AVG problem

[Robert Reed]

Kheston
Tried your site and guess what - Popup - "Access Denied"
Surprise, Surprise. This is one "bitchin" virus and seems to have all outlets blocked.

Setec
After trying all suggestions here from all posters, I seem to be digging myself into a deeper hole. Don't get me wrong guys as I really apprecite your input and am sure many would have worked in milder situations. However, being the computer illiterate that I am, I feel the deeper I get into this thing the worse I will make it.
I had thought earlier of trying to do a restore or maybe putting all my valuable stuff on CDs and then wiping the slate clean then loading everything back into a clean 'C' drive, but I am afraid I would botch some thing along the way. I really need to preserve some critical information stored here such as my electronics file containing manuscripts (past & future) along with a wealth of designs and test infomation that took years to compile. There is a computer specialist in town that I have dealt with before with good results, so it may be time to pack things up and head over his way. Thanx again and will leave everybody know the end results.

[SETEC_Astronomy]

Yes at the very minimum get good backups. I would make several depending on file size. Make sure the specialist you take it to knows how much you value the data and ensure it's survival. If he or you makes a wrong move attempting to fix the system your files could easily say bye, bye. Do you have a USB thumbdrive you could drag you most precious files to? have you tried burning a disc since the infection? Unfortunately since you're infected what you backup may end up infected as well, a sad reality. Back in my early days I backed files after an infection just to later find I only managed to save infected garbage barely resembling my old files. The only part of the files that were of use were the file names Exercise extreme caution and I wish you the best of luck on getting everything fixed up. Sorry it happened to you, it sucks I know

[reloadron]

Well Ron
This gets stranger and stranger. First website - popup says "Access Denied"
Second website tried two downloads and one would not download correctly. The other one (hijack) downloaded install on desktop but will not install in my computer - just sits there and does nothing! After awhile I tried to delete it and I get a popup - Access Denied due to Write protection or in use!
Does the anti-virus have a virus? What do I do now?

You never mention your operating system?

Let's try booting in Safe Mode by tapping F8 during the boot cycle. Then try running HJT from the desktop. Things will look funny in safe mode and that is normal. The system will load only the default graphics drivers.

Now if HJT still is a problem then you should be able to remove it and start again booting into safe mode but this time with networking. Then back to the link I posted and try another download of it.

Also I strongly a good backup of critical data is in order. The last resort would be a reformat and reinstall of the OS.

Ron

Ron

[CeaSaR]

Robert,

From the increasingly "bad" sounding descriptions of your problem and
your self proclaimed "computer illiteracy" (no shame there, most of us
are end users of one thing or another), it seems that you are about at the
end of your abilities. I'd recommend making backups of ALL your important
data/files/programs (possibly more than once) and taking the CPU to a
professional. *If* the Professional can clean your system, great. If not,
heed Setec's post about greatly impressing upon him how important your
data is and that you need it off of the HD before he wipes it. Hopefully,
you have discs of your programs.

My heart goes out to you, and my hopes are for you to come through
relatively unscathed.

Once you get your CPU back, I'd make sure you have some good
security running. My computers use AVG(free), ZoneAlarm firewall,
Adaware and Spybot Search and Destroy. So far, I've had very good luck
with all of these programs. I prefer using an outside firewall over
Windows firewall because the 3rd party programs are much more
configureable, plus they have better reviews than MS's firewall.

CeaSaR

[kheston]

Caesar's suggestion will be much quicker, but if you're into masochism:

Borrow a friend's computer and Internet connection to view the link I sent you. There are instructions about downloading the required utilities to a flash drive and using them. Chances are, the trojan/virus you have knows about bleepingcomputer and is specifically blocking you from seeing it.

Good luck!

[Robert Reed]

Reloadron
My OS is Windows XP; My browser is Netscape by default or Internet Express if I should so Choose.
Tried your suggestion, but unfortunately when I get the screen with those 'safe' options, I have no mouse pointer visible so as to click & choose.
Funny thing happening now - Cannot defrag as popup says it won't start. Cannot load Netcape as a message says URL cannot be found! Yikes!!!!

[CeaSaR]

Robert,

I hate to say it, but things are going downhill fast for you. Backup
immediately and unplug from the internet until you get your computer
fixed. Better to be offline for a few days than risk infecting anyone else or
giving the d*mn hackers anymore of your computer.

Be brave.

CeaSaR

[CeaSaR]

BTW, when you are in Safemode, you should use the up/down/left/right
keys to make selections (DOS style screen - all text and monochrome).

CeaSaR

[evahle]

Hi again Robert. If you are still online, I ALSO recommend that you backup all your data, but only files that are not programs. You've mentioned RESTORE before, in one of your posts, but seems no one else has. I would use System Restore the moment I thought something wasn't right!

To Restore:
Click; Start/Programs/Accessories/System Tools/System Restore

Then choose a date to restore to before you started noticing the problem.
They say that it will not remove your data files, but I'm not sure if that is accurate or not. Just in case though, you can at least backup the data files you have(files with extensions; txt, doc, xls, or pictures; jpg, bmp etc.)

The Restore program comes with the XP operating system and it works alot like the program GOBACK that I've used on Win98SE. It works great as long as the virus didn't get into your computer before the restore date.

Good Luck to you Robert. I hope this is quick and painless as possible for you.

evahle

[SETEC_Astronomy]

Hi again Robert. If you are still online, I ALSO recommend that you backup all your data, but only files that are not programs. You've mentioned RESTORE before, in one of your posts, but seems no one else has. I would use System Restore the moment I thought something wasn't right!

Though you meant well it's really not a good idea. Depending on where you store your valuable data a restore WILL wipe it all out, I've seen it happen over and over. Windows restore is meant more to reverse a bad setting or miss-configuration and not an infection. More to the point I've never had a system restore work properly. As someone who's been personally bitten by the Windows restore "feature" I would like to suggest that if you or anyone relies on it for data security you make a change in your backup strategy. For safe data storage nothing beats getting two good copies and keeping them in two different locations. I go one step further and do byte-by-byte verifies of all copies.

Robert i was listening to a podcast today from a security researcher and it seems he got bit by the same thing you did and he says it's real nasty. His life is security and he still got infected. Apparently AVG and a few other pieces of software were targeted directly. He described almost verbatim your exact symptoms. The only difference is that you get "Access Denied" and his traffic gets routed to a malicious site attempting to deepen the infection. Proceed with extreme caution.

[evahle]

Though you meant well it's really not a good idea. Depending on where you store your valuable data a restore WILL wipe it all out, I've seen it happen over and over. Windows restore is meant more to reverse a bad setting or miss-configuration and not an infection. More to the point I've never had a system restore work properly. As someone who's been personally bitten by the Windows restore "feature" I would like to suggest that if you or anyone relies on it for data security you make a change in your backup strategy. For safe data storage nothing beats getting two good copies and keeping them in two different locations. I go one step further and do byte-by-byte verifies of all copies.

Hi SETEC_Astronomy. Actually I have used the Goback program quite abit, but I can't remember when I used MS Restore last. I remember that Restore will also allow you to revert back to your current setup if you don't like the previous date that you restored to.

To make sure, I've setup a restore point to today's date and I'm going to revert my hard drive(which includes the registry) to last week's restore point. Then I'm going to revert back to today's date and see what happens. Yes, you are absolutly right about backing up all data and verifying the backup. I do this all the time, so should everyone. Like most people I learned the hard way(lost 6 months work to a trojan).

I'll let you know my results when I'm done with the restore testing...
evahle

[SETEC_Astronomy]

If you're going to go through with that please make good backups first and be prepared to re-install the OS. I'm not saying System Restore doesn't work for some people but in my experience it's always been a complete disaster. I hope you prove me inaccurate just so you don't have to go through the hassle of getting things back to normal. C'mon MS you can do it! I'm Beta testing Windows 7 at the moment and I might just see if they've made some significant improvements in the restore area, anything is possible

[evahle]

Well, I'm back and my computer and settings are all back to Jan. 8th, 2009. I checked my email and even today's email was still there. I checked my icons. They are there. I checked my new shortcuts after Jan. 8th, and they are still there. My data doesn't seem to have changed at all, but the new Eagle software that I've installed this last week is now gone!

Now I'm going back offline and revert my drive back to today's date. I've done this stuff before and I've not had any problems doing this. OR maybe I'm as gutsy as rotatepod! hehe

I'll be back...
evahle

[evahle]

Well, I'm back again, and everything is back the way it was today. Checked my email and shortcuts again and still don't see any obvious problems. I can't guarantee that it will solve your problem, but I was fairly confident that it would work. I do however, keep my data backed up on CDs! Maybe others out there might backup their data and try experimenting with this Restore program like I just did. It only takes a few minutes and it says you can undo the revert if you wish.

evahle

[Bigglez]

My data doesn't seem to have changed at all, but the new Eagle software that I've installed this last week is now gone!

As a long time EAGLE user this bothers me. I would not
want to loose and EAGLE data, or have to rebuild my
current installation (for obvious reasons).

I have used the Windows Restore to set points before major
"house cleaning" JIT (Just In Case...) and have only used
the Restore once, to step back in time about a week, to
remove an attack from Adware type invaders. This was about
a month ago, and like magic it worked!

I found that letting my subscription to McAfee drop last October
was not wise in hindsight.

Back to EAGLE, I find their installation process on Windows
to be less that perfect. For example, if I try to launch
someone else's EAGLE work that I have downloaded from a
forum or email, one of my PCs launches an older version
of EAGLE (4.16r2) that I uninstalled (using Control Panel
tools) over a year ago.

Also, I don't have an EAGLE icon in the Start menu, but I
did create one that jumps to:
"C:\Program Files\EAGLE-5.1.0\bin\eagle.exe"
and works well.

Unlike typical Windows installs that generate shortcuts and
folders in the Start Menu (and the better ones even ask before
doing so) EAGLE doesn't. Not a big issue, and perhaps it
is because the program is Linux/Windows compatible and
not entirely Windows centric.

Good luck to you all with fixing Windows, and undoing
SPAM attacks and other malware.