PDA

View Full Version : Weird Virus



crosscountry
2007-Nov-08, 11:11 PM
I'm not sure if I have a virus or not. Nothing seems to be damaged on my computer, but it is acting weird.


So, "My Documents" is set to read only. This means I cannot save or edit anything even photos and put them in that folder or any other Windows starts with. So, "My Photos" My videos, My Music all seem to be write protected. I can open everything and see it, but no editing.


It is so strange. My desktop and other folders I created allow me to use them, but windows folders not.


Any ideas on what is going on? Thanks in advance.

JohnBStone
2007-Nov-08, 11:25 PM
Most likely the bios settings got changed somehow - do the bios setting thing during boot - DEL or whatever and reset

Possibly jumper settings on the hard drive, but unlikely

crosscountry
2007-Nov-09, 12:03 AM
it's a laptop,and I've never taken any components out nor gone into the BIOS



I built my other computers and know everything in them, but this one was purchased. It's over a year old and no problems up till now.


one other odd thing is that occasionally my browser will open and a page comes asking to update some programs I don't have.

here is a link to that page (http://home3.ca.com/STContent/UpgradeCenter/license_inactive.aspx?sc_lang=en-US)

it seems harmless - but of course there is a warning.

Neverfly
2007-Nov-09, 12:11 AM
What type of anti-virus anti-spyware are you using?

Neverfly
2007-Nov-09, 12:12 AM
http://home3.ca.com/Microsoft/Default.aspx?sc_lang=en-US
http://www.google.com/search?hl=en&q=ca+antivirus

I'm not getting any hits that it is illegitimate...

Neverfly
2007-Nov-09, 12:15 AM
Does that program show up on Add/Remove list?
If so, remove it.

Also you might want to do a registry sweep for ca antivirus. Delete all registry keys governing its behavior.

Run something like Lexicon RegScrub and Spybot Search and Destroy and AdAware.

You might also try www.Ewido.net (Now owned by AVG) and try that product.

crosscountry
2007-Nov-09, 12:22 AM
I'm not running any programs other than 2 firewalls. It's been good till now.

and the ca stuff doesn't show up on my list of programs.


I'll run the anti-spyware then see from there.

crosscountry
2007-Nov-09, 12:23 AM
Does that program show up on Add/Remove list?
If so, remove it.

Also you might want to do a registry sweep for ca antivirus. Delete all registry keys governing its behavior.

Run something like Lexicon RegScrub and Spybot Search and Destroy and AdAware.

You might also try www.Ewido.net (Now owned by AVG) and try that product.



where can I find a registry sweep?

Neverfly
2007-Nov-09, 12:30 AM
where can I find a registry sweep?

http://www.majorgeeks.com/Lexun_RegScrubXP_d2048.html
I typed Lexicon. I was thinking funny. I meant Lexun:p

Also, WinPatrol and Spybot Search and Destroy's Tea Timer offer registry change protection.

That is- if something tries to change your registry or add itself to your Start up list- they alert you to it first.

When in doubt- DENY!

On Major Geeks, you can also find HDCleaner- I use- prefer it to C Cleaner.
It comes in German, but an english version is available.
It has some really great controls, options, features and anti-spy tweaks.
like Spybot S&D it offers a file shredder too.

All of these are free.
No I don't work for the company.

crosscountry
2007-Nov-09, 01:19 AM
man, you're taking this way more seriously than I would. I haven't even backed up my computer yet. Don't want to start stirring up trouble.

Neverfly
2007-Nov-09, 01:21 AM
man, you're taking this way more seriously than I would. I haven't even backed up my computer yet. Don't want to start stirring up trouble.

:neutral:

crosscountry
2007-Nov-09, 01:36 AM
sorry. I ran Ad-Aware and the RegScrub. They of course found a few hundred things, and I deleted those things.


The problem still exists though.



Neverfly thanks for your help. I do appreciate you taking the time to go through this when I asked for your help.

Thank You.

Neverfly
2007-Nov-09, 02:14 AM
You never answered as to whether or not the program is listed in Add/Remove programs...


The review (http://reviews.cnet.com/internet-security-and-firewall/ca-antivirus-2007/4505-3667_7-32136372.html) of the product is not flattering.


So, "My Documents" is set to read only. This means I cannot save or edit anything even photos and put them in that folder or any other Windows starts with. So, "My Photos" My videos, My Music all seem to be write protected. I can open everything and see it, but no editing.

Haven't gotten to this part yet:p Or have you given up?

crosscountry
2007-Nov-09, 02:32 AM
and the ca stuff doesn't show up on my list of programs.





AVG hasn't found anything yet either - still scanning.

Van Rijn
2007-Nov-09, 07:07 AM
I'm not sure if I have a virus or not. Nothing seems to be damaged on my computer, but it is acting weird.


So, "My Documents" is set to read only. This means I cannot save or edit anything even photos and put them in that folder or any other Windows starts with. So, "My Photos" My videos, My Music all seem to be write protected. I can open everything and see it, but no editing.


It is so strange. My desktop and other folders I created allow me to use them, but windows folders not.


Any ideas on what is going on? Thanks in advance.

A few questions:

What version of Windows is this?

By "Windows folders" do you mean that "My Documents" is under the Windows directory?

If you try to save a new file you can't do that? Or is it just updates to existing files you can't save?

Generally, if you can't edit existing files, it's because the read only attribute for the files is set on. You can clear that by an "attrib -r" in a DOS or CMD window. I'm not aware of anything that wouldn't let you save new files in the folder, except maybe severe disk space problems (which would probably be pretty obvious anyway) or a messed up file structure. XP (if this is XP) appears to ignore read only attributes on directories, but not individual files.

Jeff Root
2007-Nov-09, 09:19 AM
It sounds like what would happen if you copied the "My Documents"
folder to a CD-ROM, then copied the folder back to the hard drive.
Everything would have the "Read Only" attribute set.

-- Jeff, in Minneapolis

crosscountry
2007-Nov-09, 02:39 PM
you guys are correct on some part. every time I check the "read only" attribute is set.


I bought this computer 15 months ago and this is the first time I had this problem. Of course I copied data over from the other computer, but it was on a network I made.

and by windows folder I mean any folder which windows created. If windows assigns a folder it is "read only" any folder i create (except in folders that windows created) is still useable.


And believe me, I have undone the "read only" attribute many times. It comes back immediately.

Moose
2007-Nov-09, 02:52 PM
Sounds like Windows System Restore again. It's supposed to keep a backup of a successful system state and restore it if anything makes an unauthorized change. The problem is that it's very easy for malware to get into the backup.

I had to clean a XP (first flight) system where the user had been trying to delete a virus, only to have it reappear on every reboot. Before I discovered System Restore's role in this, I deleted the virus, then "touched" a file with the same name. (I just renamed a notepad text file.) I did this on the hypothesis that whatever was replacing the virus might not be doing the full CRC check and only looking to see if the dll "existed". It worked.

The short answer is: try turning off Windows System Restore. You can get it by going into your partition properties (my computer, right click on the drive letter, select properties), and reverse the tick-box that says to allow system restore to work on that drive.

Reboot, then undo the read-only attribute for the folder. You can then turn the system restore tick-box back on if you want that feature. I never do.

mike alexander
2007-Nov-09, 02:52 PM
Have you run a disk scan for bad sectors? I had some total wierdness in an old computer last summer that I finally traced to a bad sector/corrupted file problem.

crosscountry
2007-Nov-09, 03:22 PM
I will do both of those things. Thanks.

jja
2007-Nov-09, 03:29 PM
This page about file ownership in XP (http://www.askdavetaylor.com/why_is_everything_in_my_documents_marked_read_only .html) seems to relate to your problem.

Edited to add: This page on system tags (http://www.windowsitpro.com/Articles/ArticleID/24940/24940.html?Ad=1) has a workaround, which involves editing the registry. (start/run/"regedit.exe"). I suggest you back up the registry before trying it (from the program, registry/export, then select "all" as the export range).

crosscountry
2007-Nov-09, 07:08 PM
Thanks guys for all of your help. I still have the problem though.


This page about file ownership in XP (http://www.askdavetaylor.com/why_is_everything_in_my_documents_marked_read_only .html) seems to relate to your problem.

Edited to add: This page on system tags (http://www.windowsitpro.com/Articles/ArticleID/24940/24940.html?Ad=1) has a workaround, which involves editing the registry. (start/run/"regedit.exe"). I suggest you back up the registry before trying it (from the program, registry/export, then select "all" as the export range).


I tried those things, but this computer doesn't have the "security" tab under properties. There is supposed to be an option to give you that tab, but the option in "folder options" doesn't exist either.


So, I need to change something to permit another change, but neither is there. What next?

crosscountry
2007-Nov-09, 07:39 PM
AWSOME. It seems to be working now!!!


I had to boot in safe mode and got the security tab and followed the instructions.


Thanks so much for all of your help!!!

Moose
2007-Nov-09, 07:43 PM
Were you using an administrator account to change those attributes?

crosscountry
2007-Nov-09, 07:45 PM
I had administrator privdgles, but for some reason it wouldn't let me make the changes I wanted.




I may have spoken too soon. It seems now some things were fixed but not all

crosscountry
2007-Nov-09, 08:58 PM
ok, my desktop is clean now (those things I couldn't save in my documents had to go somewhere) and I think I am clear of all this.


jja's links solved my problem. Thanks again.

Van Rijn
2007-Nov-09, 09:22 PM
And believe me, I have undone the "read only" attribute many times. It comes back immediately.

So it was security issues. As a note, "read only" on the "My Documents" directory is normal in XP. That attribute on a folder is generally ignored by utilities. On a file it's a different matter.

jja
2007-Nov-10, 02:49 PM
jja's links solved my problem. Thanks again.
You're welcome. Glad to help!