GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Sound familiar? Well, the laptop isn't mine, but I'm trying to clean it up for a friend. I've gotten about 15 viruses and crap off of it so far, using Hitman Pro, Clamwin, and a lot of other malware/virus cleaning utilities. The computer is faster, there aren't as many annoying popups, but it will not let IE access the internet. I can ping a website, the built in wifi shows a connection to the net, but I simply cannot get on the internet.
If you have any idea what may be causing this, please let me know. All brainstorming/help/suggestions are welcome.
When cleaning malware, I typically follow this guide (that is, unless it's just easier to reinstall XP). There's a lot of tools like HiJackThis, CCleaner, etc that can help make sure you're clean and that the registry has been repaired/cleaned.
Did you try installing and using firefox? I'm curious if it's an IE specific problem. Also, is there a firewall installed that might be preventing IE from having an external connection?
Also, on XP, I typically install Startup CPL. It shows what things are starting at boot and you can just uncheck the box next to things to get them to stop loading. Sometimes that's a good way to stop malware from loading on boot.
And then opening task manager (CTRL+ALT+Delete) and then google each of the processes you don't recognize.
I would recommend starting with HiJack This. This will let you identify everything that is running in the system or is in the registry that could be a problem. Then, you work through the list to find the bad things, and google for solutions to removing them.
Blindly applying tools without consideration for exactly how a particular piece of malware assaults the system can quickly lead to an unbootable system.
The first thing I do is scanning the lap from a clean rescuecd boot (linux, of course) where I start a nfs or samba server to make the ntfs-3g r/w mounted system partition available for external scanners - clamav and avg for linux. That way rootkits can't hide malware, and I can clean system restore folders as well.
Of course, I may as well have a peek at the windows hosts file for cleaning that one as well.
Later on, after restarting windows, most probably there are remainders in the registry producing non-critical errors giving the hint which entry to remove or which directory to wipe completely. Often enough a sfc /scannow and doing a browser reset will fix the remaining problems.
I always try to convince users to use a non-admin account for mailing and surfing, install firefox and spybot s&d with teatimer active, if they don't have a proper anti-malware tool yet.
Sometimes they even agree to sacrifice part of the windows partition for at least a "emergency" linux install.
After all, moving personal files to a separate partition for easy reinstalls if necessary, is a good idea as well.
I take it that your friend runs it as an Administrator?
Uh huh. Don't spend too much time on it now because in a couple of days you'll be doing it all again.
I send the few relatives that don't listen to me to "Geek Squad," again and again and again until they finally get tired of paying all that money. Then they log-on as limited users, on a freshly installed and up-to-date XP, and their problems go away.
Oh, every now and then you'll see where a nefarious program splinters itself against the tough steel walls, but most virus-writers today have figured out how to make their programs "just go away" when they realize that the user isn't stupid after all.
Last edited by sundialsvcs; 11-03-2008 at 02:06 PM.
I take it that your friend runs it as an Administrator?
Uh huh. Don't spend too much time on it now because in a couple of days you'll be doing it all again.
I send the few relatives that don't listen to me to "Geek Squad," again and again and again until they finally get tired of paying all that money. Then they log-on as limited users, on a freshly installed and up-to-date XP, and their problems go away.
Oh, every now and then you'll see where a nefarious program splinters itself against the tough steel walls, but most virus-writers today have figured out how to make their programs "just go away" when they realize that the user isn't stupid after all.
Thats what I like to do, but people don't seem to want to loose their data, or, in that case, make backups. It's Dell so the Operating System cd is there along with drivers and utilities but they just won't let me clear it off and start again. Thats what I did for my parent's notebook a while ago. Password on Admin account, run in limited account. But no...
I found that one of the files mentioned by HiJack This tends to be related to the zlob trojan. So, I downloaded SpyHunter 3 Security Suite and had it scan. It found 21 of the Zlob trojan and 9 of the "Rogue.Virus Response Lab 2009". Problem is, you have to pay to have them removed. Know another utility that I can get rid of these with?
You should google for tools and instructions to remove the particular pieces of malware you find. Some of them will hook dlls and if removed incorrectly will leave you with a damaged registry and an unbootable system. In fact, if you can't bring your network up, that may mean that some piece of malware has hooked the tcpip stack and was then improperly removed. You might have a wonderful time fixing it.
Properly cleaning up a badly infested windows machine can take awhile, and requires you to be careful.
So you've discovered that you've been infected with Trojan.Zlob or other types of spyware. Now you want to manually remove it and prevent further damage to your computer. To remove Trojan.Zlob or other malware components, please follow the instructions below.
Note: This Trojan.Zlob manual removal process is difficult and you run the risk of destroying your computer. We highly recommend you use SpyHunter's malware scan.
Find and Stop Trojan.Zlob Processes:
nvctrl.exe
msmsgs.exe
Find and Unregister Trojan.Zlob DLL Files:
dtjby.dll
antzozc.dll
uimcu.dll
Find and Remove Trojan.Zlob registry values:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
You should google for tools and instructions to remove the particular pieces of malware you find. Some of them will hook dlls and if removed incorrectly will leave you with a damaged registry and an unbootable system. In fact, if you can't bring your network up, that may mean that some piece of malware has hooked the tcpip stack and was then improperly removed. You might have a wonderful time fixing it.
Hey Jim. What about a repair install in such a situation? I don't use Windows so much as I used to, but doesn't a repair install pretty much do a reset no matter how badly things are borked?
Hey Jim. What about a repair install in such a situation? I don't use Windows so much as I used to, but doesn't a repair install pretty much do a reset no matter how badly things are borked?
NEVER EVER try a repair install of Windows UNTIL AND UNLESS the system is COMPLETELY CLEANED UP, AND the filesystem is in good shape.
That registry is a real furball. Things are tied together all over the place in there and it is a real serious single point of failure. If the system is not clean (meaning "uninfected") to begin with, you have no idea at all what you'll have after doing the repair install. But more than likely it won't be what you expected or wanted.
So you've discovered that you've been infected with Trojan.Zlob or other types of spyware. Now you want to manually remove it and prevent further damage to your computer. To remove Trojan.Zlob or other malware components, please follow the instructions below.
Note: This Trojan.Zlob manual removal process is difficult and you run the risk of destroying your computer. We highly recommend you use SpyHunter's malware scan.
Find and Stop Trojan.Zlob Processes:
nvctrl.exe
msmsgs.exe
Find and Unregister Trojan.Zlob DLL Files:
dtjby.dll
antzozc.dll
uimcu.dll
Find and Remove Trojan.Zlob registry values:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
This looks like a very helpful and accurate post. I just have one problem. I've learned all of my computer knowledge in Linux, not Windows. When I used windows, i was just a user, a plain old gamer. I have no idea how to mess around with the inner workings of the XP operating system. Deleting files and all is easy enough, but where to find .dll files, and how to "unregister" them, I have no idea. Could you possibly provide more specifics as to how I should go about doing this?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.