Worm help needed - please!

redmandarin

I've just returned from holiday to find that my sister-in-law (who was looking after my cat) has been using my pc and (according to her stressed and not very coherent version of events) she clicked on a link, on "I'm bored.com" and then what looked like a Windows dialogue box popped up, saying something about a worm and offering options to fix it. She panicked, thought it could be a scam and switched off the dialogue box and the site, she closed down the other sites that were open and a few minutes later, she turned the internet off.

Apparently the Windows dialogue box stated our correct location and the right number of users (2) for my pc, so it looks like it was genuine - but she turned it off!

Needless to say, I'm not at all happy about this and I need to try and find out what it was, so it can be fixed. I'm currently using a friend's pc (but only for a short time) as I'm afraid to use my home pc or connect it to the internet.

I'm on Windows XP version 6 and I've got Zonelabs Firewall installed. I've run CC, AVG Antivirus, Anti root, adaware and nothing showed up! How would I know if I've got a worm and would the firewall have stopped it?

Please can anyone help? I'm not very technical, so I'd be grateful any practical advice (simply stated please). Thanks.

Browntoa

just follow steps 1 to 4 of this thread

http://forums.moneysavingexpert.com/showthread.html?t=133269

will root out any nasties

looks complicated but print out the instructions so you can follow them when not connected to the internet. there are links to all the software , but from what you say it sounds clean if none of the above had shown any infection

redmandarin

Thanks Browntoa for your kind and speedy reply.

I'll follow steps 1 and 4 (Ewido and Defender). I have CrapCleaner and AdAware installed already, but your detailed info on the options to select within them is helpful - thanks.

Hopefully this will sort out the problem - fingers crossed!

Cheers!

redmandarin

Hi, I'm currently using my PC to follow the steps suggested by Browntoa, but I've encountered a problem. This is how far I've got: I backed up my docs and photos and installed XP Service Pack 1a and Ewido Security Suite. I've already got Zone Alarm firewall and AVG Anti-virus installed, so I followed the instructions and unactivated Ewido Anti-spyware resident shield and also its automatic updates (and I unchecked "start with Windows") to use Ewido as a stand alone scanner.

However, when I tried to manually update the Ewido Anti-spyware, as instructed, it stated " Error: Sorry the server is not ready to serve. Please try again later". I then tried to manually update with Ewido full database installer, but it states: "Ewido anti-malware could not be found on your system".

Please can someone help? Thanks a lot.

dounome

I dont think ewido do the anti spyware any more, it was taken over by avg antispyware. This can be found on http://free.grisoft.com/doc/1

superscaper

Also you should be on Service pack 2. Make sure you have all the windows updates. http://www.windowsupdate.com

redmandarin

Thanks dounome and superscraper for your help. I thought I needed to install SP1 because that's what it said in Step 1 of the malware sticky, but I've just checked using the Microsoft update link and it says that SP2 has been installed on my PC - so I must have installed SP2 today without realising it! I'm quite new to all this, as you can see!

My apologies - I should have said that I also installed AVG Anti-Spyware - I know it's been re-branded, I just called it Ewido because that's was how it was referred to in the sticky.

I've just tried again to the install udates for the AVG Anti-Spyware and it was successful this time (hurray!). I'm now at the start of page 2 (of 5) of the malware sticky print out instructions, so I might have it completed by the autumn!:D I've a sneaking suspicion that this won't be the last time I'll need to post on this one!

Thanks for all your support guys!

nanana_2

Hi redmandarin

looks like you're being looked after but I'll just throw in a little support for your sister in law. As she/you describe it i'd say it looked ANYTHING BUT GENUINE and her actions were spot on.

The fact that it stated your location (well your ISP's anyway) and # of users is simple to do and is just designed to make it "look" official.

If she'd clicked yes, you'd more than likely have "got worms"

superscaper

nanana wrote: »

Hi redmandarin

looks like you're being looked after but I'll just throw in a little support for your sister in law. As she/you describe it i'd say it looked ANYTHING BUT GENUINE and her actions were spot on.

The fact that it stated your location (well your ISP's anyway) and # of users is simple to do and is just designed to make it "look" official.

If she'd clicked yes, you'd more than likely have "got worms"

Exactly right. Unless you are specifically using an online scanner at the time NEVER trust any warning from a pop up. If it was a genuine warning from your antivirus software there would be no need for it to mention your location. Your sister-in-law while maybe panicked it was definitely a good thing she didn't click on anything.

redmandarin

Hi nanana and superscraper! Thanks a lot - great advice guys! :T

We did wonder if the windows dialogue box was fake, (that's why she turned it off, just in case) but neither of us had enough experience to know for sure! But I'm now learning fast - thanks to the fab help I'm getting here!

redmandarin

Hi guys, I've installed all the malware removal software, as instructed in the first part of the malware removal sticky. Now I need to disable system restore, boot into safe mode and run the malware removal scans, but I've hit a problem at the bit, below:

You will need to disable system restore, boot into safe mode, scan for the problem and finally re-enable system restore.

For Windows XP:

1: Right click on the My Computer icon on your desktop and select properties.
2: Click on the system restore tab.
3: Check the box that says "Turn off system restore on all drives". Click OK.
4: Click Yes when you are prompted to restart the computer
5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

At point 3, I was offered one option: "turn off system restore" (it didn't say "all drives") so I checked the box and clicked OK, (not apply and OK). A dialogue box popped up and asked if I was sure I wanted to turn it off and I clicked Yes. At step 4, I wasn't prompted to restart the computer (and nothing else happened). Is it ok to just turn off the computer now and re-boot it in safe mode? Can anyone help please?