Spyware and/or virus hit my friends computer....need advice

He told me over the phone that he was getting a popup that kept saying, "Hello World." I asked him what did he do the last few hours and this is what he did.

1. He said he went to Symatec (?) and bought the anti-virus program from them. When he went to download it, he couldn't and that is when he started having these problems.

2. His Compaq desktop got really sluggish. When he hit control-alt-delete, it said that the function has been disabled by the administration. (He is at home and noone else uses it.) He said he didn't know anything about that and certiainly did not mess with any settings. He's guessing a virus/spyware changed that setting.

3. His DSL doesn't work anymore. Even though the modem wasn't touched and all the green lights are on that indicated service and power is good, it's not working. When IE or Firefox gets opened up, it says webpage cannot be found. (Google.com, dogpile.com, yahoo.com, and cnn.com)

4. On his taskbar, there are red icons with an X through it and balloon window tips that state, "Your computer is infected, please click here to purchase spyware blah, blah blah." When he clicked on it, another one showed up on the taskbar.

When I got to the computer, I uninstalled any spyware/malware program in the Add/Remove Programs. I then went to his startup and disabled everything that looked out of the ordinary. I ran a Virus scan with Grisoft AVG and it came back with a few things that I put in the vault or I healed them.

Here is the strange thing. When I double clicked on the Spybot program to install it, it wouldn't install. I tried installing another anti-spyware program and upon double-clicking the .exe, it wouldn't execute. It looked like it would for a split second then it would disappear. Apparently, whatever is in the computer is preventing it from being installed.

The computer is faster now but still sluggish from whatever parasite is left lurking on the harddrive. How do I find out what is causing the "Hello World" popup, the lack of Internet even though DSL is working fine from the hardware, and the fact that I cannot double click the Spybot program to install it and hopefully wipe away any spyware?

Any help would be appreciate. The computer is fast and should not be so **** slow. Specs on the computer are:

Compaq Computer
Intel P4 2.4
192 MB DDR memory
120 GB harddrive
128 MB GeForce


- Lighthammer

 

Hi, Lighthammer.

I expect this thread will be moved to the "Removing Spyware & Viruses" forum as that appears to be a more appropriate forum for resolving your problem.

I suggest you follow the instructions in this link to get started.

EDIT: By the way, if you have difficulty performing all the steps in those instructions (as your description indicates you already have with SpyBot Search & Destroy, no Internet, etc.), at least download HijackThis.ZIP with another computer and unzip the contents. Then get the extracted hijackthis.exe file into a folder on the infected computer's hard drive (perhaps via floppy disk, USB drive or whatever). Run HijackThis with the option to "Do a system scan and save a logfile ". (DO NOT TELL IT TO FIX ANYTHING.) Then paste the contents of that logfile here.

Once you have done that, edit the title of your original post (if you still can) to include "(HJT Log)" so the experts know you have a HijackThis log included.

 

These two symptoms indicate some malware without doubt. I'm thinking either SmithFraud\Zlob or Vundo. And it could be he DLed the Symantec from some rogue affiliate. I would ask him to see where the payment went on his credit card, and if it didn't go directly to Symantec, he needs to call his CC company immediately and have the payment refunded\refused based on the scam.

Try and ping some sites to see if you are indeed connected. It's possible there is a hosts file hijack preventing you from reaching any sites. Try and get a copy of HJT onto the system and get a log file.

And I'll be moving this over to spyware & viruses as Mailman guessed.

We'll be looking forward to see how you get things done.