I Need Help!

[Sionnach Glic]

As I mentioned over in Forum Community, my laptop has been hit with a virus of some sort. Every time I connect to the internet, a .exe of some sort will try and start running. Norton, however, asks me each time whether or not I want to allow it to run, so I've been able to stop it doing anything (at least, I think I have).

Each time it tries to run, it's named something different. Names I remember off the top of my head are x68.exe, 2252.exe and F163.exe. Each time Norton says that the .exe is located in C:\Users\[Me]\AppData\Local\Temp. Looking through the folder this directed me through, I found what appears to be some sort of record of all the files I've been looking at via the internet. I ran an anti-virus check on the Temp folder twice (once when I first found the folder, a second time while the .exe was asking for permission to run), but it's turned up nothing.

So my question is this. Could I simply delete everything inside the Temp folder? Would that kill the virus, as it seems to be originating from there? Also, would deleting that stuff cause something bad to happen to my computer?

I've no idea about what the consequences of deleting all that stuff could be, since playing games, browsing the web and basic screwing around with the software is the extent of my knowledge of computers, so I'd really a response.

[Tyyr]

Nuking a temp folder isn't a big deal. At worst you'll have to wait for something to redownload from the websites. That said it's highly unlikely that deleting that file will actually ride you of the virus. Try downloading Malwarebytes anti-malware and running that. Norton is kinda meh when it comes to dealing with just emerging viruses.

[Sionnach Glic]

Yeah, Norton has left me thoroughly unimpressed. I guess it's a good thing I've never been hit with anything serious. I'll download that Malwarebytes thing, and see if that can help. Thanks.

Temp folder being nuked. Let's see if that does anything. I'm hoping it will. Given that the virus has consistantly asked for permission to be run, it doesn't strike me as an expert job, so maybe a simple solution will deal with it.

[Nutso]

Deleting the Temp folder will not remove the virus. The invasive spyware is likely hidden in the System Registry. Do what tyyr has suggested and download Malwarebytes. Run Norton in Safe Mode. Run Malwaybytes in Safe Mode. No networking in Safe Mode.

http://www.malwarebytes.org/

[Sionnach Glic]

What's the difference between safe mode and....whatever the default mode is?

And what do you mean by no networking in safe mode?

[Sionnach Glic]

Alright, I have Malwarebytes downloaded and doing a full scan of the C and D drives. I also restored the stuff I'd deleted out of the Temp folder to where it previously was in case that helps the scanner find it.

Also, I've nearly two fricken gigs worth of crap in the Temp folder. Once this virus is gone, I'm just going to blitz it anyway to make some space.

[Nutso]

What's the difference between safe mode and....whatever the default mode is?

And what do you mean by no networking in safe mode?

Safe Mode disables all external devices except for the keyboard and mouse. Basically nothing is running except the Operating System. I added the "no networking" thing in case you are asked to make a decision what kind of Safe Mode you want to enter. With only bare-bones programs running, there is a chance that the invasive program will be idle and Norton or Malwarebyte can delete anything that is a problem.

To enter Safe Mode, I have to boot-up the computer and when the Dell Stuff appears, I repeatedly tap F8. I don't know what you have to do for laptops.

How can i boot my laptop in safe mode?

[Nutso]

Alright, I have Malwarebytes downloaded and doing a full scan of the C and D drives. I also restored the stuff I'd deleted out of the Temp folder to where it previously was in case that helps the scanner find it.

Also, I've nearly two fricken gigs worth of crap in the Temp folder. Once this virus is gone, I'm just going to blitz it anyway to make some space.

You might have to turn off System Restore.

[Sionnach Glic]

Hm, alright. Thanks guys.

[Tyyr]

No problem.

Take it from someone who's had to clear out more than a few viruses. Do yourself a favor and create a hard drive partition with nothing but your OS on it. Store your programs and data in other hard drives or partitions. Then if you get a virus you nuke the OS partition and reload it. It typically takes less time to wipe the OS from a dedicated partition and reload it than it does to root out a virus.

[stitch626]

Also, I've nearly two fricken gigs worth of crap in the Temp folder. Once this virus is gone, I'm just going to blitz it anyway to make some space.

CCleaner can get rid of a lot of that.

[kostmayer]

CCleaner is an excellent little tool, though be sure not to download the main version, but the lean version thats buried on the website - doesnt try and instal nasty toolbars and whatnot.

[stitch626]

CCleaner is an excellent little tool, though be sure not to download the main version, but the lean version thats buried on the website - doesnt try and instal nasty toolbars and whatnot.

The way around that is simple, uncheck the toolbars when you install.