Computer help

H

Heisman 98

25+ Posts
For those of you who have had the misfortune to have a nasty virus on your computer, I need to hear some words of wisdom.

My computer picked up a virus and I've gotten the scanners to clear off most of the nasty and obvious files, but at startup, my computer automatically starts internet explorer and sends it to a porn site.

I think the problem is in the win.ini file, but can access that file to delete the bad code. The virus also removed the ability of the computer to uninstall internet explorer which would help remove any files there that also keep redirecting my browser to porn sites.

Any suggestions would be GREATLY appreciated.

One file it keeps putting on my computer is mszx23.exe
 
Do you have the following programs installed?

Adaware
Spybot
SpywareBlaster
SpywareGuard
MS AntiSpyware

Also, do you know specifically which virus you had? Aside from normal scanning and cleaning, Symantec usually offers free downloadable tools to remove specific viruses.

In reply to:
Click to expand...
 
go 2 start...run...type in "msconfig" go to startup and look for anything suspicious and uncheck em see if that fixes the problem.
 
Download and install one of the spyware programs listed above. My IE got all funked up last year because I was using Kazaa, which is infested with spyware programs. My IE would do the same thing -- open up all kinds of pop-ups (usually porn) when I used that browser (which I rarely did).
 
Had the spyware programs and the MS one is the best of the lot thus far.

I had already used the msconfig function to discover where the bad code is, but even though I can see the insertion of the virus command into the startup command list, I can't actually get to the file to erase the command and it keeps creating that damn mszx file even after I have erased it several times.

I am sure that part of the virus is lodged in my internet explorer as well. This is now exceedingly frustrating, trying to type this reply while having to pause to close pop up porn windows.

Any more advice? I have had Bit Defender, McAfee, Trend Micro services, and one other on line scanner look at the computer, but now they are all saying my computer is clean even though I am still being redirected to porn sites.

Sheesh.
 
I did a little Googling and it looks like that file (mszx32.dll / mszx32.exe) is related to CoolWebSearch. CWShredder may do the trick.

Again, what is the name of the virus? You should probably try Symantec's removal tool if nothing else has worked.
 
Tried all of the suggestions and this virus still is on the computer. I had to delete IExplorer off the computer and use the basic file explorer window to access the internet.

The popups have stopped, but the computer still blanks out for 5 seconds when the virus tries to activate IExplorer which doesn't exist on the computer anymore.

Very frustrating. Any more suggestions are greatly appreciated.
 
I'm not sure I see the problem here. You're computer is looking for porn by itself? Sounds good to me.
biggrin.gif


Go to the microsoft page and try their spyware beta program.
 
Once you get something like that on your computer, there is no good way to get rid of it. I always tell people that they are going to spend more time trying to figure out what it on their computer and how to get it off than they would spend saving what they need so they can format the drive clean and reinstall everything from scratch. There is just no way to be sure that you get rid of everything that needs to be taken off. Even if you aren't noticing symptoms anymore, there is all kinds of stuff that is usually changed in the registry and other places that will slow your computer down. My best advice is to whipe the drive clean and start from scratch with it.
 
If you manually deleted IE off your computer, you might as well reformat now.

Did you try Symantec's virus removal tool? Note that this is separate from Norton Antivirus. You still haven't said what virus it was.
 
You tried spysweeper? That one costs money.. it usually cleans everything off for me.. also make sure windows restore is off b/c the spyware could be lurking in a restore point.
 
Tried the Microsoft program and it detects the files that the virus creates (TIBS.exe, MSZX23.exe, etc.) but even after I remove files and delete their startup from the registry (cool to know how to do that, by the way), there is another file that is recreating those files and their command lines in the registry (thankfully in the same place each time). I see the following processes always running now when I turn on the computer:

lsass.exe
crcss.exe

which I cannot account for in my list of programs.

I am going to try freezing those processes with the process monitor and see if that allows me to then delete the mszx23 and tibs.exe files which are always listed as "cannot delete file" because an active process is using them, even in safe mode! No virus name is ever given to me other than for the two files above and the Trojan viruses they create. There appears to be one more program that I haven't been able to ID and destroy.

I would love to just reformat my computer, but I have 7 years worth of medical and other educational files and programs on the computer as well as a number of high quality movies and original research papers I have written in the past that I cannot easily move without significant headaches and cost.

Do any of those files above sound familiar to anyone?

Thanks for all of your recommendations thus far.
 
lsass.exe is a good guy

crcss.exe is not:

The Link

Here's a handy reference page that identifies and explains many (but not all) task list programs, good or bad:

The Link
 
You must log in or register to reply here.

Weekly Prediction Contest

* Predict HORNS-AGGIES *
Sat, Nov 30 • 6:30 PM on ABC

Recent Threads

Prediction Results Threads

2024 Schedules

Back
Top