[louist]

I was on googld and I went to a site that needed active X so I clicked ok to install in. After I clicked on the active X it did something to my computer and I think put a virus on it. I have tried diffenent Avti viruses to detect anything but they can't find it. Ever since then my computer is acting a lot slower and it doesn't seem right. Is there any way to see if it really is a virus or anything I can do to my computer to stop being so sluggish now? I have tried windows defender, Kaspersky, Panda, and I don't know what to do from here. Is there any one that can help me with this at all. I would appreciate some advice. Thanks

[mphenterprises]

Hi Louist. First, I have changed your Discussion title to give a clearer indication of your question. For future reference, please be as descriptive as possible in both the heading of your Discussion as well as the post itself.

Now, I have some questions for you:

- Can you be more specific as to how sluggish the computer is performing? What exactly is affected?

- What website did you go to when this all started?

- Have you tried to do a System Restore to revert your computer back to how it was prior to you visiting this website?

- Are the security applications you listed the only applications you have?

- Have you tried to run these applications within Safe Mode?

[louist]

When my computer starts up it is much slower than it used to be and instead of waiting 5 sec. for a program to open now it takes like 40 seconds. It also takes a long time for Example if I have explore open and I try opening Itunes or another program it will frees for about 30 second and then take another 30 second for the application to poop up.

The website I visited was genesimmonssecret.com and it took me somewhere else that said you need active X to view this page/ video.

I did do a system restore and it took care of the advertisement that kept pooping up every time I gooded something in. Say I would google cameras and it would take me to all of these porn sites on google instead. After I restored my computer that is when it started acting slow but the advertisemnet on porn sties went away. I don't look up porn for this reason so I don't understand why my Kasperky security didn't block this.

The security application are the ones that I have but I don't have them all on my computer just kasperky and windows defender.

About safer mode, I talked to a guy at work and he suggested starting my computer in safe mode and running a virus scan while I'm in safe mode. I have not tried this yet but I was am going to try it as soon as I get home.

Was this enough information?

[mphenterprises]

louist said:

When my computer starts up it is much slower than it used to be and instead of waiting 5 sec. for a program to open now it takes like 40 seconds. It also takes a long time for Example if I have explore open and I try opening Itunes or another program it will frees for about 30 second and then take another 30 second for the application to poop up.


The website I visited was genesimmonssecret.com and it took me somewhere else that said you need active X to view this page/ video.


I did do a system restore and it took care of the advertisement that kept pooping up every time I gooded something in. Say I would google cameras and it would take me to all of these porn sites on google instead. After I restored my computer that is when it started acting slow but the advertisemnet on porn sties went away. I don't look up porn for this reason so I don't understand why my Kasperky security didn't block this.


The security application are the ones that I have but I don't have them all on my computer just kasperky and windows defender.


About safer mode, I talked to a guy at work and he suggested starting my computer in safe mode and running a virus scan while I'm in safe mode. I have not tried this yet but I was am going to try it as soon as I get home.


Was this enough information?

Yes, that was perfect, thank you. :D

Well, your friend is absolutely correct. If you run those security scans within Safe Mode, whatever potential malicious file that may be in your computer will not get a chance to activate. Now, running Kapersky and Windows Defender may not be enough to protect you. Before you enter Safe Mode to run scans, please download these applications:

AVG Anti-Virus

SuperAnti-Spyware

Additionally, I am not exactly sure what you mean by "...I would google cameras and it would take me to all of these porn sites on google instead." but I believe that whatever malicious file(s) you have in your computer will be detected once you run the security scans in Safe Mode.

Regarding the long start-up time. There are two things you can do. First, check your Add-Remove Programs Utility and uninstall any applications that you either do not use or do not remember installing.

Second, click Start and then Run. enter msconfig in the Run field and press Enter. This will open up the System Configuration Utility. Click on the Startup tab. Scroll down the list and remove the check mark from any startup process that you do not recognize. If you are not comfortable with this step, feel free to post the entries listed on the far left and side and we can guide you as to which should absolutely be checked.

[SpiritWind]

Hi Louist :



Since you have Kaspersky ( SPECIFICALLY, What is the name of the program ? ), I definitely recommend you NOT put AVG Antivirus on your computer, since 2 such programs can cause "conflicts", resulting in possible additional problems . And when it comes to getting "SUPERAntiSpyware". make sure you get the "FREE" Version .

You experienced what is called an "Active X Drive-by download", which usually puts very bad "malware" on a computer. Anytime you click on a link on a Google "Search" page and your computer is taken to a Site Other than the One listed in the "Search", get OFF that Site as soon as possible ! When it comes to using the "Search" on Google, I highly recommend you follow the Advice by antiSPYWARE Expert Eric Howes at www.spywarewarrior.com/rogue_anti-spyware.htm#google .

In a Situation like yours, it would be best to ask for Help on the Kaspersky Support Forums at [http://forum.kaspersky.com/] , probable either their "Virus-related issues" forum and/or their "Protection for Home Users" forum .

[louist]

I downloaded the spyware that you told me to and I ran my Anit virus and my spyware in safe mode. My anti virus found one trojan and my spyware found about 37 different spyware files. My computer seems to be working a little better but if I get any error messages or notice anything else I guess I will contact you for some more advice. Thanks for all the help.

I do have another question. A guy at my told told me that I should reload windows about every 16 months so it can refresh itself. If this is true is there a simple way to do this? I am a little familiar with computers but I have never had to so this.

[SpiritWind]

:D Hi :


I have had my computer for 4 years and have NEVER "reloaded" the Operating System or felt a need to

do so ; however, I have run a "CheckDisk" of my Win XP OS computer and there is INFO on HOW to do

that at www.updatexp.com/windows[uxp[/u]chkdsk.html] . I also practise safe "surfing" and have lots

of FREE and GOOD security programs on my computer . SPECIFICALLY, WHICH antiVIRUS program do

you have "running" on your computer ?

Do you "Defrag" your computer at least once every 6 months ? Do you run the "Disk CleanUp" Utility that

is part of your Operating System ?

[louist]

Yes, I do all the regular system clean ups such as Disk cleanup, deleting temperary Internet files, and difragging my system weekly. I just started using Kaspersky Internet Security and I like how is works and how is doesn't slow down my system so far. The security part updates every hour instead of everyday which is a plus on keeping up to date.

I resently has a Trojan, Trojan.Win32.Delf,bav, and I couldn't find any history about this virus so I didn't know if it was a new one or what, but it was making my computer act really slow when it came to loadin programs and starting the Internet Browser. I tried and tried to find the virus and nothing seemed to work for me but I started my computer in safe mode and ran a virus scan and if found the file and removed it. My last option was to wipe everything out but I have never had to do that. I bought a PC repair book on how to do it but I don't understand on how to download the driver and everything after a reload everything. A guy I work with runs his own computer business and he suggested reloading windows every 16 months and it will keep windows running so sluggish for future use.

[mphenterprises]

louist said:

A guy at my told told me that I should reload windows about every 16 months so it can refresh itself. If this is true is there a simple way to do this? I am a > little familiar with computers but I have never had to so this.

SpiritWind said:

>
>

Quote

I have had my computer for 4 years and have NEVER "reloaded" the Operating System or felt a need to do so

>
>



Hi Louist. I am glad that you computer seems a bit better at this time. Definitely let us know if you have any other problems. Now, regarding your question, technically reinstalling Windows does refresh the Operating System; however, I second Spirit's statement. If your Operating System is performing as it should, there is absolutely no reason to do a reinstallation just for the sake of it. Granted, if you are running into one issue after another, that may be a good idea.

Personally, I have only had to do a reinstallation of Windows XP twice. The last time was just recently when I switched over to a Dual Operating System. The only reason I reinstalled Windows XP was just to give me a clean slate since I also installed Windows Vista. Your friend's suggestion, even though technically correct, is very premature and is not really worth the hassle in the long run....again, unless your computer is acting extremely flaky.

[louist]

Ok that sound good! Right now my computer is acting great before everything happened. I have had my HP for about 2 years now and I have never ran into a problem with anything. Your advice has helped me a lot and again I appreciate your help.

[mphenterprises]

With pleasure. :D If there is anything else that we can help you with, please post and let us know.

[SpiritWind]

Hi Louist :



I am quite familar with the "Delf" Infection; it can be a very complex piece of malware and have heard it

can "contain" up to 3 trojans AND 3 rootkits ; it is possible that your Kaspersky MAY have detected only

a "part" of this and it would be wise to use a a special program that has been developed to combat SOME
"versions" of this located at kil.exe .

A "Microsoft Most Valuable Professional" had this to say :

"The way Delf infections work is that they have a rootkit service entry that protects a DLL. In turn, the DLL protects the rootkit. These will be invisible to Windows APIs and invisible to tools that depend on them, such as REGEDIT. There can be multiple DLLs and multiple rootkit entries, each providing some measure of stealth and removal challenges to each other in a symbiotic relationship.
In the main, Delf will employ userland rootkits, rather than kernel mode rootkits. You need to find and kill the rootkit services. Then go back and remove the now unprotected DLLs.
You can expect that Delf will defeat most rootkit detector utilities. They will not see the rootkits, or if they see them they will be unable to remove them. The current Delf infections are usually from China, and you can expect a lot of tedious work with such utilities as Ice Sword or Dark Spy to remove the rootkit entries, if it is even possible in Normal modes of Windows. With some newer variants you will need to use a WinPE environment, or even Recovery Console, and delete the rootkits manually. This is somewhat challenging as their filenames will change on every restart of the computer. "

I quoted the above so you would be aware of the possible seriousness of having "Delf" on a computer;

IF my "Delfkil" program finds nothing, I recommend you visit the Support Forum ( aumha.net ) where

that Microsoft Most Valuable Professional provides FREE Services and let them run a couple of

"speciality programs" to see IF they find anything; better to be safe than sorry, especially since "Delf"

MAY steal passwords, etc .

[louist]

How is that win32delfkil.exe file download supposed to work? Your not giving me something that is going to affect my computer are you? When I clicked on it and it run it brought me to this weird screen and ask me to hit any key to continue. Then it just rebooted my system. Is that was it is supposed to do?

[SpiritWind]

:D Hi :


The Delfkil program was developed by a Malware Fighter


to be used under limited circumstances and most likely will detect nothing . Even though I do NOT have


any "Delf" on my computer, I just finished running it and experienced the same as you. However, when I


clicked on the "Delfkil" link, I chose to "Open" the program/file and went from there; IF you "Saved" the


program, you should now go to your "Add or Remove Programs" section of your computer and uninstall it .


I assume when you ran it that it detected nothing !?

[Evildave]

I like 'AVG Free' & 'Spybot Search & Destroy', myself. You can also try going back to a 'snapshot' before you got infected as a quicker fix.

And now for a little late and unsolicited advice, probably already clear to you with 20/20 hindsight:

Don't install an 'ActiveX' plugin. Don't use ActiveX, EVER.

Be selective of ANY plugin or setup package that you are considering installing. Stop and think whether the game or cartoon or toy or whatever you're going to download it for is really worth having exactly what you described happen to your PC again. Think whether you can find the same thing somewhere SAFER.

ActiveX is a MAJOR security weakness in Microsoft's mess.

Basically, from day one ActiveX said, "Hey random stranger in a foreign land, do whatever you like with my PC!"

Microsoft added enough security through a long series of versions and patches so that now it says, "Hey random stranger in a foreign land, do what you like with my PC if I dismiss an annoying pop-up dialog that I don't understand, that can be disabled with a quick registry tweak!"

All in all, don't use Microsoft's browser or mail clients, EVER. Most research and development of security exploits for malware goes into them, and since Microsoft just can't stop adding new half-baked 'features', the count of exploitable bugs never goes down.

Use Firefox or Opera or some other web browser, and a web mail service like gmail that has excellent spam, phishing and virus detection on the server side of the equation (gmail notifier will also send 'mailto' links to the web interface if you want). And then don't open attachments that you're not explicitly expecting.

If you have a newer PC with hardware 'Data Execution Protection' (DEP), make sure it's turned on for all applications (you can make exceptions for buggy applications that break as a result). This will 'cure' your most common stack overflow/underflow exploits across the board.