Even though I could easily bring the system back to the partition, my parents are paranoid to the extent that it'd just be easier to replace the hard drive and go from there. And since my paycheck isn't in yet, they'll be fronting 50% of the cost anyway; I figure it'd just be the easiest to go that next step and have peace of mind.
While attempting to pare down some unused internet links in advance of bringing it into the shop (the less data on the system, the easier it will be to back it all up), I accidentally activated the link to the Delta Mu Delta honors society page; it seems that I was actually able to get in there, although whether this was a fluke or because the site was "secure" I don't know. Does this mean that I already have regular connections, or is this something else?
Also, Ad-Aware picked up on "win32.vilsel," which someone told me [i]might[/b] be "backdoor.vilsel" on my system. I've deleted it once already, but don't know if I truly killed it or not. How would I know? And could this be what was blocking my access?
Here's my current situation. All of my attempts to nuke it have failed.
When I suggesting using Windows Task Manager to nuke a running process, I was referring to your problems with zombie Java processes. Nuking an unneeded Java process is easier than rebooting.
Making matters worse is the fact that my Malwarebytes appears to have been damaged in some fashion; it isn't killing it like it should, and I cannot download any updates (it seems that I'm not being allowed to access IE or Firefox despite being able to download updates for Spybot and Ad-Aware).
If IE and Firefox are not working, check if they've been reconfigured to use a prozy server. Some malware install a proxy server on your system and configure your web browsers to use the proxy server. When Spybot or some other tool removes the malware and the proxy server, it doesn't reconfigure your web browsers and the web browsers won't work because they're trying to connect to the Internet via a proxy server that no longer exists.
In IE, go to the Tools menu, select Internet Options, click on the Connections tab, and then click the LAN setting button. If the Proxy Server option has been selected, uncheck the check box and see if IE works. If that fixes the problem, go through the same process with Firefox.
If you are still having problems, I suggest getting an undamaged copy of Malwarebytes and seeing if it works any better. I would do that before doing anything drastic.
I've been getting bits and pieces of it, but nothing has actually killed it so far.
Making matters worse is the fact that my Malwarebytes appears to have been damaged in some fashion; it isn't killing it like it should, and I cannot download any updates (it seems that I'm not being allowed to access IE or Firefox despite being able to download updates for Spybot and Ad-Aware).
I've found some boot disks a family friend - an IT guy - gave me a year or so back before he moved away; I just don't quite remember what to do with them.
So what's my best option - back up everything I want to try and save then go scorched earth, or is there a better way?
On Saturday, someone or something seemingly exploited a hole in either Java or Blackboard to hit my system with a piece of malware known as "Fraud.Sysguard;"...
I have an XP box, but I don't use it much. My experience with this sort of thing consists of helping my dad remove the malware from his XP system, something which I have to do fairly frequently. :-)
Since dad hasn't been hit with this specific bit of malice, I can't give specific advice. You seem to be following the correct procedure: searching the security blogs and forums and using the standard software. Follow the procedures you find online to the letter and see where that gets you. Try SM and see if it helps. If it mucks something up, restore the system to the last good system.
Currently, I'm running a 2005 Dell Desktop with XP as my main system; I'm not sure of what it has, as my dad purchased it for work (thinking he'd need it for a project) without asking any of us for input.
A lot of the stuff I do for college has to be done via an online system known as Blackboard. Blackboard is Java-intensive, and even after I've logged out and closed the window I still usually have at least one instance of Java active; I typically have to shut the computer down for Java to close
On Saturday, someone or something seemingly exploited a hole in either Java or Blackboard to hit my system with a piece of malware known as "Fraud.Sysguard;" I know the name, as Spybot SD picked it up. I thought that Spybot nuked it, but it seems I was wrong; I've still got something on my system, even after Ad-Aware nuked a separate trojan horse earlier this afternoon.
I've had the system in "safe" mode since the infection hit so that I can run the various anti-virals and anti-spywares I have.
On Saturday, while it was in "safe" mode I ran Eusing Free registry cleaner (picked up on a bunch of clutter), Spybot SD (picked up Fraud.Sysguard), Ad-Aware in "smart" mode (didn't get anything), AVG Free in its "safe mode" configuration, and Malwarebytes in "smart" mode (didn't get anything).
This afternoon, after returning from church, I tried to pull the system up in "normal" mode to see if it did the job. No dice. Not only was the malware still in the system, it refused to let me run Trend or Malwarebytes. So I had to kill the power to the system and reboot in safe mode.
Since then, I've run Spybot SD again (no joy), Ad-Aware in "full" mode (picked up on Win32, which it said was some sort of trojan horse), I've cleared my cookies & browsing history from Internet Explorer (Blackboard has a habit of crashing when used via Firefox), I've run Eusing again, and am now running Malwarebytes again in "full" mode. I also used my laptop to have Malwarebytes scan a USB key I had plugged into the desktop at the time, and it came up clean. Trend is refusing to run on my system, period; it may have something to do with it being in safe mode.
Anyone here have experience dealing with it?
Short of taking it in to a local repair shop, I'm running out of options. I was thinking about doing a system restore and bringing the data back to either Thursday or Friday if possible, but one of the tech blogs I read to try and find an answer indicated that there was a slim chance a person's restores would be affected as well. I also have Iolo's System Mechanic on a CD-ROM (purchased from a store), but that wants me to uninstall AVG first and I've heard that some versions of SM are buggy.
