Hello all, I'm back for tech support again :) My family member, who I spoke about last week in a tech question, has called again. Basically, he got infected by no less than 10 virus' that the scanner picked up. With the help of some folks on here, I managed to get him back up and running (or so I thought).

I have installed Firefox and he's using that as his exclusive browser. However, the problem he tells me he has is that he'll go to valid sites and they will "time out" and display that in the browser. However, if he hits refresh after that, the page will come up. It doesn't happen on every site, and it appears to be a valid compliant rather than him just happening to be trying to get to site's who's servers are busy or down.

Anyone know where to even start looking to try and figure out the hit and miss behavior of the browser and internet connections? He's connected via Verizon DSL, and he's got FIOS on order, but they won't come install it until he resolves his issues.

Any ideas?

Oh, forgot to add, it's XP home.

Your help is greatly appreciated!

I won't dive in too deep because I am not qualified but, I did stay in a Holiday Inn . . . . Oh wait:

I did just recover LOML's machine. The bugger she had picked up was your typical lame-o 'run the CPU to 100%' type of deal. This will lead to many symptoms like: browser timeouts, printer timeouts, whatever timeouts. As long as the system is busy doing nothing and only spares a few cycles every so often to serve your requested task, these distracting symptoms can occur.

Open Task Manager and look at your CPU utilization. If it is pegged, look at your processes to try to isolate the issue. The 'gift' LOML picked up would falsely report Processes as utilizing zero CPU . . . . all Processes were at zero; that was the giveaway. HTH, good luck.

Thanks, I haven't seen the CPU pegged and there seems to be processes listed and the CPU % changes, so hopefully that's not it.

Originally, I tried using System Restore, and I tried to take it back to the first day he got this computer (a couple of weeks ago). It wouldn't restore to any date, which obviously to me, means the virus he had was corrupting that process, so it couldn't be used.

All scanners say it's clean now, but I think it left a path of destruction that's causing all these little quirks, but what do I know? Just my gut feeling.

Goto http://www.Malwarebytes.org and download their free software. Run the install program and then update the software, reboot and run the program using full scan. Let it complete and do what it wants to do by following the prompts. This program gets almost everything, I have had a few that nothing else would touch that this got rid of effortlessly. Good luck.

What kind of "security software" is he running?

I have found several issues like this with Norton Internet Security and others where they cause a time out for a lot of websites. It has to do with "referer" headers (that's how its really spelled). Many websites now use a separate server for images and the security software chokes on it.

He's running AVG on it.

Thanks for the malware link. I'll give that a try tomorrow, along with all other recommendations.

Thanks, wish me luck.

You might consider just reloading the OS as well.

Without clearing the virus out of it reloading the OS will just end in the same result. Infected. He would have to wipe the drive first, then it would work.

Good point--that's the only way I ever do OS loads, but obviously not the only possible way.

OK, AVG doesn't cause any problems that I'm aware of. You might ask him if he sees "Loading l.ying.com" in the lower left corner of the browser's status bar on the bottom. Its a common "off-site" server for images on web pages. I have had problems with Firefox loading sites that link in their images. Seems to work much faster in Google's Chrome or Internet Explorer.

There are also a couple of "troublesome" add-ons for Firefox that can slow it down. The LinkedIn add-on has been implicated as causing some sites to load very slowly, and the de.lic.io.us add-on has created some loading problems (as well as weird behavior with the address bar not accepting "enter" as input).

You might also try removing and re-installing Firefox. I have had database corruption issues with Firefox that caused it to load very slowly (Ad-Aware also has occasional database issues; reinstalling it fixes it as well).

Hello all, I'm back for tech support again :) My family member, who I spoke about last week in a tech question, has called again. Basically, he got infected by no less than 10 virus' that the scanner picked up. With the help of some folks on here, I managed to get him back up and running (or so I thought).
Anyone know where to even start looking to try and figure out the hit and miss behavior of the browser and internet connections? He's connected via Verizon DSL, and he's got FIOS on order, but they won't come install it until he resolves his issues.


Your help is greatly appreciated!
What do you mean when you say "the scanner picked up 10 virus"? Download and run "spybot" and lavasoft 'adaware" to clean out the computer.

Sorry, I didn't phrase that well. The virus scanner found 10, not picked up 10. There are no add ons for Firefox installed. These are people who don't really understand the entire "internet" thing so much, so they don't do anything but open a few websites and email people. So no power using going on.

I believe it all started with a pop up ad that told them they had a virus on their machine and it needed to be removed. That's part two of it. Part one is that they had an old computer before this and they took the hard drive out and put it in the new computer as a slave. However, it had several virus' on it as well. So it's multiple issues. I have unplugged that drive completely, so it's off the radar screen. Only reason they wanted it was it had about 10 files on it they wanted, so I just moved them over and unplugged the old drive.

I'm heading over there this morning, so we'll take a whack at it.

Thanks again!

Sorry, I didn't phrase that well. The virus scanner found 10, not picked up 10. There are no add ons for Firefox installed. These are people who don't really understand the entire "internet" thing so much, so they don't do anything but open a few websites and email people. So no power using going on.

I believe it all started with a pop up ad that told them they had a virus on their machine and it needed to be removed. That's part two of it. Part one is that they had an old computer before this and they took the hard drive out and put it in the new computer as a slave. However, it had several virus' on it as well. So it's multiple issues. I have unplugged that drive completely, so it's off the radar screen. Only reason they wanted it was it had about 10 files on it they wanted, so I just moved them over and unplugged the old drive.

I'm heading over there this morning, so we'll take a whack at it.

Thanks again!

Spybot works well in my opinion for finding stuff.

I had what sounds like that same pop up. It takes over the computer. You can't even shut the browser down. Basically forces you to download and pay for their software, if you fall for it. I'll quote an email response I got from them in a moment.
Download and use this software. It is a free version. I got this link from a computer forum, and it worked for me. http://www.superantispyware.com/ After updating the library and running, I bet you will see it ask you to restart the computer so it can safely run a specific scan on the, can't remember the section. It finds stuff in the resident memory (if that is the right term) that keeps this thing loading everytime you start the computer. It has worked great for me.
Now the letter I got from the company. It is in response to me asking them to give me the information on how to uninstall the malware (their program) that was on my computer:
Hello, Jim O'Dell!
Our programm refuses to uninstall and send messages for you, because it has found in your system really dangerous(!) viruses and malware. We highly recommend you to purchase a license for our product or any other product that is able to remove these threaths that are invisible to the most part of systems.
Internet Antivirus Pro finds out the big number of invisible viruses which are not found out almost by any of products known to us. Except for, probably, Avira AntiVir and NOD32.

Thank you for contacting us.
Internet Antivirus Pro Support Team.

Does anyone else notice anything a little odd with this. I won't repeat what I replied to them :eek:, but I did ask how to contact their corporate lawyer. :D Haven't heard back from them...hmmmm...I wonder why? Maybe I need to fire off another email. :p Jim.

Well.....no such luck....

Downloaded the malwarebytes program listed above, adaware as well (on another machine), and took it over there. Adaware ran and came up with removed some stuff, malware program wouldn't run. We went to google and I noticed something. He wasn't having a connectivity problem, if you hovered over every google result, it showed the address go.google.com as the beginning of every single search when you hovered over it. If you actually typed in the address you wanted, then it came up.

Good progress, at least we know it's a virus with a name now. Searched the internet for that (on my phone), found a few things to try. Nothing worked. Seems that virus actually disables all virus scanners, all updates, and any malware programs.

Found a way to disable to a function in the device manager that was for all Non-plug and play devices. Disabled that and it allowed everything to run. However, it would find all the bad stuff but would completely lock up when it was told to remove them.

Finally went into safe mode and was able to remove it all. Then went back in normal mode, ran it again, they were back.

Went back into safe mode, searched, found zero. So it seems to see non in safe mode, but sees some in non-safe mode that it won't delete.

Wanted to give spybot a try, but ran out of time and it had highjacked firefox as well, so I had no way to get the file from sitting at his computer.

I've fought a few of these things for people in the past, and this baby is a tough one.

If anyone has additional ideas, I'm all ears :)

Punt...

Reformat. Several times. And then rebuild. There are a few of these things, especially those from the so-called "you have a virus" pop-ups that are darn hard to remove without nuking the machine.

Jim's solution may be faster than the manual removal instructions. My mother got nabbed with "Internet Antivirus Pro", and among the several step by step removal procedures, the one at this link (http://www.2-spyware.com/remove-internet-antivirus-pro.html) did work. But it took about 2 hours to do. I also didn't have luck with the "malwarebytes" application.

I'm a PC guy, but for people like this, a Mac might be a better solution.

I can't help with this specific problem, but I thought I would tell about one of my experiences in case it could help someone.

I am running AVG free version on my computer. I still think it is a good antivirus program, but there have been a couple of occasions when I picked up an unwanted bug of some kind, and AVG did not stop it or even recognize that it was there.

One of the viruses my computer picked up was something called System Secuity. My son was using the computer, clicking on lots of unfamiliar websites when it popped up. This virus disguises itself as an antivirus program, with popups every 5 - 20 seconds warning you to upgrade to the full version using the excuse that another program is trying to steal your credit card numbers. I saw on this forum in another discussion someone had recommended Malwarebytes, so I dowloaded it. I had to run it 3 times, but it did find and remove all of the virus. It brought up a warning screen several times saying that removing the infected file could cause problems because it was in the system registry, but I clicked on the ok button and the computer wasn't harmed as far as I know.

I don't pick up viruses very often because I don't open emails that I don't recognize, and I rarely visit websites that I don't know anything about.

Go figure, he doesn't have the OS discs. Apparently the "person" who built it for him didn't give him those.

Funny you mention the Mac. I had recommended they buy them, the wife said "do it", and he husband said "I'll have someone fix me up one instead". Needless to say, in the background the whole time I have been there, I have heard nothing but "I told you to go to the apple store, but you wouldn't listen" :)

If I have to rebuild, I think I'll just put Linux on it. I've already got Firefox and Thunderbird installed and they are using them, so switching over to Linux, they probably won't even know. All they use it for us internet and emails, so it would probably be a good solution for them, with less hassles.

Punt...

Reformat. Several times. And then rebuild. There are a few of these things, especially those from the so-called "you have a virus" pop-ups that are darn hard to remove without nuking the machine.

Probably the only way to get rid of the virus is to reformat and re-install. Ubuntu is free to download and relatively easy to learn and use if you don't want to go with an MS product.

Charles, that's exactly the distribution I plan to use if we need it. I downloaded it on a bootable CD about a year ago and I use it every so often just to play around with it. I really like it and think the average person wouldn't have any clue they weren't using a MS product if you didn't tell them.

Alrighty then.....back for more help! I haven't had too much time to go over and work on the system, but I finally made it through a couple of steps and I'm back :)

Ran about every conceivable spy and malware program I could find. Finally, when run, non of them detect anything now.

However, when I try and launch Firefox, it shows as a process in Task Manager, but nothing happens. If I try to open Thunderbird, same thing, IE, same thing. They all show as processes, but non of them open.

Any ideas on what's missing that's common to them all that might be causing this? Or any ideas on where to start diagnosing this?

Thanks!

I was incorrect in my first post, this is XP Pro, not Home.