I keep getting my firewall turned off and it alerts me, then on my desktop I see this thing called ' Casino '

I have windows defender that runs daily but the ' Casino ' thing keeps coming back.

Probably from all this porn I look at :rolf but honestly I noticed it when I was watching a movie from megavideo something, it was from that site watch-movies.net

I was watching " Step Brothers "

Advice ?

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Free. Turn system restore off after your done and reboot. Works pretty good.

Download and install AdAware (http://www.download.com/Ad-Aware-2008/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5&cdlPid=10844457), Spybot Search & Destroy (http://www.safer-networking.org/en/download/index.html), HiJack (http://merijn.org/programs.php) This and AVG free antivirus (http://free.avg.com/ww.download?prd=afe). Run updates on all of the programs(except HiJack This) to get the latest definition files. Then restart the system in safe mode and run each of these programs. You can ru nthe program Josepy recomended too, no such thing as running too many. If there are any files or registry entries that these programs can't remove make a note of them and then attempt to remove them manually. Sometimes you have to boot off another OS to remove virus/malware files. After everything is removed run HiJack This and if you're comfortable with it, remove anything that shouldn't be there, otherwise post or PM the logs and I'll tell you what to remove. After you are confident everything is gone, make sure the computer is not connected to your internet (unplug the modem if necessary) and restart the computer into normal mode. This is important in case you didn't get everything it will prevent a massive repopulation.

Let us know how this goes and feel free to PM with any questions.

Sorry to steal your thread but... I too have a virus on my laptop. It's called svchost.exe. I looked it up and found that it is a pretty serious virus. I have run Spybot and Hijack but neither are finding svchost.exe. It's on the task manager everytime I start the computer. I looked up a procedure to get rid of it but no luck. Any other ideas? I've got to get that free anti-virus that was mentioned!

svchost is not a virus (necessarily). In fact, there should be several of them running.

Yes, svchost is a generic process that will always have at a least couple instances running, but it can also be exploited to run viruses. If you ran a virus and spyware scan and nothing was found you're probably fine. Is your computer misbehaving?

Yes, svchost is a generic process that will always have at a least couple instances running, but it can also be exploited to run viruses. If you ran a virus and spyware scan and nothing was found you're probably fine. Is your computer misbehaving?

it's seeming kinda slugish. theres a ballon that misteriously appeared thats always asking me to click to run a virus scan. all it does is take me to a link and i'm afraid to use the scan because I figure it'll just f*ck up my computer more.

Yeah, then do the same things I recommended further up. Sounds like you definitely have some sort of malware.

I posted twice

Steps to fix virtually all computer problems (hardware tests, spyware, virus, ect):

1. Download this:
http://isohunt.com/torrent_details/48353557/mri?tab=summary
If you can't figure out how to download the file, then you won't be able to figure out how to use it. It'll automatically weed out dumb people. This isn't a joke, it really works awesome. It's the software bestbuy uses.

2. Burn the MRI software to a blank cd.

3. Put in the cd and run it. You'll want to run "face". Click the lower right of the screen to use the new tempary start menu. It's under there.
It well 100% automatically:
-test every single hardware item.
-checks for temp files
-downloads the newest virius/spyware def's
-restarts the pc to do a full scan
-installs about 10 anti-malware programs
-runs them all and deletes all virius
-uninstalls all the programs it just installed (so you don't have sh!t everywhere)

4. Carefully click next through the "manual" screens. This is a summary and suggestions to fix other potential problems.

If you don't know what your doing: uncheck any of the login items. It'll say something like "business may use these for ligit reasons, but spyware also uses them. Uncheck all those items. Leave everything else alone. Simply click next and next and finish.

This process is amazing and something bestbuy charges $200 to do.

Wow... MRI 5.0? I didn't think it ever made it past 4.8.1
'Course when I worked for the 'Squad we didn't have all these fancy dancy tools... we had to do all this sh*t the hard way. :P

[Edit]
I'm going to take a look at this, and if it's anything like the old 4.8.1 I'll *HIGHLY* recommend that *EVERYONE* downloads this or a copy of the "Ultimate Boot CD" (google it). Because the first thing I do when I fix any computer is to run a memory diagnostic and a hard drive diagnostic (I use Memtest86+ and DFT). The reason being is because if either of these two components have a problem... you can compound the problems you already have by continuing to use a computer with bad memory or a bad hard drive.

Okay, so far it does look like it has the diag tools I mentioned (memtest86+ and DFT)... to get to them you need to boot to the MRI CD. To do that you either need to figure out if your computer is set up to boot from CD or not, or, you need to watch for a "Press F8 for boot menu" prompt or something when the computer first boots. A lot of times it's either F8, F10, or F12. Hitting that will allow you to select which device (CD, Floppy, Network, or Hard Drive) to boot from. If that doesn't come up, you need to go into your BIOS setup (usually by hitting <Delete> or <F2> when the computer first starts up). Then look for "Boot Sequence" or "Boot Devices" under the various menus. What you want to do is move the CD/DVD drive so that it is in a slot before the hard drive.

I should also mention that you need to be very careful with the MRI CD. It is meant for "trained" technicians. Yes, I'm using the term "trained" lightly here but you can seriously mess up your computer with this CD.

To use the "FACE" (Best Buy has a thing about acronyms) utility, put the MRI in your cd... then if it doesn't autorun, you need to open My Computer, and double click on the MRI 5.0.0 icon. If it still doesn't autostart (if your computer is really screwed up... autorun may not work) then right click on the MRI5.0.0 icon, hit explore, and look for the MRI.EXE (or just MRI) icon. Double click that and the MRI window will come up. Accept the agreement. In the bottom left (not bottom right) corner of the window you will see "Agent Toolbox" click on this and select Malware Tools>Core Scanners>FACE.

In the FACE window, click "Start FACE" in the upper left corner of the screen.
In the next window under "Mission Parameters" select "Preceint Agent". Under "Primary Boot Mode", select "(MRI PE) Automatic Restart". WARNING! I have seen the MRI auto restart mess up people's boot sequence before. So use automatic restart at your own risk. The manual restart option is safer, but you need to understand a little more about what you're doing. The last mode attempts to do the scanning without rebooting... it is probably the safest, but also may leave infections behind.
Finally click "Next".

If you selected the MRI PE (Auto Restart Mode) you can leave all of the selections alone in the next window. Hit "Next". The final window just shows you all of the selections you've made, so hit "Next" again and the process should start. The diagnostics + scans + removals can take anywhere from a few hours, to a day (possibly even more) depending on how fast your computer is, level of infection, etc.

Lastly let me mention that while this is a nice tool... it is by no means a guarantee that your system will be clean. There are many infections that can ONLY be removed manually. If you're really not sure about doing this, you might want to get in touch with me or one of the other people here on BCM that are comfortable taking care of this sort of thing.

Lastly let me mention that while this is a nice tool... it is by no means a guarantee that your system will be clean. There are many infections that can ONLY be removed manually. If you're really not sure about doing this, you might want to get in touch with me or one of the other people here on BCM that are comfortable taking care of this sort of thing.


Most important part of all threads.

Some virii/malware/spyware/rootkits are too new(or variants), and are undetectable.

I'm dealing with one now :]

Yep Wikked has been trying to fix my computer for a week.

About 50 instances of rundll32.exe pop up in the task manager after x minutes.

Ran avg, hijackthis, malware bytes, adaware, spybot search and destroy, and webroot spy sweeper.

None of them found/fixed it. Getting mad.

Well, I don't want to give away *all* of my secrets, but I'll give you two a push in the right direction. This is a technique that has worked for me with stubborn executable-based infections, but it requires small bit of know how.

Find yourself sysinternals process explorer... google it and run it. It should show you the target process of the rundll.exe. Make a note of the process. Assuming it's not something you need like a mouse driver, or whatever... there are some beneficial processes that use rundll so be careful. Now either reboot into safe mode and wipe that file, or use a program like killbox to kill the process and delete the file, or use PE Explorer to change the entrypoint of the process so it crashes on startup. If it's the same program being executed over and over, the last method will probably work the best.

^^^What he said

In a lot of cases you may not be able to delete the files, just boot up off a different OS (Windows PE CD/ XP Install CD/ different computer) and delete the files.

Oh and then boot back into safe mode and search the registry for those file names, then mark down any other references in the registry keys and search for those and delete everything. Of course only do this if you are familiar with modifying the Windows registry as you can screw things up quickly if you aren't.

Find yourself sysinternals process explorer...<snip> or use PE Explorer to change the entrypoint of the process so it crashes on startup. If it's the same program being executed over and over, the last method will probably work the best.

I've got that, and Killbox already, and I can't get rid of it, it just recreates itself, even in Safe Mode.
Never heard of PE Explorer though... I'll **** around with it :thumbsup

The other thing I've done is edited the offending program in memory using Hackman (a hex editor).