I think I may have a virus....

I’m having issues with a computer I have and I suspect a virus is behind it…but I’m looking for opinions on what it may be.

A quick run-down: As of a couple weeks ago, I was experiencing issues while online. On occasion, I would be suddenly transported to a new website without my control. The new site would usually have “ad” somewhere in its name and I suspected I may have been dealing with adware. It only did that 2 or 3 times over the course of a week, and it hasn’t done that since. After it happened, I performed a scan on my computer with WebRoot (I have services from Geek Squad). The scan turned up nothing, but like I mentioned, I haven’t had any issues with adware since.

However, I recently have been denied access to certain programs on my computer, like games. If I try to start up a game, I get a pop-up from the computer stating I need to sign in with an administrator account and try again. WTF? It does this all the time now, no exceptions.

The final thing that concerns me happened last weekend. I pulled up the internet and it was very slow to start. I chalked it up to the crappy service our provider gives us, but then the computer sort of crashed to a blue screen with white writing with a message stating something to the tune of “The computer shut itself down to prevent damage from…something…etc.”

None of this is normal and it screams virus to me. I plan on bringing it to Geek Squad this weekend to know for sure, but what do you guys think? Are there any indications of a particular virus? I’ve had issues with rootkits in the past and they are a HUGE pain in the ass. I turned the computer on this evening and copied all my files to a flash drive for safe keeping.

You may have inadvertently copied whatever malware you may have onto that flash drive as well. Be careful.
I personally have never had good experiences with Geek Squad, so I may be biased against them.
So you have Webroot, but do you have Malwarebytes? It’s a real life-saver for those pesky pieces of malware, and Malwarebytes’ Anti-Rootkit is good for dealing with rootkits too. Run a scan with Malwarebytes’ Anti-Malware and Malwarebytes’ Anti-Rootkit to see if that helps.
If that doesn’t work, try RKill, then try Malwarebytes.
I’d recommend Combofix as well, but Combofix doesn’t work right with Windows 8.1 yet and it can cause your computer to not work properly if you don’t know what you’re doing, so there’s that.
If none of that works, then try taking it in to Geek Squad.

I think I tried Malwarebytes one of the other times I had a rootkit. It didn’t really get rid of it though. I used to know a guy who was great at getting rid of things like this, and he told me they can bury themselves in the registry, hide themselves during scans, and replicate themselves after you “remove” them. Both times I ended up having to re-install my OS. I’m actually using Windows 7 on this computer, I’ve had it since 2010. (Never liked 8 :stuck_out_tongue: )

I don’t really have a bias on Geek Squad, the employees at my location actually seem pretty good at what they do. I’ll try Malwarebytes, I would just hate to “aggravate” the virus and push it deeper into the system if it turns out it could have been removed by Geek Squad easily. I’ve been down that road before.

Do you have a link to the proper Malwarebytes download by any chance?

I’ve had the same issue you describe on my computer for a while now. If I may ask, are you getting this message when attempting to open Electronic Arts games? Those seem to be the only ones affected on mine, granted I just have a limited selection of games on my PC.

Is this the error you are getting?

[attachment=0]Capture19.JPG[/attachment]

Here is a link to the correct MalwareBytes. Click the orange download button and it should start downloading to your computer immediately. I second what Robert has said about the program, highly recommend it.

That would be the message and yes, it is with EA…

Its odd. I didn’t have these same issues when I had rootkits in the past. That’s why I’m so puzzled. The only issues I’ve had this week are the blue screen and that access denied message. All scans done with Webroot this week aren’t turning anything up. If you’re getting the access denied message too, that’s a bit reassuring, even though its irritating. The blue screen the other day though worries me deeply.

Well hey, I may have just solved one issue! The whole access denied problem with Electronics Arts is apparently a world wide affair. The culprit? A windows update on September 9th causes an issue with older games and their security. I did find some advice from Microsoft on how to get around the issue: MS15-097: Description of the security update for the graphics component in Windows: September 8, 2015 - Microsoft Support

I read through and it looks as though we need to enter a command to disable that security feature? I’m not sure I fully comprehend.

Thanks for finding the fix for that, Firefly! It appears you need to use the Command Prompt or cmd interface to disable the security feature temporarily to run the games. I’m not so good with computers myself, so I’ll have to look at it closer to find out exactly what needs to be done.

I remember entering commands into a computer once, but I’m not even close to being an expert either and I’d have to ask around to find out how to do it safely. I’m glad to rule it out as virus activity, but annoyed that a dumb move by Microsoft is responsible.

I googled my blue screen issue and it looks like a version of the “Blue Screen of Death” (BSOD). From my searches, it appears that it could be caused by any number of things. Maybe a virus, maybe not. I’m starting to have doubts about it being a rootkit as I have a reasonable explanation for the other behavior. Not letting my guard down, but feeling a little better. I think I’m going to try and run my computer tomorrow and see what happens. I had it run for about an hour tonight as I backed up files and I had no problems. I’m also going to try using Google Chrome permanently, instead of IE from now on.

I’d say that’s a good move. Google Chrome is continuously updated, while Microsoft has put the nails in the coffin for Explorer. I wouldn’t be surprised if they drop all support for it soon.

They pretty much already killed IE off in favor of Edge, which, in my opinion, is millions of times better than IE, but not quite as good as Chrome or Firefox because there are no extensions yet.

Hey and if you don’t want your personal data mined by Google, switch to Firefox! :slight_smile:

You could try http://housecall.trendmicro.com/

it’s a free online virus scanner for your comp. run it and see if anything pops.

I ran my computer all day today and had no problems. I’m wondering if maybe I don’t have a virus. Scans still don’t turn anything up. I could rule out the access denied message, and the adware is no longer there, leaving only the blue screen I got last week. From what I read up on, blue screens are not necessarily virus related…so maybe I’m in the clear?

The permissions issue screams malware to me.

A BSOD, OTOH, almost always screams hardware malfunction. (Usually means you need to reset the CMOS and make sure your clock speeds aren’t higher than your hardware is capable of doing, or you need more Vcore for your CPU cores.)

The permissions issue no longer worries me. It seemed pretty suspicious to me at first too. However, it was only with EA branded programs and upon researching it, it became apparent that I am not the only one dealing with this issue. It is a worldwide problem for anyone that has Microsoft. They did an update on Sept. 9 (around the time I was having issues) that no longer supports a security feature on older games (like EA).

I don’t even know how to go about dealing with the BSOD right now. It happened the one time and hasn’t done it since. My computer has been running just fine now, in fact, I’m using it now.

One of the things you can do to prevent future phishing attempts is to enable CTRL-ALT-DELETE logon. Although it is a pain in the ass to hit Ctrl-Alt-Del every time you log in, it ensures that you are entering your password into a genuine Windows logon (as that keystroke invokes the security screen in Windows).

I know I’m a little late to the party, but I just thought I would suggest that option.