Author Topic: I think I have a virus :( (Read 1485 times)

blaman · September 03, 2009, 12:53:41 AM

I think I have a virus. :(
If I do, I'm pretty sure I've found it and it's sitting right in front of me ready to be squashed. But I don't really know.

Why I think I have a virus?
Well, I started my laptop today and surfed the forums a bit. Then played some StarportGE. After about an hour, windows shut down because of a fatal error. I booted back up thinking nothing of it. After another 30 minutes it did the same. This time, thinking there may be something going on, I tried to boot up in safe mode. Of course windows failed so I booted to the last known good configuration and attempted to run SpyBot: S&D. It tried to start but soon after froze so I tried again, and again. To no avail. By this point I was getting annoyed so I ran RunAlyzer and checked all of the start up directories and stuff and found a group of files that caught my eye. They all started with "YUR" followed by a number and some have a letter, so I did a search on the one at the top of the list: "YUR9D.exe". According to multiple sites and "experts" it's almost always associated with malware and is considered a threat. So I'm kind of worried and I literally have my finger on the delete button on the top right corner of my keyboard. I just thought I'd post this here and get some opinions before I go trigger happy with the delete button.

What should I do? D:

Ad Bot · Advertisement

Sabbin · September 03, 2009, 12:56:12 AM

Quote from: blaman on September 03, 2009, 12:53:41 AM

What should I do? D:

Stop Downloading research.

And that antivirus software might've helped.

AGlass0fMilk · September 03, 2009, 12:56:32 AM

Delete that stuff?

I searched it and every one of my results had "Can't get rid of Virus" or "Virus blah blah blah"

Caution · September 03, 2009, 12:57:17 AM

If Windows crashed multiple times, you probably have a virus. It's always nice to have more than one antivirus system because some will catch things others won't, maybe even if the infected file is in one of the scanners.

Delete the files if you Googled and got that from a trustworthy site.

Sabbin · September 03, 2009, 12:58:30 AM

Is AVAST good by itself?

blaman · September 03, 2009, 12:59:34 AM

Alright, deleting them. If my laptop forgets itself over though, I'll be a sad little boy. :(

Wait, just noticed it can't hurt to delete them. They don't have "microsoft corporation" stamped all over them. Not even a signature. It must be foreign.

Edit: BAM, AND THE DIRT IS GONE!
Going to do a cold boot now and see if anythings new.

Caution · September 03, 2009, 01:02:46 AM

I've never even heard of AVAST.

My dad buys yearly subscriptions to AVG, and downloaded WindowsCare V2 and SB:S&D. I run WC every night because it won't auto-scan, and AVG runs automatically late at night. I run SB about every week.

I'm starting to think my sister got a virus on mine again, it's a fake security system. It says you have a bunch of infected things on your desktop but it's a phony program. You have to buy it to fix it, so it says, but it is really just a virus.

Plus, AVG notifies you with Google when a site is unsafe, and alerts you before every install or any internet connection outside of Firefox or Internet Explorer. It's nice to know if you're downloading something without even knowing it.

blaman · September 03, 2009, 01:11:48 AM

The cold boot is done.
I just checked RunAlyzer, they're back... No doubt in my mind it's a virus now.
I think I know why, I forgot to delete them out of another directory, causing them to just copy over because it seems to have dug itself into the start-up directories.

I've cleared every mention of it on my entire system. 1 more cold boot.

AGlass0fMilk · September 03, 2009, 01:15:16 AM

Keep us informed.

Run a lot of scans, and check hidden files.

Regulith · September 03, 2009, 01:18:04 AM

Lingo check: What's a cold boot?

Chrono · September 03, 2009, 01:19:09 AM

Options:
1) Visit several foreign doctors.
2) Solve the problem without violence.
3) Give it a hug.
4) DESTROY EVERYTHING

blaman · September 03, 2009, 01:21:24 AM

When you hold the power button until your system basically shuts everything down. There is pretty much no power going to your system meaning everything has to start up completely fresh when you boot up again.

Anyways, booted back up. Going to try and run SB: S&D again and see if I get any results. Then I'll try Avast.

SpyBot is working again. I think I've effectively killed whatever was stopping it. :D

blaman · September 03, 2009, 02:10:13 AM

Double post.
I gots it. :D
Spybot has finished it's scan, I just went through the results and found "Fraud.PCHealth" related malware. After my searches on "YUR9D.exe" earlier I couldn't help but notice that file was mentioned with Fraud.PCHealth on a website. Atm spybot is clearing anything that looks suspicious.

Edit: Ohh. I can see why I love this software. :)
The moment SB attempted to delete Fraud.PCHealth, it attmpted to make a backup of itself which spybot caught and prompted me to accept or deny this. I loving love this thing. :D

Kyzor · September 03, 2009, 02:16:27 AM

I know, right? SpyBot is amazing. Nice job tackling a virus. It's definitely not easy (in most cases).

Caution · September 03, 2009, 04:36:21 AM

Quote from: blaman on September 03, 2009, 02:10:13 AM

Double post.
I gots it. :D
Spybot has finished it's scan, I just went through the results and found "Fraud.PCHealth" related malware. After my searches on "YUR9D.exe" earlier I couldn't help but notice that file was mentioned with Fraud.PCHealth on a website. Atm spybot is clearing anything that looks suspicious.

Edit: Ohh. I can see why I love this software. :)
The moment SB attempted to delete Fraud.PCHealth, it attmpted to make a backup of itself which spybot caught and prompted me to accept or deny this. I loving love this thing. :D

That's the peice of stuff fake program I was telling you about. D: