endofreak Posted March 18, 2005 Report Share Posted March 18, 2005 My mum is having a bit of trouble with her computer at home at the minute. I have tryed to run the Virus scanner ( AVG 7 ), but it closes instantly. Task manager also closes as quick as you open it. If you try to visit grisoft or any anti virus type websites it takes you to the BBC website or just closes IE for some reason. Has anyone heard of a virus that does similiar things as mentioned above? If so, do you know a way of removing it? Quote Link to comment Share on other sites More sharing options...
benno Posted March 18, 2005 Report Share Posted March 18, 2005 The Fatso worm does things like that, I know it prevented my PC from running any anti-spyware programs. Has she tried trend micro housecall? (free online virus scan, also removes the viruses.) housecall.trendmicro.com hope i can help :P ben :o Quote Link to comment Share on other sites More sharing options...
Interested Posted March 18, 2005 Report Share Posted March 18, 2005 (edited) I had it last week on this laptop everything kept shutting down on me ,no hotmail or messanger either ,any site with antivirus on it shut down,it took over norton and disabled it ,even a thread with help in the title it shuts down IE ,i ran adware and it fixed it for me ,norton started working and i ran that to..Its fine now :o I tried AVG it shut down i got the ad adware from here tell her to try it . http://www.tech-forums.net/downloads.php run this to http://www.microsoft.com/security/malwarer...efault.mspx#run since I had that last week,I've checked everything. Edited March 18, 2005 by Interested Quote Link to comment Share on other sites More sharing options...
rhythm_101 Posted March 18, 2005 Report Share Posted March 18, 2005 i've got the b*****d, it was sent to me over MSN, cant get onto any anti-spyware websites, its shit :P i'll try your links :P :o Quote Link to comment Share on other sites More sharing options...
Interested Posted March 18, 2005 Report Share Posted March 18, 2005 Its bloody clever what ever it is, it stops you going on any sites that can help you,that link for the ad adware above was the only link i could click on without IE SHUTTING DOWN.I used one comp for going on computer forums asking for help,then had go on the infected laptop to try stuff out. I tried read a thread on here when i had it ,the thread was titled 'mobile help' ,soon as i clicked on it ,IE shut down :P Sooooooooooo glad its gone :o ( I also think i got it over MSN ,Couldn't use MSN or hotmail at all). Quote Link to comment Share on other sites More sharing options...
monkey_pork Posted March 18, 2005 Report Share Posted March 18, 2005 The reason you can't get into any of the website you mention is because the virus writes an entry in your PC's hosts file. The hosts file is a plain text file that is used by your PC as it's kinda first place to look to resolve any DNS stuff. The virus adds an entry like this: 127.0.0.1 symantec.com 127.0.0.1 kaspersky.com - and so on working it's way down the list of have sites ... 127.0.0.1 is the machines 'loopback' address. I'll skip the details, but it's the machines own 'internal' address, so anything that looks at 127.0.0.1 won't find anything (unless you are running DNS and HTTPd services on your own machine, that allow access via 127.0.0.1, in which case you'll know all this stuff anyway ...). It works like this (this is a bit overly-simplified, but the principles are sound): 1. You type www.google.com into your browser address bar. 2. Your machine looks at it's host file to see if it can resolve the name into the ip address (which in this case is 66.102.11.104 - you can put that into your address bar and see for yourselves - don't put www.66.102 etc, just use the number). 3. Unless you have listed '66.102.11.104 google.com' in your hosts file your PC then looks to your ISP to resolve the address (via a process called DNS 'Domain Name Server' - like a kinda #yellow pages' I guess). 4. If the address you typed in is on the hosts file at '127.0.0.1' your machine tries to fetch the page from itself - which it can't do of course as it doesn't exist there. (With the unlikely exception above of course). 5. If it's not listed on the hosts file, your ISP will route you off to the page, and away you go. Now, you could use the hosts file to list all the sites you go to, but it's not worth it - that's why DNS servers exist. You'll be right in thinking that if you delete the 127.0.0.1 avsite.com from your hosts file, you'd be able to access the page - but there are additional steps to take too, such as killing the viruses running processes (in case it rewites the hosts file), and making sure that if you need to reboot, as opposed to restarting the browser that the virus doesn't trigger a new instance and undo what you have done. The IE closing is not a hosts file issue - that'll be one of the machine services being killed by the virus - MSSasser & MSBlaster were 'good' examples of how killing a service could bring unpatched machines down. Best bet - Run Windows update automatically to patch the holes to start with, learn about how to avoid infections on line, and get decent have and decent anti-spyware packages. Stay safe out there ! :o Quote Link to comment Share on other sites More sharing options...
Tomm Posted March 18, 2005 Report Share Posted March 18, 2005 :P (Geek :P :P ) Emoticon-O-Rama :o Quote Link to comment Share on other sites More sharing options...
monkey_pork Posted March 19, 2005 Report Share Posted March 19, 2005 :P (Geek :P :P ) Emoticon-O-Rama :o ← Err, yeah, sorry, I kinda got carried away trying to be helpful :P" I deal with this stuff on a daily basis, and as knowledge is power, I thought I share the love... "Some day this war's gonna end". This is one of the ways. Quote Link to comment Share on other sites More sharing options...
endofreak Posted March 19, 2005 Author Report Share Posted March 19, 2005 Thankyou for the help everybody, it is very much appreciated. I haven't had a chance to go to my mum's to try anything yet, but I did find out from her that when she starts up the computer, the very first thing to load up is a text file titled " Larissa you muppet ". I searched for the above in Google and found out that the Virus is called W32/Sumom-C. Should hopefully be able to get rid of this thing pretty soon. (Y) Thanks again. Quote Link to comment Share on other sites More sharing options...
monkey_pork Posted March 20, 2005 Report Share Posted March 20, 2005 "Some day this war's gonna end". This is one of the ways. ← ... and this is another. Looks like they are drying up naturally now too ... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.