Update:
MSE found nothing, but the installing boxes pop up anyway.
Have CC, didn't remember a registry option, thanks.
I run addblock and noscript.
I am also in The Beta That Must Not Be Named so playing with Hijack this will wait till Sunday.
Again thanks for all the help.
I Think I Might Be Infected ...
I think I might be infected ...
4/5 people in this thread don't know what they're talking about.
[+]
http://www.filehippo.com
Get Malwarebytes, and Ccleaner. Also it couldn't hurt to get Windows Malicious Software Removal tool from the microsoft website. Also if you use Hijackthis, and post your log file here in a Code tag, I will check it for you.
PS. I fix peoples computers as a hobby and get paid.
Also, Advanced System Care 6.1 free
AVG 2013 free
IObit Malware Fighter free vi.7
^ These all suck, uninstall them.
Get Malwarebytes, and Ccleaner. Also it couldn't hurt to get Windows Malicious Software Removal tool from the microsoft website. Also if you use Hijackthis, and post your log file here in a Code tag, I will check it for you.
PS. I fix peoples computers as a hobby and get paid.
Also, Advanced System Care 6.1 free
AVG 2013 free
IObit Malware Fighter free vi.7
^ These all suck, uninstall them.
As others have said, get Hijackthis and post the log after scan here so people will know what you are infected with. This is important because your computer might be having something else like hardware problems instead of an infection. Can you tell what the installing window is installing? Is it a hardware or software install windows?
1st uninstall these:
Advanced System Care 6.1 free
AVG 2013 free
IObit Malware Fighter free vi.7
General steps when I try to clean WinXP in a case of infection:
1. Download and install Malwarebytes. Boot into safemode with network then run it. You can also run spybot in safemode if you want.
2. Download and install Kaspersky Antivirus. Boot into safemode with networking and run it if you can. I don't think Kaspersky has a free version and can be expensive but you can also try ZoneAlarm antivirus as they also use Kaspersky engine for viruses and can be cheaper. Or just use MSE if you have it free.
3. If all else fails, try to download and run ComboFix (in safemode or in DOS command line). This is your last resort before you do a format > reinstall of windows.
3b. If you can not do any of the above steps but don't want to reinstall windows then try to remove your HDD and plug it into another computer to clean it using Kaspersky or something similar. Make sure your new computer is installed with the AV and Malwarebytes.
1st uninstall these:
Advanced System Care 6.1 free
AVG 2013 free
IObit Malware Fighter free vi.7
General steps when I try to clean WinXP in a case of infection:
1. Download and install Malwarebytes. Boot into safemode with network then run it. You can also run spybot in safemode if you want.
2. Download and install Kaspersky Antivirus. Boot into safemode with networking and run it if you can. I don't think Kaspersky has a free version and can be expensive but you can also try ZoneAlarm antivirus as they also use Kaspersky engine for viruses and can be cheaper. Or just use MSE if you have it free.
3. If all else fails, try to download and run ComboFix (in safemode or in DOS command line). This is your last resort before you do a format > reinstall of windows.
3b. If you can not do any of the above steps but don't want to reinstall windows then try to remove your HDD and plug it into another computer to clean it using Kaspersky or something similar. Make sure your new computer is installed with the AV and Malwarebytes.
I have Kaspersky and it works great
Cerberus.Kylos said: »
http://www.filehippo.com
Get Malwarebytes, and Ccleaner. Also it couldn't hurt to get Windows Malicious Software Removal tool from the microsoft website. Also if you use Hijackthis, and post your log file here in a Code tag, I will check it for you.
PS. I fix peoples computers as a hobby and get paid.
Also, Advanced System Care 6.1 free
AVG 2013 free
IObit Malware Fighter free vi.7
^ These all suck, uninstall them.
Get Malwarebytes, and Ccleaner. Also it couldn't hurt to get Windows Malicious Software Removal tool from the microsoft website. Also if you use Hijackthis, and post your log file here in a Code tag, I will check it for you.
PS. I fix peoples computers as a hobby and get paid.
Also, Advanced System Care 6.1 free
AVG 2013 free
IObit Malware Fighter free vi.7
^ These all suck, uninstall them.
Also people need to get off this "Uninstall this software and install this one" bandwagon. It's bad advice. Almost all A/V softwares are virtually identical for people who aren't actively involved in the field. Seeing as almost all mainstream software detects between 96-99% of real infections, you're probably running a greater risk of corrupting your filesystem by switching than you are getting benefit from using a 97% rated software over a 96% one.
Also get out of here with Hijack this. Nobody here is certified in reading that, and if you follow their instructions they will most definitely have you delete something that shouldn't be deleted.
I do really like HJT. While following the advice of others who interpret log files can be harrowing, because of issues of trust and differing levels of ability to analyse the individual components, there do exist good online analysis tools for it. If the issue is "waste of time", it takes only minutes to download the client and seconds to generate a report.
One of the ones I like best is here on this DE site...
http://www.hijackthis.de/
...simply copy-and-pasting the log-file report generated by HJT will bring up an analysis cross-referencing their database of items. You can then examine each item and decide for yourself if you think it is reasonably dangerous or not.
Further, if the issue is that particular site's DB of items, you could cross-reference items against this site also....
http://www.systemlookup.com/
...CastleCops is no more but at least there are legacy sites still around to help with HJT analysis, and one isn't at the mercy of internet pro-am analysts.
And yes, I realise I am agreeing with Kawar that HJT is a quality program and a good solution. ;_;
One of the ones I like best is here on this DE site...
http://www.hijackthis.de/
...simply copy-and-pasting the log-file report generated by HJT will bring up an analysis cross-referencing their database of items. You can then examine each item and decide for yourself if you think it is reasonably dangerous or not.
Further, if the issue is that particular site's DB of items, you could cross-reference items against this site also....
http://www.systemlookup.com/
...CastleCops is no more but at least there are legacy sites still around to help with HJT analysis, and one isn't at the mercy of internet pro-am analysts.
And yes, I realise I am agreeing with Kawar that HJT is a quality program and a good solution. ;_;
[+]
Even a broken clock is right twice a day.
[+]
Garuda.Chanti said: »
Update:
MSE found nothing, but the installing boxes pop up anyway.
Have CC, didn't remember a registry option, thanks.
I run addblock and noscript.
I am also in The Beta That Must Not Be Named so playing with Hijack this will wait till Sunday.
Again thanks for all the help.
MSE found nothing, but the installing boxes pop up anyway.
Have CC, didn't remember a registry option, thanks.
I run addblock and noscript.
I am also in The Beta That Must Not Be Named so playing with Hijack this will wait till Sunday.
Again thanks for all the help.
Noscript Looks for the well scripts the things that like for example on photobucket they track who gos to what pictures noscript can block that and other parts of sites if you really want it to.MSE is a protection program not a scan to fix the system program it helps to keep them away and removes some but a problem like this dose not sound like something it can help with.
download http://www.microsoft.com/en-us/download/details.aspx?id=16(32 bit)
http://www.microsoft.com/en-us/download/details.aspx?id=9905(64 bit) run a full scan with the right one and i will find the other scan you need to run as well the next scan will check for rootkits.
I will be back in like 1 hour i am looking up the other tool i can never find this one when i need it.
edit
I got very very lucky here it is.Install it under what ever your language is.Then hit the + on that page and it will give you the link to download it.as well as steps to use it.
http://support.kaspersky.com/5350?el=88446
If you need help with any of the tools or steps i gave you post and i will help the best i can
Cerberus.Eugene said: »
Also get out of here with Hijack this. Nobody here is certified in reading that, and if you follow their instructions they will most definitely have you delete something that shouldn't be deleted.
put it in to the tool and it will check and see if it finds any thing then i can tell the OP what to scan or have a better idea.
you do not even need to download the full hijackthis most the downloads are executable so you can run the tool and save a log then just close the window and your done with hijackthis.
If you need help with any of the tools or steps i gave you post and i will help the best i can
Leviathan.Andret said: »
As others have said, get Hijackthis and post the log after scan here so people will know what you are infected with. This is important because your computer might be having something else like hardware problems instead of an infection. Can you tell what the installing window is installing? Is it a hardware or software install windows?
1st uninstall these:
Advanced System Care 6.1 free
AVG 2013 free
IObit Malware Fighter free vi.7
General steps when I try to clean WinXP in a case of infection:
1. Download and install Malwarebytes. Boot into safemode with network then run it. You can also run spybot in safemode if you want.
2. Download and install Kaspersky Antivirus. Boot into safemode with networking and run it if you can. I don't think Kaspersky has a free version and can be expensive but you can also try ZoneAlarm antivirus as they also use Kaspersky engine for viruses and can be cheaper. Or just use MSE if you have it free.
3. If all else fails, try to download and run ComboFix (in safemode or in DOS command line). This is your last resort before you do a format > reinstall of windows.
3b. If you can not do any of the above steps but don't want to reinstall windows then try to remove your HDD and plug it into another computer to clean it using Kaspersky or something similar. Make sure your new computer is installed with the AV and Malwarebytes.
1st uninstall these:
Advanced System Care 6.1 free
AVG 2013 free
IObit Malware Fighter free vi.7
General steps when I try to clean WinXP in a case of infection:
1. Download and install Malwarebytes. Boot into safemode with network then run it. You can also run spybot in safemode if you want.
2. Download and install Kaspersky Antivirus. Boot into safemode with networking and run it if you can. I don't think Kaspersky has a free version and can be expensive but you can also try ZoneAlarm antivirus as they also use Kaspersky engine for viruses and can be cheaper. Or just use MSE if you have it free.
3. If all else fails, try to download and run ComboFix (in safemode or in DOS command line). This is your last resort before you do a format > reinstall of windows.
3b. If you can not do any of the above steps but don't want to reinstall windows then try to remove your HDD and plug it into another computer to clean it using Kaspersky or something similar. Make sure your new computer is installed with the AV and Malwarebytes.
Has anyone here had this user run any tools that clean the host files seeing as it sounds like it may be coming from there.but OP when do you get the pop ups when your online or when your off line.
if you get them offline it makes me feel more that it is a rootkit and if it is online it makes me feel it is more a host file.
If you need help with any of the tools or steps i gave you post and i will help the best i can
No.
And yeah HJT can be a useful tool, but not one i'd recommend in this situation.
And yeah HJT can be a useful tool, but not one i'd recommend in this situation.
[+]
Cerberus.Eugene said: »
No.
does not*
idiot.
idiot.
Cerberus.Eugene said: »
4/5 people in this thread don't know what they're talking about.
Actually that's pretty good odds for the internet. Problem is which 20% does know what they're talking about.
Bismarck.Dracondria said: »
I have Kaspersky and it works great
From what I have read about Kaspersky labs they are the only one who might go past the 99% that all other malware programs look at.
I might even pay for that one.
Sylph.Kawar said: »
OP when do you get the pop ups when your online or when your off line.
I'm only offline when my ISP farts.
The installing window pops up twice when I first start up and occasionally other times as well. At startup it lingers long enough for me to hit the cancel button, brief blink other times.
Spent today on IRS software instead of debugging. Not to worry, the machine I used for taxes hasn't been on since this started. Nor was another machine on my network on while I filed my taxes.
Quote:
download http://www.microsoft.com/en-us/download/details.aspx?id=16(32 bit)
http://www.microsoft.com/en-us/download/details.aspx?id=9905(64 bit) run a full scan with the right one.
http://www.microsoft.com/en-us/download/details.aspx?id=9905(64 bit) run a full scan with the right one.
It sounds like a rootkite.
what dose the window say at the top of it when it pops up.I can use that to google a better idea of what is wrong.So we are not just having you run all the scans we can think of this will help to find out.
for example at the top of this window for me it says ffxiah.com
Garuda.Chanti said: »
Cerberus.Eugene said: »
4/5 people in this thread don't know what they're talking about.
Actually that's pretty good odds for the internet. Problem is which 20% does know what they're talking about.
Bismarck.Dracondria said: »
I have Kaspersky and it works great
From what I have read about Kaspersky labs they are the only one who might go past the 99% that all other malware programs look at.
I might even pay for that one.
Sylph.Kawar said: »
OP when do you get the pop ups when your online or when your off line.
I'm only offline when my ISP farts.
The installing window pops up twice when I first start up and occasionally other times as well. At startup it lingers long enough for me to hit the cancel button, brief blink other times.
Spent today on IRS software instead of debugging. Not to worry, the machine I used for taxes hasn't been on since this started. Nor was another machine on my network on while I filed my taxes.
could check this registry key:
HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\run
and see what's starting when the system boots.
If it's profile specific (user) would be hkey\current_user same path. iirc
(luckily you're on XP)
or could run msconfig and check the startup program list, and the services (hide M$ ones typically) and google what's in the list, I typically turn off everything but A/V and Daemon tools, just because most of that doesn't need to run on startup, and I use DT enough to where I like the tray icon).
always make a backup of your registry, and create a restore point (system restore) before you fiddle, that way you can at least get windows back to it's current *** up state, instead of a worse state.
Honestly if you have a good time some afternoon (EDT) this week, hmu and I can teamviewer in and take a look, I need to do stuff to keep my mind off things.
Jetackuu said: »
could check this registry key:
HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\run
and see what's starting when the system boots.
If it's profile specific (user) would be hkey\current_user same path. iirc
(luckily you're on XP)
or could run msconfig and check the startup program list, and the services (hide M$ ones typically) and google what's in the list, I typically turn off everything but A/V and Daemon tools, just because most of that doesn't need to run on startup, and I use DT enough to where I like the tray icon).
always make a backup of your registry, and create a restore point (system restore) before you fiddle, that way you can at least get windows back to it's current *** up state, instead of a worse state.
Honestly if you have a good time some afternoon (EDT) this week, hmu and I can teamviewer in and take a look, I need to do stuff to keep my mind off things.
HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\run
and see what's starting when the system boots.
If it's profile specific (user) would be hkey\current_user same path. iirc
(luckily you're on XP)
or could run msconfig and check the startup program list, and the services (hide M$ ones typically) and google what's in the list, I typically turn off everything but A/V and Daemon tools, just because most of that doesn't need to run on startup, and I use DT enough to where I like the tray icon).
always make a backup of your registry, and create a restore point (system restore) before you fiddle, that way you can at least get windows back to it's current *** up state, instead of a worse state.
Honestly if you have a good time some afternoon (EDT) this week, hmu and I can teamviewer in and take a look, I need to do stuff to keep my mind off things.
Thanks Jet.
My computer skills / knowledge has a few blank spots. A BIG one is registry. Scary stuff. The things I don't understand from this post:
registry key - have an idea what it is, no idea how to check it.
teamviewer - this will let you look deep inside my machine?
Ran msconfig and checked the startup program list. Nothing there that isn't from system programs or something I installed. That was the easy one.
Now to try a few harder ones from this thread.
Like i said run the rootkit tool i told you to run then let me know if it find any thing rootkits can it depends how long it is on your system.It can hurt your system more then any thing and you may need a format if it gets to deep.
Garuda.Chanti said: »
Jetackuu said: »
could check this registry key:
HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\run
and see what's starting when the system boots.
If it's profile specific (user) would be hkey\current_user same path. iirc
(luckily you're on XP)
or could run msconfig and check the startup program list, and the services (hide M$ ones typically) and google what's in the list, I typically turn off everything but A/V and Daemon tools, just because most of that doesn't need to run on startup, and I use DT enough to where I like the tray icon).
always make a backup of your registry, and create a restore point (system restore) before you fiddle, that way you can at least get windows back to it's current *** up state, instead of a worse state.
Honestly if you have a good time some afternoon (EDT) this week, hmu and I can teamviewer in and take a look, I need to do stuff to keep my mind off things.
HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\run
and see what's starting when the system boots.
If it's profile specific (user) would be hkey\current_user same path. iirc
(luckily you're on XP)
or could run msconfig and check the startup program list, and the services (hide M$ ones typically) and google what's in the list, I typically turn off everything but A/V and Daemon tools, just because most of that doesn't need to run on startup, and I use DT enough to where I like the tray icon).
always make a backup of your registry, and create a restore point (system restore) before you fiddle, that way you can at least get windows back to it's current *** up state, instead of a worse state.
Honestly if you have a good time some afternoon (EDT) this week, hmu and I can teamviewer in and take a look, I need to do stuff to keep my mind off things.
Thanks Jet.
My computer skills / knowledge has a few blank spots. A BIG one is registry. Scary stuff. The things I don't understand from this post:
registry key - have an idea what it is, no idea how to check it.
teamviewer - this will let you look deep inside my machine?
Ran msconfig and checked the startup program list. Nothing there that isn't from system programs or something I installed. That was the easy one.
Now to try a few harder ones from this thread.
basically the windows registry is the backbone of the system, pretty much every little setting is stored there, instead of config files.
I'd say it's Window's greatest strength yet greatest weakness.
teamviwer, depending on the mode I'd just login and remote control the machine, if you're already logged in, then yeah I'd be able to look at anything you can look at.
hmm if it's not in msconfig I'm willing to bet (if it's a startup program) it's profile specific. Have you tried creating another user and logging in as it?
some screenshots would help by the way. (alt+printscrn)
there's a few ways you can go about looking at what processes are running and if any of them are malicious. I used to google running processes manually (started to remember which is which, and typically know if something is out of whack).
there are other ways: like scanners, or better task managers.
to each their own.
Sylph.Kawar said: »
download http://www.microsoft.com/en-us/download/details.aspx?id=16(32 bit)
This is going to take all day and part of the night.
Edit: "time elapsed: 06:50:xx" Looking at the bar maybe 65% done ....
There's a reason why that machine runs XP. Not up to Win7 specs....
Jetackuu said: »
basically the windows registry is the backbone of the system, pretty much every little setting is stored there, instead of config files.
Oh I have a good idea what it is. Too scary for me to mess with for one. So never having even opened my registry I don't know how to look for stuff in it.
Jetackuu said: »
hmm if it's not in msconfig I'm willing to bet (if it's a startup program) it's profile specific. Have you tried creating another user and logging in as it?
Not yet. And while that MS tool is scanning not today. Maybe not tomorrow. 3 hours, and not 1/5 done according to the little bar.
Jetackuu said: »
some screenshots would help by the way. (alt+printscrn)
That much I know how to do, but I have no online photo storing / sharing service. Indeed I don't which image format takes the least space.
Jetackuu said: »
to each their own.
My own was simply to not get infected. Worked for over two decades....
About that MS windows Malicious Software Removal Tool....
Time elapsed: 10:15:xx
Files infected: 0
Visually the bar is filled. I might be able to shut the machine down before I go to bed!
Edit: "No malicious software was detected." 10:22 PM PDT...
I guess its HijackThis and/or Kapwhatshisname's rootkit thingie tomorrow....
Again, thanks.
Time elapsed: 10:15:xx
Files infected: 0
Visually the bar is filled. I might be able to shut the machine down before I go to bed!
Edit: "No malicious software was detected." 10:22 PM PDT...
I guess its HijackThis and/or Kapwhatshisname's rootkit thingie tomorrow....
Again, thanks.
Jetackuu is probably the best way to potentially fix any problems, since you can pretty much set up msconfig to boot your computer as close to a new install as possible (only start up essential programs).
Outside of that not working, "if" it is a virus then outside of what ya tried already that rootkit tool may fix it but honestly if msconfig doesn't work when I had Xp, I'd just format.
That said, it could be something none-virus related. If it's windows trying to install something and erroring out it could be a faultly driver/usb device or lack of codecs in combination with that fact you need to be notified on installing anything ... but really it's just shots in the dark.
Anyway knowing what the installing window tells you or a screen shot would go along way. Also the names of the games it effects.
Quick tutorial for uploading screens Save as .Jpg use http://postimage.org/(no need to reg) and just post direct link.
Outside of that not working, "if" it is a virus then outside of what ya tried already that rootkit tool may fix it but honestly if msconfig doesn't work when I had Xp, I'd just format.
That said, it could be something none-virus related. If it's windows trying to install something and erroring out it could be a faultly driver/usb device or lack of codecs in combination with that fact you need to be notified on installing anything ... but really it's just shots in the dark.
Anyway knowing what the installing window tells you or a screen shot would go along way. Also the names of the games it effects.
Quick tutorial for uploading screens Save as .Jpg use http://postimage.org/(no need to reg) and just post direct link.
All FFXI content and images © 2002-2025 SQUARE ENIX CO., LTD. FINAL
FANTASY is a registered trademark of Square Enix Co., Ltd.