got a virus, best free removal program?

[bhutsell]

Homer, I got all my help from MajorGeeks.com. I didn't start a thread, but pretty much followed the steps for cleaning at this link. Change the thread number to 139681 for Vista.

You might have to download the programs on a different computer, then transfer them over. The trojan I had blocked pretty much every useful security website. Again, I had to rename the executables and disable updates to get them to install, then rename the program executable file again to get the programs to run. A lot of trial and error. I could update after the program was running.

I didn't get to the point where I used the ComboFix program, didn't have the rights at work to disable my Virus Scanner.

[Homer]

yeah, the one good thing i can say about spy sweeper is that it did clean up a lot. i'm able to run the files now. the problem is i still have something that's re-directing all my searches. i'll take a look at your post though. thanks.

[Homer]

well it seems i can't even get past the first step cuz i lose my internet connection. turns out the virus is the tinyproxy.exe. it's that koobfa virus from facebook. damn facebook. anyhow, i can't seem to find a way to get rid of it. if i block it or quarantine it, my internet stops working. woo hoo. so if anyone knows anything about this, please do let me know.

[Yankee4Life]

well it seems i can't even get past the first step cuz i lose my internet connection. turns out the virus is the tinyproxy.exe. it's that koobfa virus from facebook. damn facebook. anyhow, i can't seem to find a way to get rid of it. if i block it or quarantine it, my internet stops working. woo hoo. so if anyone knows anything about this, please do let me know.

Hey Homer, try this link right here.

I hope it helps you and can answer all your questions.

[Homer]

thanks y4l. i have seen that. facebook thusfar only says to change your password and to run one of the free online virus scans they suggested. which i don't need since my virus scan has already found it. the problem is getting rid of the thing without losing my internet.

[stevieaces]

thanks y4l. i have seen that. facebook thusfar only says to change your password and to run one of the free online virus scans they suggested. which i don't need since my virus scan has already found it. the problem is getting rid of the thing without losing my internet.

Cant you reinstall your driver for your network card after you remove the virus completely? Thats what I would do.

[Homer]

not working either.

[MarkB]

Hey guys, sorry I've not posted so far, haven't been checking the thread.

Redsox, I haven't done any real research in the last year or so on what the best anti-virus program is that's available, but I'd say common sense is the best solution anyone will get to avoiding viruses and malware. I haven't used an anti-virus program in way over a year now, and I ran a OneCare scan before I built my new PC just to double-check there weren't any problems before transferring my data to the new drive - absolutely nothing. Everyone should have a certain degree of protection, but don't be fooled, or scared, into thinking that you need some sort of all-encompassing, invasive anti-virus program on your PC just because society says so. If you have common sense and know what you're doing, there's a good chance you won't have any problems at all.

Homer, a few questions. Do you have System Restore enabled? If so, disable it. There's a good chance the virus is hiding out in your system restore cache. How many entries do you have in your MSConfig startup list? Any there you don't recognise? You might want to check the services tab as well. Also, is Internet Explorer set up to use a proxy? Most home systems aren't, but that's one of the things that TinyProxy does - changes your settings to redirect your traffic through a proxy. To check this, go to Tools-Internet Options-Connections-LAN settings, and check if the proxy server box is ticked. If it is, disable it. Boot to Safe Mode (regular Safe Mode, no networking) and run your standard anti-virus scan, quarantining or removing any infections it finds, then run your standard anti-malware scan, again, removing anything it finds, then reboot to Safe Mode with Networking and run a Windows Live OneCare scan. You might want to leave this running while you're doing something else or overnight, as it can take a while to check all the drives on your system. Once this is done, get it to remove any infections and fix any problems it finds, then reboot to normal Windows and see if you're still having problems.

I never totally trust a system after it's had a virus as you never know what remnants, if any, are left over, so I'd always recommend attempting to get rid of the virus first, then backing up your data onto removable storage, then doing a full format of your HDD and reinstalling your OS. Overkill, maybe, but I'd rather do that and know the issue is resolved that have something nasty in the background just waiting for a helper to be installed so that it can take over the system again. I think anyone with a virus should be prepared to back their data up and do an reinstall, if necessary.

[Homer]

Hey guys, sorry I've not posted so far, haven't been checking the thread.

Redsox, I haven't done any real research in the last year or so on what the best anti-virus program is that's available, but I'd say common sense is the best solution anyone will get to avoiding viruses and malware. I haven't used an anti-virus program in way over a year now, and I ran a OneCare scan before I built my new PC just to double-check there weren't any problems before transferring my data to the new drive - absolutely nothing. Everyone should have a certain degree of protection, but don't be fooled, or scared, into thinking that you need some sort of all-encompassing, invasive anti-virus program on your PC just because society says so. If you have common sense and know what you're doing, there's a good chance you won't have any problems at all.

Homer, a few questions. Do you have System Restore enabled? If so, disable it. There's a good chance the virus is hiding out in your system restore cache. How many entries do you have in your MSConfig startup list? Any there you don't recognise? You might want to check the services tab as well. Also, is Internet Explorer set up to use a proxy? Most home systems aren't, but that's one of the things that TinyProxy does - changes your settings to redirect your traffic through a proxy. To check this, go to Tools-Internet Options-Connections-LAN settings, and check if the proxy server box is ticked. If it is, disable it. Boot to Safe Mode (regular Safe Mode, no networking) and run your standard anti-virus scan, quarantining or removing any infections it finds, then run your standard anti-malware scan, again, removing anything it finds, then reboot to Safe Mode with Networking and run a Windows Live OneCare scan. You might want to leave this running while you're doing something else or overnight, as it can take a while to check all the drives on your system. Once this is done, get it to remove any infections and fix any problems it finds, then reboot to normal Windows and see if you're still having problems.

I never totally trust a system after it's had a virus as you never know what remnants, if any, are left over, so I'd always recommend attempting to get rid of the virus first, then backing up your data onto removable storage, then doing a full format of your HDD and reinstalling your OS. Overkill, maybe, but I'd rather do that and know the issue is resolved that have something nasty in the background just waiting for a helper to be installed so that it can take over the system again. I think anyone with a virus should be prepared to back their data up and do an reinstall, if necessary.

i'm sure it's enabled. i set a few points in case the virus scans messed things beyond belief. i'm not sure about the startup list, nor how to find those.

i'll try the safe mode route as you suggested. and what is this windows live onecare? is that free?

but i'm totally with you on the last part, as i never fully trust computers that have been infected either. i haven't had an infection since college, so i haven't had to reformat the drive in awhile. the issue is that this happens to be a work computer, so i'm just not looking forward to renetworking it and everything on top of things. but since i'm on the subject, if i do reformat, should i rename the computer a different name or the same one it was? i just know that i have a few folders on it that i have set up as a network drive on another computer. i'm sure this will be causing some headaches in days to come.

[Homer]

okay, i ran a scan in safe mode as you suggested. it seemed to find more and removed them. everything seems to be working okay as my searches are not being redirected anymore. plus it's faster the problem is, i'm using IE for some reason, i can't connect to the internet with firefox now.

[Homer]

another update: i continued on exploring on what you said markb, and you were right on. the scan in safe mode identified the threats and got rid of them. internet explorer worked after i disabled the proxy settings. i got firefox to work after i disable the proxy settings there too. everything seems to be working fine now and my searches are no longer being redirected. connection is faster and such too. so for now, i may not need to reformat everything. though i would still like your opinion on naming the computer after reformatting.

majorgeeks wasn't much help either since i couldn't find a thing about this koobface virus.

but i thought i'd take the time to write an official review of webroot (spy sweeper) too. i'm gonna have to give it a major thumbs down. it is cheap, which is good. but you get what you pay for. typically, a person such as myself would buy software that claims to remove and protect you against viruses and malware would do just that. now it works fine in scanning and handling some stuff, which is good. but you can get completely free programs out there that do the exact same thing. on top of things, their technical support is just absurd. if you're lucky enough to get through (after waiting for several hours on hold), you get through to someone that is of no help. so i told this guy the exact virus that's causing the problem after searching the internet for days. all the hard work is done. the problem i presented to him was why the software i purchased from his company couldn't handle it properly. it managed to find it, but if i blocked it, the internet stopped working. how do i go about removing it and not messing up my internet connection? his reply was one of two choices: 1. i could be directed to their help desk where i would need to pay an additional $95 for them to look at it and fix it or 2. he could send me details on how to report it and hopefully fix it myself. well #1 is out of the question, because then what did i need to pay for their software in the first place? should that not have done it for me? is that not the whole point of antivirus software? #2 was even better, because they then only send me details to give them some information, to which they only send me even more generic instructions on how to take care of it. thanks, but i'm gonna go with the programs and companies that actually do what they say they do. ZERO stars out of FIVE.

[MarkB]

Hey Homer, sorry it's taken so long to get back to the thread. Been busy today. You've probably figured out the answers to some of these already, but I'll post anyway, just in case you haven't.

You can access MSConfig by going to Start, then Run, and typing msconfig. This will show the System Configuration Utility, which, among other things, shows what programs start automatically when Windows is loaded (in the Startup tab) and the services that are loaded when you load Windows (in the Services tab). If you see any entries in the startup list which you don't recognise, you don't need to start when your system starts or know are invalid, feel free to uncheck them and they won't be loaded when Windows starts. From a security and performance perspective, this is one of the first things I do when setting up a new PC.

Windows Live OneCare is a free applet provided by Microsoft that allows you to run a scan of your PC, which will detect and attempt to remove virii and malware, as well as give tips on your hard disk status, your Windows registry (the internal database that Windows uses to store certain settings and configurations) status and other information on your system. It's a useful tool, because, as well as being free, it runs relatively easily in Internet Explorer just by downloading the applet and launching it automatically from the browser. The obvious flaw which Microsoft are too self-possessed and naive to notice is that it doesn't work in anything other than I.E., so if your I.E. has become so insecure due to Microsoft's laziness and generally pathetic security, it's of no use at all, as you can't run it in any other browsers which are not based on I.E. Microsoft also announced that they're ceasing availability of the tool, which will be a shame.

If you do need to reformat and the system is networked, I'd recommend naming it the same name as it was prior to the reinstall - it won't mean much to you, but it will mean that any other PCs that are linked to your PC or have mapped network drives won't have to re-create them all due to your new computer name. If you change your computer name and the other user attempts to access a mapped drive on your system, their PC will look to the network for your computer name before the reinstall, which it won't find, so can't access the data. It's easy enough to re-map them, but it's an unnecessary and time-consuming hassle, especially if there are quite a few of them.

Good to see the scan in Safe Mode worked. I was going to post instructions in disabling the proxy in Firefox too, but took a leap and thought that most virii still stick to I.E. I guess not. Your connection will be back to normal speed now as you're contacting your ISP directly, instead of sending your traffic through another PC with a slower connection than your ISP, which causes the slow traffic.

As for Spy Sweeper not resolving the problem, I have to admit, I'm not surprised at all, especially that they attempted to charge you for support - Spy Sweeper is actually a good program for what it does (well, it was when I last used it a while back, haven't used it recently), but, without trying to sound like a smart-*** or condescending, I think you may have had the wrong expectation of what the program does, which can be easy, especially these days with all sorts of different terms being used - viruses, adware, spyware, malware, trojans, bots, redirectors...the list is endless. Spy Sweeper, when I last used it, was strictly an adware and spyware program, but was definitely not a anti-virus program. It's like going into a shower store and asking to by a bath. In general, adware and spyware programs may pick up the symptoms of the virus problem you have because the virus has contributed to download and installing adware and spyware on your PC, so it may be able to remove them, as well as any other files that are on it's definition list, but will not remove, or probably even detect, the virus itself as it's not an anti-virus program. I believe Webroot now ofer various types of program, including an actual anti-virus program and an overall security suite which would probably include the anti-virus program as well as Spy Sweeper for adware and spyware, but if Spy Sweeper is still the same and only detects and removes adware and spyware, this would not remove the root cause of the problem you were having, so when you called and asked them to help remove a virus from your PC - well, again, it's analogous to calling Dell's standard technical support, who officially support hardware, and hardware only, and asking them to troubleshoot a software problem - in which case, you'd most likely get transferred to a "specialised" software department who let you describe the problem you're having, then ask for your credit card details. If you get a decent technician, though, and are lucky enough to avoid a call centre outside of the U.K, there's a good chance that the guys I work with would at least try to help sort the problem out. If we can't, we'd offer advice on what to do, with a transfer to a chargeable service being the very last resort, probably before suicide.

Hope that helps, and if you have any other problems, let me know and I'll do my best to help out.

[Homer]

yeah, all of that helped tremendously. like i said before, even majorgeeks.com wasn't able to help. i owe all my thanks to you and the guys here. i would never have even gotten it without this place.

but yeah, i understand what you mean with spy sweeper. it really is a pretty good little program. but when i contacted them about it, the salesperson raved about it's award winning product. when i asked about the difference between viruses, adware...she adamantly stated that if i buy the full product, that it would take care of all of it. now i'm not complaining about spy sweeper itself, but i bought the whole package and it failed to deliver as the sales person promised. she also mentioned that they had good tech support if i continued to have problems, and well...you already know what i thought of them. not that i was expecting them to fix it, but i was hoping for them to shed some light into it, since the koobface thing has been around since this past summer and other software has been able to take care of it. and i probably wouldn't be so negative about it, but it was like you said. i told the tech guy about it, and instead of giving me any sort of reply, he immediately gave me the option of paying more or basically figuring it out on my own. not to mention that i had sent them four different emails through their online support and they never once bothered to look at it and reply. but my point was for the money, there are other free ones out there that are just as good in combination as spy sweeper. so i see no point in buying it. if i ever buy again, i'm gonna go with something else.

[MarkB]

If you feel you were mis-sold the product as she told you you were getting the full product and after you had purchased it, you were asked to pay more, I'd be on the phone already telling them that unless they refunded your money immediately, you'd be seeing a lawyer. I just checked their website, and the most comprehensive product they have is their Webroot Internet Security Essentials package, which apparently covers all sorts of rubbish, outlined here. You had a virus. According to their website, their product includes support from "knowledgeable and friendly support experts who will help you through even the toughest virus and spyware problems. Unlike many of our competitors, we offer U.S.-based online and phone support absolutely FREE." You paid for the full product, then were asked for more cash to sort the problem that should have been sorted in the first place by their software without you even having to contact support.

Buying online is the same as buying in a store - you have consumer rights, and cannot be mis-sold a product. You have every right to demand a refund for a product which did not perform as advertised.

Also, I'd very rarely buy software online. There are usually free alternatives to products that one would want to buy that perform just as well, and if not there are...other ways to obtain it.

[Homer]

yeah, i thought it was a low risk move to try it because it was cheap and has a return policy. but i will definitely be getting a refund. i never really knew if the free ones were just as good as this, and it turns out they're even better. but yeah, pretty crappy business model if you ask me. will never recommend them.

again though, i really appreciate all your help.

[Homer]

now i do have one more question that i can't seem to get a straight answer out of anyone. i have this other computer attached to my network, so it has internet access. except we never use it to go on the internet or do anything. the only reason it is networked is so that it can send x-rays from one computer to another. since it has absolutely no other function, would you still recommend that i have anti-viral/adware software on it?

[MarkB]

You're more than welcome man.

It depends what sort of firewall you have installed, and the configuration of your network. If you connect to the internet using an ethernet cable to this PC, definitely, yes, as this is this the system that provides the connection to the rest of your network and is the stopping point for the external IP. If this PC just obtains it's internet connection via another PC, I wouldn't worry about it - if you'd like to make sure it's clean, share the drives on this system with your network and map the network drives on another PC that has anti-virus software, then you can set up your anti-virus software to scan the networked drive in the same way it would a local drive. That method also saves on system resources and licences.