Got a virus :/

[Russian Mafia]

So, I fell for a scam. I tried to open an exe but it turned into a zip and then my windows explorer froze and stopped working now I just have black screen. I restarted my computer in safe mode and noticed a file called "Zombie" was on the desktop. (When the computer starts my documents window pops-up and I navigated from there). I deleted the folder and scanned my "system32" folder and found nothing, the screen is still black when I start and I get my documents folder open (I navigated to Firefox and opened it to write this). So glorious Halflife2.net, what do I do now?

 

[Raziaar]

What I'd do in this situation, but only because I'm hardcore, is back up anything important I could in safe mode, and then reformat my computer. I reformat my computer so much it's routine for me. If I can't feel confident in my ability to rid myself of a virus(which I haven't gotten in years), I just reformat and make sure its formatted good and well.

I wouldn't take my advice just yet though. Wait for others to respond.

What was the name of the file you opened? I wonder if the zombie file indicates in any way that your computer has been compromised to be used as a zombie computer.

 

[DEATHMASTER]

scan w/spy sweeper or one of the results under "free online scan"

 

[Laivasse]

FIGHT THE BASTARD! Heh, Raziaar has a point, in that no matter how well you deal with this thing you never know how deeply it infected you or whether you're left witha rootkit or not. Now could be a good time to back up anything important.

Having said that, it's always fun to try and regain control and feel triumphant when it feels like the tide is finally turning and you've got the best of whatever shitware's invaded you.

SO if you want to take it on head on:

1) Firstly, if you can access any of your antivirus in Safe Mode, give it a whirl. There's very little chance that any AV will clean you completely at this point, but it might help a little.

2) Download hijackthis, do a system scan and save a log file.

3) Using hijackthis, delete any registry entries you KNOW to be suspicious and new. Don't just go deleting entries without being certain, because that's a fine way to screw up your comp even worse. If you can't tell what's suspicious and what's not, post the log file on some tech forum online (or here, if you're really desperate) and someone with some tech knowledge (or a HL2-netter, alternatively ) can try to advise. Make a note of any exe or dll files these shitty entries point to.

4) Having deleted those suspicious entries, reboot straight into safe mode. Scan with your AV, and go hunting for any exe's or dll's which were previously trying to become active on start up.

5) Also have a look at your system32 folder yourself, order by 'last modified' and try to isolate anything that popped up at exactly the time you got screwed. If there's anything which looks like a bastard, check it's properties and see if it's a Microsoft signed file - if it is, then it's fine. If it isn't, then that doesn't necessarily mean it shouldn't be there, but if you have enough confidence in doing so just delete them. This is another fine way to screw up your comp, but sod it, what's the worst that can happen... Another thing worth doing is using windows to search your local drives for any exe's and dll's which were modified/created in the last day - check the times on them and judge them in the same manner.

6) Reboot, see what happens. If you are still screwed with no improvement whatsoever then IDK. If things are a bit better and you have a bit more control of things, then try some more stuff to complete the cleansing process. Download Process Explorer from here, and use it to kill anything still running which is suspicious. Delete the respective exe's/dll's manually if you can. Run Hijackthis again and check the state of play of your registry. Download Rootkit Revealer here and check yourself out - deleting these can be a bit more troublesome, however, so look for the step by step information online if necessary. Then give yourself a good hard scan with the online scanner at www.kaspersky.com/ to more or less finish up.

If any of that worked, then your comp is still more than likely full of broken bits of malicious junk, but you may just have saved yourself the necessity of formatting.

ALTERNATIVELY TO EVERYTHING I POSTED: Read and follow this guide here to try and remove whatever's got you. It's a more comprehensive guide than my rough and ready one. It also focusses more on what you can do with Process Explorer. Anyway, those are the basics. Gluck.

 

[Russian Mafia]

I'm going with the reformat. Should I reinstall Vista (It's pirated, but has been working since March)? Or should I go with the XP Professional x64 that came with the comp? I don't have anything important to back-up, and my 1TB external hard drive won't come in the mail until after the Orange Box is released, so I'll just start everything anew.

 

[Acepilotf14]

System Restore?

 

[Russian Mafia]

Thanks for your insights, everyone, I have reformatted with XP and am now in the process of getting all my important programs back.

 

[CyberPitz]

I'd reformat, but I don't have any way to reinstall XP. Lost my only copy to reinstall...really don't feel like buying it, though

 

[Raziaar]

I'd reformat, but I don't have any way to reinstall XP. Lost my only copy to reinstall...really don't feel like buying it, though

Good thing I have 3 copies. From buying new computers over the years. Though to be fair, two belong to my brother.