I have a virus, please help me!!

Hi guys, I need help ASAP!

A friend of mine wanted to copy some files from me, so I plugged in his USB and copied the files over. Later that day, my PC started to run significantly slower, and I’m pretty sure it’s because my friend’s hardrive, it must have contained a virus that copied itself to my PC.

For those who don’t know, 25% of viruses are spread through USBs, if you don’t disable the autorun on a removable media, then viruses can exploit the autorun.inf file, i.e they can use that file to automatically load and run the virus executables, and can of course copy themselves to your hardrive if they’re programmed to do that.

Unfortunately, I never took the autorun thing seriously, I had it enabled so the viruses must’ve copied it to my PC without a doubt.

So right now my problem is this, is it possible for a virus to copy itself and spread on a WIFI home network? There’re 4 members in my house including me, and we all have one computer each, so 4 computers in my home. We all use the same router to connect to the internet through WIFI, we don’t use file sharing, drive mapping or any of the sort.

None of us are connected to the router through LAN, there’re absolutely no connections between each computer at all. We just use our WIFI to surf the web, that’s all. But i’m paranoid about this, is it possible for a virus to somehow attack the router and then use the router to spread the virus to all those computers connected to it?? My router is pretty new btw, I got it only 3 months ago and it was provided free by my ISP (Vodafone), the router is EchoLife HG556a.

Anyway, I know a simple reformat will solve the problem, but i’m worried whether the viruses can spread through my home network through WIFI or my router somehow, I’m always connected to the internet so if this is possible, then my PC would’ve spread it to all the other computers in my house…

I’m paranoid about this because my PC was infected by a keylogger not too long ago, it stole my bank account information and some of the other stuff such as my Gmail account etc. It wasn’t too serious, but ever since then it has seriously changed the way I deal with viruses or keyloggers.

I have Comodo Internet Security installed and I’m planning to upgrade to the PRO version. But anyway I really need an answer on this, it seriously is bothering me so much that I haven’t touched my PC since a few days ago until I can get it solved.

Update:

■■■■ sorry it’s a bit long, I’ve tried to compress it but that’s the best I could do. I forgot to add in an important info. I think I have a keylogger and not a virus because CIS doesn’t detect anything after a deep/full scan, I used Microsoft Security Essentials, Super AntiSpyware, Emsisoft Anti-Malware, MalwareBytes Anti-Malware, Spybot Search & Destroy & Ad-Aware to scan my PC and all of them came out as clean and didn’t find a single thing. So the only possible reaosn is that I’ve gotten a keylogger, because as far as I know keyloggers are very hard to be detected, they’re not really viruses after all since they just record your keystrokes or what you see on the screen, but they don’t ■■■■■ up your system like most viruses do. Anyway i’m pretty ■■■■ sure my PC is infected coz it got a lot slower all of a sudden, and it NEVER gotten slower, only that after I connected my friend’s hardrive and it suddenly bogged it down. Also, after i finished copying files for him, my PC froze afterwards.

What’s more IMPORTANT is that I only reformatted my PC a few days ago so it couldn’t have gotten any viruses, everything was clean and running super fast, until my friend came over that day. I have a gaming PC and custom build it myself so everything is top notch, I know 100% it’s not lagging due to the hardwares, hell I could run Crysis, Starcraft 2 and DOTA all at once without any lag, can alt-tab between them fine as well so it can’t be due to hardware issues.

I’m running Windows 7 btw.

Before one can answer what all could be infected, you need to know what malware has infected your system.

I suggest to find the performance issue with a tool like process explorer

First try to figure out if something is eating your CPU or DISK IO

Did you try a rootkit scan with GMER or Rootrepeal?

If you only formatted the computer a couple of days ago, why not do so again, that way your sure.

If the other computers have network sharing turned off, i doubt very much if the other computers will be affected if all LAN activity is disabled.
Did you have CIS installed when you inserted the USB stick? Have a look in Defence+ → Unrecognized Files to see if anything unfamiliar is lurking there.

This could just be a coincidence.

Hi guys, thanks for your reply.

@Ronny, no I haven’t tried using GMER yet, I posted my problem at several Virus help/tech forums and they all asked me to provide a GMER log as well as a DDS log, but I never knew I can scan with it, I thought it just does the same thing as HiJackThis. Guess I’ll do it later as I haven’t used it before.

And ya I use Process Explorer all the time, but I don’t see anything suspicious or hogging my CPU.

I wasn’t really clear with my problem, what I mean by significantly slower is that during startup (when you boot into Windows), it loads a lot slower, but after waiting for maybe 2 or 3 minutes then I can use it normally without lag no problem. But before all this, everything will load fast upon Windows login, I can quickly launch Firefox as well as opening several programs and documents without waiting for the Windows to finish loading all the tray icons and all that other stuff.

What’s more is that i’m using a pretty decent gaming computer, as i’ve mentioned already. So it shouldn’t lag at all as it NEVER did. And like i said, even though now it lags at the startup, but after waiting a few minutes it’ll run very smooth and fast again. But this shouldn’t even lag at startup.

I’ll report back once the scans are completed, but could you explain whether it’s possible for a virus to spread through a home wifi network?

@Matty_R, the problem isn’t about formatting the computer again, that’s not what i’m asking help for. And yes I did have CIS installed, and have already said it found nothing. Please read properly.

just get geekbuddy.com then sit back and let them solve it for you…

I just wanna know if it’s possible for viruses to spread on a home wifi network…

GAAAH is this so hard to answer? I’ve asked the same question at multiple forums and all the “experts” kept telling me to provide GMER logs and all sorts of things that I DID NOT ASK FOR.

I KNOW how to solve these things, I KNOW the best way is the simply reformat. All my antivirus/antispyware programs found no viruses. So it could be that they don’t recognize or detect whatever the virus/keylogger is on my computer, so it’s not a matter of installing this or that, I just want somebody to FOCUS and answer my question PLEASE.

And look, I’ve already said that assuming it’s possible for a virus to attack the router and stay on it, or attack the router and use it to spread the virus around to any other devices that are connected to the router, then there’s no point in reformatting or doing anything else since connecting to the router will just get the virus again. I just need someone to answer me this, it’s VERY SIMPLE.

it is possible to have things spread through network, usually worms and such have that ability but more and more bot net software does too. Once it infects one computer it sees what is on the network and will try to infect the others. This is where an individual firewall on each computer comes in handy, it stops the infected computer from infecting others.

the answer is: YES, it is possible what is possible, and a lot of nasty stuff is possible too, maybe your router is part of a bot net now (just read a news a while ago)!
but what does this answer helps you? why do you think you have the mega danger virus, when not even a virus alarm is saying anything… when just your pc is a bit slower for a bit? do you think a smart virus would be so stupid to slow down even a decent modern gaming pc, and risks so to be detected and removed at once on all the lower ones for sure?

when you are so sure that you are infected (noticeable for you by effects on a decent pc), the others in your network would be sure now too, if they were infected, no?

so, before you get paranoid, set up your pc new (if you are sure that you are infected)… and until one other pc, or your pc comes slow again, the virus is gone.

you gave the answer yourself: this “infection” is noticeable by you at once … if its an infection at all.

dont speculate, just look and act.

btw, think about your ways of using data, when you get infected often (by “often” i mean more than once).

well it just doesn’t make sense how my PC all of a sudden gotten a lot slower ever since that day, and that it froze during the copying process when i copied my files over to my friend’s hardrive. Like I said, i’m a bit paranoid about this as I’ve been hacked before and almost lost my bank account if I didn’t react fast. It was a scary experience for me and always scares me to this day whenever I think about it. I just feel insecure and unsafe when I see tiny problems like this, I immediately just think that I may have gotten keylogged.

This answer helps me A LOT so I can decide what to do, what precautions to take etc. And for your information, a keylogger actually does slow down a PC slightly since it records your activities, such as your keystrokes (whatever you type on whatever website or documents) and what you see. It’s a recording software that does hog a bit of resources, so you never know.

So far, none of the other PCs in my house seemed to be slowing down or anything, I just HOPE that it’s true and that it didn’t actually spread through my WIFI.

I’ll be going through a reformat tonight, and here’re my steps in case anyone’s interested:

1. Reinstall everything from scratch, using my external hardrives that haven’t been connected to my laptop, i.e it’s clean and hasn’t got infected. Also, disable my WIFI during this whole process.

2. After installing everything, as well as all my settings, I’ll grab my Windows Updates and anything that requires internet by borrowing the internet from my friend. (In case my WIFI network really DID get infected somehow).

3. After everything is back to normal, I’ll backup everything to multiple DVDs. DVDs can’t be used after they’re burned, so they can only be used to read data, which is good as in the future I can use it as viruses won’t be able to write themselves to DVD.

4. Use Acronis True Image to backup my entire hardrive, i.e a complete clone of it so i don’t have to go through all this process in case next time.

5. Install Comodo Time Machine and create a clean safe backup.

6. Install Deep Freeze so in the future if i need to copy any files for friends, I can boot into the Deep Freeze’s frozen mode (safe mode) and copy files for them without being risked of getting viruses.

That’s what i’m planning to do, and hopefully find out more about my router and wifi network.

UPDATE:

Forgot to add, the last time I was hacked, I didn’t notice any slow downs or any infections. You obviously have no idea what you’re talking about (no offense) since you probably never experienced the situation/problem as badly as I did, but I had no idea I was being keylogged before. My system wasn’t running slow, I had no infections or anything (I scan regularly every 3 days) and yet I was keylogged 100% certain. My Gmail account was stolen, my VIP accounts, VISA, and my bank accounts and several other infos were stolen by the same guy.

Just so you know, keyloggers are very hard to be detected. As i’ve explained already, they’re not really classified as proper viruses. Therefore, your so-called “infections” don’t exist since they’re NOT suppose to infect your computer, but rather “RECORD” your activity. Please do some searching around at least, rather than try to tell me something that totally goes against what I experienced.

you speak to me?

i(!) told you that smart things are not so stupid to be detected… i know what you experienced. i just tried to remove the panic in front of this event here.

And…
if you use the comodo internet security, at least two points should have avoided such an infection by an autorun virus or whatever (if the antivirus had not catched it):

defense+ had asked you what “this thing” should be allowed to do,
and
the firewall had asked if “this thing” should be allowed to connect to your router or anywhere.

you make it too complicated. just install at first the firewall and a good antivirus (and windows updates) after a reinstall of the OS. then connect to your router and good.

dont forget to disable “autorun”.

panic is bad for thinking clear!

Ya sorry, I know you’re trying to help and ease the problem, but I just feel so frustrated right now.

As i’ve said, CIS is installed properly (i’ve used it for a long time so now new at this…) and it didn’t detect anything.

Autorun is disabled as well, but good keyloggers are very hard to be detectable, so none of those antivirus help.

I’ve used many before, including Microsoft Security Essentials, Avira, Avast 5, all of which are the top ranking ones. In fact, CIS isn’t even ranked in most anti-virus test sites such as this one:
http://www.av-comparatives.org/comparativesreviews/main-tests

I advice everyone to use that site to keep up to date with which antivirus performs the best, they do a test every month.

I’m not saying CIS sucks, I use the firewall and antimalware from it, just that none of the antivirus seemed to detect keyloggers that easily so it’s pointless talking about that.

well, the first question is:
why do you get keyloggers? i never got anything out of blue sky.
the second is:
why can it run and connect to the internet?

wow, scan every 3 days… hm, i scan the whole drive not more than twice a year. because i look where i load what, and scan it right away.

the browser runs in sandboxIE (nice program).

getting infected is mostly based on behaviour and security holes.

Well, people get viruses in all sorts of different ways, and I’ve already mentioned at my first post of this topic that I’ve got it from my friend’s hardrive, where I connected it to my laptop and copied some files from mine to his.

I don’t usually get any viruses and haven’t had one for a year, the last time I had one was the keylogger that i’ve already mentioned. This time, I’m pretty sure it’s the same, I don’t want to keep having to explain this but it is almost certain a keylogger because none of my AV detects anything, and keyloggers are the types that are very hard to be detected. Keyloggers are also the ones that use a bit of system resource to log and record your activities. They are NOT suppose to infect your system, that’s why my system didn’t find anything weird other than running a bit slower.

I also use Sandboxie as well, full registered version. I plan on using Comodo Dragon later on as well. But anyway, you never know how easy it is to get keylogged.

i imagine that, so i try the best to avoid it

i disable the comodo sandbox(!), so defense+ is asking for everything unknown in safe mode BEFORE it can run. if a keylogger would try to access the keyboard, and the setting was made in defense+, you would get a question.
if the keylogger tries to connect to the internet to send the load, you should get a question from the firewall.

and if it tries to connect with the browser or whatever, defense+ should ask, if this keylogger is allowed to “use” the other program.

as long as comodo works like it should. they tell us, antivirus is last line of defense… it should be perfect for your view of things like keyloggers

good luck

hmm well maybe there really wasn’t any viruses or keyloggers coz I didn’t get any of those errors.

I also use Keyscrambler btw, as well as Zemana Antikeylogger.

I still don’t understand why my PC is running slower, i took out everything and replugged everything and nothing is wrong. I guess i’ll have to do a reformat tonight and report back tomorrow to see if there really is a difference, if there is then there has to be something.

caution is allways good… as its the first step of security

one day i plugged in an usb from a friend, and an (other company`s) antivirus alarm was given…
i was glad to have comodo defense+, because it had asked me before something bad were able to install itself or run. without defense+ i had doubt: can i trust my antivirus to protect me against all from this threat?
so i know in a way your story

autorun was disabled, the antivirus catched it by accessing the stick.

Have you looked under Control Panel->Performance Information and Tools->Advanced Tools->Does windows state there are any programs causing windows to start slowly? Anything in Event viewer.
Have you tried memtest or any hard drive testing programs?

Oh and i think your attitude in several of your posts stinks!!!

hm, thats a bit hard. i can understand that someone wonders about this forum, especially about the “sections of special applications”, when there are not many people who write there, and so there are some points which these few people dont know about.
i see it that way: when no one answers, no one knows it himself and keeps just quiet before telling something wrong. (its not a forum with obligation to pay before you get support, so it is not obligated to help at once with a chief of technic… but it tries of course to help though!).

BUT this forum is open for everyones question. not only for paying users (like in many other security forums). thats why i dont think, its bad when it is normal here that users help users too.

the topic opener seems to have bought something from comodo products (i read in a post). i think, thats why he expected treatment like in these forums which require a license and who give direct support (maybe).

this forum is better than most others though, you can even post links for other security products, you can name them, you can discuss, no censorship like snip … and for an user who uses free products the support here seems to be very nice.
but there is not a difference made between a paying user or an free user in this forum. when you pay comodo, you get extra content. you dont get something extra in the forum, and the program is the same. that is fair (when you need that extra content). but you have to see the value of a “differenceless forum” too.

the support is not lacking. i am sure, if you cant get a solution for your problems with ctm (i have no idea about it), and you would make clear that you paid for it, while the forum doesnt help, you will get help on another way.
look, even melih (ceo of comodo) said something in this topic here to try to help you.

Just for perspective a hardware take on this. May be topic starter’s hard drives were set to a lower transfer mode. It just takes one event and Windows will then keep the drives in a lower transfer mode until you the user takes action and forces Windows to redetect the drive(s).

what for an event?
and what is to do then?