Recommended Posts

I built a new machine about a week ago. Windows XP Home, McAffee AV + Firewall, adaware 6. Installed all my software etc and all is working fine.

Until...

Last night I downloaded a file from Kazaa. As soon as the download finished, my machine is suddenly really slow, like all the memory was being used on a process. I navigate to the file I just downloaded, double clicked it, and nothing happens. Explorer now crashes and I reboot.

I navigate to the folder again, execute the file, slows and crashes again. Reboot.

Navigate back to the folder, try and delete the file - single click to highlight, my machine again slows, crashes, reboot.

Get back into XP and ctrl+alt+delete and start closing down the processes I dont recognise - navigate to folder and deleted the file.

Knowing that the file that I have downloaded may include something horrid in the .exe (and no, Im not going to say what it was) I run adaware and mcaffee - both come up blank. My main concern is that my firewall was down at the time (I took it down to get my PS2 online) and I'm not sure if someone could have gotton in after I downloaded the program.

Basically, after all that, I am left with this problem. All outgoing internet requests (such as for webpages, kazaa, messengers) aren't finding their respective sites.

My connection to my ISP connects fine. Although there is a small trickle (a few bytes per second) incoming and outgoing - I'm presuming this is from and to my ISP.

I have two other machines, which can connect fine through the same line, so I know the ISP and line are fine.

/me thinks that there is something suspect on my machine - suggestions?

I'm left with reformatting (a bit extreme) but I dont want to.

All internet settings are checked and looking OK, tried connecting via IE and Firebird and nothing. :cry:

Please no flames about using Kazaa or P2P products, I know that they are a cesspit of virus's :whistle:

Link to comment
Share on other sites

Are you're computers in a workgroup where one can see the other? If so you can share the whole drive of the infected computer and give everyone full control overit. To do this just right click on the C:\(or whatever for you), choose sharing and security, choose share the folder on the network, and then check allow network users to change my files. Then you can map that drive on one of your clean systems in My Network Places. After you've done that you can use whatever anti virus is on your other pc's to scan and hopefully fix the infected pc from over the network.

Also do a search on your infected pc's hard drive for a lmhosts.sam file usually in your windows\system32\driver folder and see if there's any IP's in there. You really don't need the file so you can delete it and see if you get net access back.

Also alot of antivirus programs allow you to make rescue disks but I don't know if mcafee has that option. Using that you could boor from the disk and it could scan your system.

Link to comment
Share on other sites

Are you're computers in a workgroup where one can see the other? If so you can share the whole drive of the infected computer and give everyone full control overit. To do this just right click on the C:\(or whatever for you), choose sharing and security, choose share the folder on the network, and then check allow network users to change my files. Then you can map that drive on one of your clean systems in My Network Places. After you've done that you can use whatever anti virus is on your other pc's to scan and hopefully fix the infected pc from over the network.
No, none of the 3 are networked. When one machine is connected, the other two cannot - its a 'pull the modem from one machine and plug it into another' scenario.
Also do a search on your infected pc's hard drive for a lmhosts.sam file usually in your windows\system32\driver folder and see if there's any IP's in there. You really don't need the file so you can delete it and see if you get net access back.

Will do when I get home - all I can think of is that there is a file like you mentioned that is somehow 'blocking' the outgoing connections.

Link to comment
Share on other sites

Look in Main Directory of C: + D: make sure you have hidden files / folders so you can see them. and look for a "explorer.exe" laying around.

What was the files you downloaded BTW ?

Link to comment
Share on other sites

What was the files you downloaded BTW ?

Which part of 'no im not going to tell you what i downloaded' did you miss ;)

Needless to say that it was a 170ish meg .exe.

Thanks for all your suggestions, I'll have a peep this evening.

And where is the 'hosts' file? :pinch:

Tah

Link to comment
Share on other sites

Something I use regularly to find out about the latest nasties doing the rounds is securityresponse.symantec.com - have a look at http://securityresponse.symantec.com/avcen....hllw.cake.html - specifically the filenames it spreads as!

Ring any bells?

HTH,

Ad

Mmmmm caKe ;)

I'm just gutted because mcaffee is up to date as of yesturday AM - and it is find nothing.

Link to comment
Share on other sites

And where is the 'hosts' file?? :pinch::

Tah

It's in the second paragraph you quoted me on from my first post.

Gotcha :blush::

Link to comment
Share on other sites

Well, deleted hosts file, no change, and no explorers anywhere they shouldnt have been. Nuked the XP partition and am installing Linux. Always wanted a linux box and an xp box ;)

Thanks for your help guys.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.