WTF ... IS WTF!?
We are a collective of people who believe in freedom of speech, the rights of individuals, and free pancakes! We share our lives, struggles, frustrations, successes, joys, and prescribe to our own special brand of humor and insanity. If you are looking for a great place to hang out, make new friends, find new nemeses, and just be yourself, WTF.com is your new home.

There is definately a virus on this computer

Captain 151

Seeped in a dry Merlot
4,261
4
0
#1
I need some advice. I know many people here are far more knowledgeable when it comes to computers than I am, and heres my problem:

About 2 or 3 days ago, I started getting a lot more pop ups then I usually get. Recently, I've been getting a pop up with the title "Ceras" and when I X it out, it locks up any internet explorer i have running. Its actually locked up right now as I had 2 browsers open. This one stayed running.

So, I unplugged the ethernet cable, and shut down the system. I rebooted, and as windows opened, I got a pop up, blank white screen with only the title "sixty six" (in all lower case). I Xed it out, and windows froze. This happened again the next time I booted.

This just in: the "sixty six" pop up just appeared. Right now. It does not show up on the bottom bar (the one that says which programs are open). But I know its there. It's probably behind this browser. It wont close, and if I try Contral alt delete, my system will freeze.

I really would not like to format my system, I have a lot of school information, games, songs, and movies on my harddrive. The laptop is only 2 years old. If anyone could help me out, if they recognize this... just give me a holla??

:) thanks. *goes to shut down computer again. :( *
 

Darklight

Oppressing your posts...
5,438
87
142
#3
prolly going to have to cleanstall your computer.. copy all your irreplacable data and erase the hard drive, and reinstall windows. After your all setup or as a first step if you dont feel like going that route, just go to the microsoft website and download thier antispyware program.. it works well and has detectors in it like antivirus that detect when some gay ass spyware faggot shit is trying to install itself.. even if it doesnt have a definition for it, it sees when changes are being made and will ask you if you want to stop the program from doing it and delete it
 

Jung

???
Premium
13,993
1,401
487
#4
Darklight said:
prolly going to have to cleanstall your computer.. copy all your irreplacable data and erase the hard drive, and reinstall windows. After your all setup or as a first step if you dont feel like going that route, just go to the microsoft website and download thier antispyware program.. it works well and has detectors in it like antivirus that detect when some gay ass spyware faggot shit is trying to install itself.. even if it doesnt have a definition for it, it sees when changes are being made and will ask you if you want to stop the program from doing it and delete it
Don't give shitty advice like that in here, ok? He specifically said that he didn't want to reformat his computer.

I'm pretty sure that's why he was asking here; any idiot can just reformat, he wants to actually fix his problem.
 

Darklight

Oppressing your posts...
5,438
87
142
#5
junglizm said:
Don't give shitty advice like that in here, ok? He specifically said that he didn't want to reformat his computer.

I'm pretty sure that's why he was asking here; any idiot can just reformat, he wants to actually fix his problem.
well thats why I said if he doesnt really wanna do that just skip to step two. dl the antispyware prog.. but I never expect anyone to read a whole post..
 

Jung

???
Premium
13,993
1,401
487
#6
Darklight said:
well thats why I said if he doesnt really wanna do that just skip to step two. dl the antispyware prog.. but I never expect anyone to read a whole post..
I read that far, but he specifically said he DID NOT want to format. You offered him no help in that statement, and reformatting should always be the last resort. Not what you mention first. I just didn't edit the rest of your post when I quoted it. No need to act like we can't read, especially after your first reply.
 

Darklight

Oppressing your posts...
5,438
87
142
#7
junglizm said:
I read that far, but he specifically said he DID NOT want to format. You offered him no help in that statement, and reformatting should always be the last resort. Not what you mention first. I just didn't edit the rest of your post when I quoted it. No need to act like we can't read, especially after your first reply.
well lets put all this away before we wind up flaming or something.. dont wanna get off topic... never the less, sounds like he has a spyware/adware and needs a few progs... adaware, spybot, and microsoft antispyware are my choices... been keeping me clean for a while. but if he has haxdoor.k none of those can stop it...
 

Jung

???
Premium
13,993
1,401
487
#8
Not trying to flame you here, just read and follow the rules. I purposely wrote a rule stating not to give useless replies. For example, if someone asks for a free image editor, don't reply with a link to Photoshop. Likewise, don't tell people to format their computers when they specifically say they want to avoid it. Reformatting should be the last resort.


The link that I gave him will find most spyware, as well as viruses. I'm expecting him to post back regardless. Adaware and Spybot are good choices, thanks for adding those.

I will NOT recommend Mircosoft's anti spyware app though, since it's still in beta, and has already been compromised. Why anyone would trust/recommend a beta security tool is well beyond me. Maybe that's just me though.

As far as anything else, HijackThis and a few other tools will help you manually remove infections when the scanners fail.

Tbsrk, you can also download either the NOD32 or Kaspersky trial versions. Their heuristic engines are far superior to any other AV products out there.
 

Diesel

Clitpickle
75
0
0
#9
junglizm said:
I will NOT recommend Mircosoft's anti spyware app though, since it's still in beta, and has already been compromised. Why anyone would trust/recommend a beta security tool is well beyond me. Maybe that's just me though.
The 'beta' thing in this specific case is actually a misnomer. MS simply bought out Giant Anti-Spyware, which was widely recognized as one of the best anti-spyware apps out on the market. It didn't have the popularity of Spybot or Adaware because it wasn't a free product, but it tested exceptionally well in comparison tests, usually scoring better than the freeware alternatives.

This site did an amazing comparison test, and Giant came out well ahead of many of the others. Check out the methodology section... you can tell they're quite thorough.

Anyway, MS bought Giant, and repackaged the product as MS Anti-Spyware. The product is a full production commercial package, but in MS terms, it's "beta" because they aren't ready to support it for end users yet, hence the "use at your own risk" beta label.

However, you can feel confident in the product itself, and the recommendation to use it in conjunction with Spybot, Adaware, and a logical system maintenance regimen is a good recommendation.
 

Captain 151

Seeped in a dry Merlot
4,261
4
0
#10
Thank you for the advice. Ive found that when i hit Cntrol-alt-delete to view whats running, there is a program called "pop64". There was a file called keyhook.dll that apparently contained a "virus" (according to Norton), and it's since been deleted.

Anybody recognize "pop64"?
 

Diesel

Clitpickle
75
0
0
#11
Seems to be a common thread, as google turned up about 10 other such questions on various forums. Chances are pretty good that it's part of a spyware app, as all of the questions are posted as part of complaints, along with requests on how to remove it.

Sorry I can't be more specific than that, but it's a pretty generic file name, which means it's going to be tough to get specific info on.

One thing you can try is to do a search for the file, then note the file path. Boot into Safe Mode, and delete the file from there.

However, I have some rather unattractive news for you... keyhook.dll sounds suspiciously like a keylogger, which means the odds are excellent that you've managed to get something traceable on your system. Quite possibly a root kit of some sort.

The bad news is that, despite all of your best efforts, you will never know exactly what got put onto your system, but the fact that a keylogger was part of it means that someone either already has personal information from your system, or has left themselves a backdoor to get access to it. You will never know what they put on, and even worse, you will never be 100% sure you were able to get it all off.
Simply put, no matter what you do to clean that system up, you can never be certain that you haven't left it vulnerable to being accessed without your knowledge.

If you truly value your data, including anything you enter via keyboard, the ONLY way to be sure you've wiped it out is to format the partition and reinstall the OS. I work in network security for a living... unless you know who put the kit together, and what tools were a part of it, you'll never know.

I know you specifically did not want to format and reinstall, but at this point, you should consider your PC 0wned 5 ways to Sunday. Nuke the system and start over. It's the only way to be sure.
 

bnccoder

Postaholic
2,479
0
36
#12
Chances are that it will reinstall its self on reboot so watch for it. Norton has never been good at removing that kind of thing. reboot into safe mode and do a scan after you manually update the deffinitions here.
 

bigck3000

The Iron Lung
1,684
1
0
#13
Diesel said:
Nuke the system and start over. It's the only way to be sure.

Where have I heard that before?.....hmmmm....Newt, do you have any idea?

Yea me neither.
 

Captain 151

Seeped in a dry Merlot
4,261
4
0
#15
the site you suggest worked very well jung, i got rid of the keyhook.dll and the associate files (some system edit file or something), and the virus program ghetfuct suggested found the virus, plus another trojan i had lurking. I also downloaded firefox, and this is the first time I'm using it. So far, things are running better, I don't get the "sixty six" pop up (which was being caused by some file named sixtypopsix.exe in the windows directory, which I promptly deleted). So, thanks again everyone who suggested help.

- tbsrk