Help! (computer problem)

I was doing my daily virus checks with my ad-aware program yesterday when something bad happened. In ad-aware there is a list on the side that says what has been infected. Usually it only comes up with cookies which categorized under infeceted “files”. Well what happened today was that it came up with 1 infected Module. Then 5 seconds later, my computer restarted on its own. That was odd i thought, so after it booted it up this message came up (see picture below).

I tried to scan again, and then stop the scan right after the infected module came up. I went to delete it and it called it something that started with a V. vertroude or something. I couldnt tell because my compter restarted itself again. Does anyone what the problem is?

It does sound like it could be caused by a virus or spyware/adware. As far as I know, ad-aware is a spyware/adware removal application, and will not detect viruses. I would suggest getting hold of a virus checker (either buy one or use one of the free ones like AVG) and scanning your system with that.

It’s worth seeing if anything suspicious is running at startup (look in the startup folder on the programs menu and in HKLM/Software/Microsoft/Windows/Current Version/Run in the registry and look up anything you don’t recognise as safe on the web). You can also see what’s running at startup by running msconfig from the Start->Run box or from a DOS prompt. Some bits of spyware or viruses are not easy to remove automatically and involve booting into safe mode to delete them manually, but if you find out what nasties are running it shouldn’t be hard to find a fix on the web.

To help avoid some of the older nasties like the Blaster Worm (which reboots the system like you describe) you need to make sure you keep Windows up to date with patches through Windows Updates. It’s also a good idea to use a firewall.

If there’s not too much installed on your system it’s sometimes quicker to reinstall it from scratch than it is to try to solve the problem, but I would start by checking what’s running at startup and running a virus scan.

Good luck.

Rob

my computer does have a firewall, and i did scan it with an AVG free edition while i was at church. Nothing came up. It only comes up on the adaware. Where the red arrow is pointing (i couldnt get a scrn shot off the actual thing because my computer restarts to quickly), to modules is where a red 1 pops up by the zero. I hit the next button by the blue arrow to see what the problem was but it restarted to quickly for me to see it. all i could see was that it started with a V.

How would i get rid of it manually?

Simple solution: download, burn, reboot.

What is it? I went to download it and noticed it was 672 mb and i was just wondering what it is/does.

thanks.

Kubuntu is a version of Linux (unix-based operating system) that will boot from a CD. Apart from the old Linux/Windows “my OS is better than yours” battle, I’m not sure what Gilby is getting at. If it will read the NTFS drive partition (I’m assuming you’re running Windows XP from the screenshots) it could be useful in that you could clean up any problems on the Windows drive without it rebooting all the time, but I’ve got a feeling it can’t read NTFS (Linux fans feel free to correct me if I’m wrong here :))

I think Kubuntu does include a web browser and possibly some other basic applications that can run straight off the CD, so you could temporarily carry on using the computer for web surfing and other simple tasks without fixing the Windows (perhaps that’s what Gilby meant).

Anyway, without knowing what the problem is it’s hard to know how to fix it. Does adaware create a log file that you could look at to see what the bad file was?

Otherwise I reckon the best approach is to look for suspicious things running at startup (use msconfig is the easiest way).

Rob

Thats the problem. I just tried to use the adaware again. When it is scanning local memory the infected module comes up. i stopped the scan and looked at the logfile and i think it said the infected thing was a virtumodo but then it restarted. I dont have enough time to look at the log file before it restarts itself. I start the scan and within 5 seconds the computer turns itself off when it finds the infected module. It said it had a TAC rating of 10, a normal cookie has a TAC rating of 3 i think.

Actually, I was just joking about that. If you think the spyware thing that was found is causing the reboot, try a different aware remover program. Or similar to my earlier recommendation, you could make a bootable BartPE Ultimate Boot Disk, which has many recovery tools on it and run the aware removers and virus scanners from the boot cd. This will ensure that any malware isn’t trying to disabe any remover software from working.

Does it only reboot when you run the adaware scan or does it do it all the time? Like Gilby says, you could try a different spyware killer program (try Spybot from www.safer-networking.org/en/download/ ), or use the boot disc he suggested.

What I meant by “not knowing what the problem is” is that we can’t tell what specific malware is on your system because you couldn’t see the error message for long enough to read it. Adaware might create a log file that you could look at afterwards to see what the bad file is. If you can find out what it is, there is a good chance that a quick web search will find a solution.

Have you tried seeing what is running at startup? That may give us some clues.

Rob

When I had a recent browser hi-jack problem, someone on this forum recomended That Computer Guy’s Help Forums.
Those guys are amazing and I was up and running in no time with all the baddies removed from the machine.
Present company excluded, that’s got to be the friendliest place on the internet.

Sorry for not being specific. It only reboots when i use the adaware scan. I scanned with Spypot search and Destroy, and with AVG free edition and neither of them detected infected module that comes up with the adaware.

I went onto the site that GILD posted and went to the Read this First post and did everything it said with changing the stuff to make it a custom scan. When i scanned again, the scan lasted about 10 seconds instead of 5 and it found 2 infected modules, and then restarted it self. I think im going to boot my computer into safe mode (how do i do that?) and then run it again. If that doesnt work ill see whats running at start up.

What is a computer module, the thing that keeps becoming infected? If i am ever able to get through the whole scan without restarting it, is something my computer needs or can i delete it?

Thanks.

Alright i went into safe mode and ran Spybot Search & Destroy. No problems came up. Then I ran Ad-aware SE personnal. Heres what happened.

  1. Opened up Ad-aware SE
  2. I clicked on “full system scan” and then started scanning
  3. The first thing it scanned was the local memory, and boom the infected module came up again.
  4. The computer kept scanning, and a few seconds later a second infected module came up.
  5. Then the computer restarted itself after only scanning about 500 things out of a total of over 100,000.

The safe mode didnt work for me. Now, somehow i restored the computer into 4 yours earlier today.

Thanks Gild. I made a hijackthis log and posted in computer guy forum you gave me a link too. Im just waiting for someone to repost what the problem is.

You’ll probably have to do this a couple of times and also download a couple of other (freeware) scanners and stuff. Those guys will talk you thru the whole process.
After dealing with them once, I can’t believe they’re doing all this for ‘free’.

Good luck, and let us know how it turns out.

rofl, ive been looking for a new distro of linux, im getting sick of FC4… thx for the linkage!

oh and… if you cant fix it, well u can… go ot cmd and type “deltree C:”… no dont… maybe reinstall ur OS

well someone replied with a very detailed list of instructions. I have a Double Vundo Infection.

and if you computer dies you can always do this
(its a movie)

That sounds pretty serious.
Is it fixable?

There’s a remover for the Vundo trojan here: