Do I want to help a neighbor whose computer was infected with viruses from questionable sources?

Myke46 August 1, 2011
Pinterest Stumbleupon Whatsapp

I got roped into helping a neighbor, whom I only know by sight, with an infected PC. I can’t get his system to boot from CD drive and it’s not set up to boot from USB. It will boot into Windows, but will not allow any executables, will not even allow IE to open.

It’s when I looked at the viruses, to try to attack them individually, that I got the jaw-dropper:
W32.Blaster.Worm
email.Worm.Brontok.ok
Backdoor.Win32.Scrab.p(x3)
Trojan Downloader:W32/Bredolab X(x2)
Generic-A.Trojan.Agent(x4)

And here’s the kicker: W32/Child-Porn Proxy p/Server(x7)

The geek in me wants help fixing the machine for knowledge sake, but the human in me is not sure if I should report this and to whom? Is it possible someone else is using his service? Help!

Ads by Google

  1. Kjhough1
    February 29, 2012 at 4:30 am

    Thats the name of the virus... I have the same thing and I swear on my life I not a child pornographer

  2. Glistin Host
    November 12, 2011 at 11:54 pm

    I think you should cuz my laptop has the exact same virus and I didn't go to any basire sites. The virus just pop up as a scam tricking me thinking that my laptop have a virus and I click it by accident. It get worse now as I so stupid to delete the main user account that has virus on my laptop and make a new one.Now the old account pop up again and I can't log on since the virus or hacker change my password. I really need help and I'm afraid to tell my parents please help!

    • Tina
      November 17, 2011 at 8:03 pm

      Glistin,

      the above question is rather old and you have not receive a response within days. Unfortunately, I don't have an answer, either. However, if you are still looking for a solution, I recommend you to ask a new question. Your question will be featured on the MakeUseOf frontpage and will receive an answer within hours.

  3. Luckyboy_ccc_86
    November 8, 2011 at 8:01 pm

    THE ENIRE PROBLEM CAN BE FIXED BY RETURNING TO FACTORY SETTINGS AND LOSING YOUR FILES.   otherwise, follow my vague steps and grab a fellow techie to help you.

  4. Luckyboy_ccc_86
    November 8, 2011 at 7:59 pm

    sorry to scare you, by resetting your hard drive, it will work properly...not needing replacement.  the d drive was unaffected by this virus...   all fixable by software, after manual bug fightin..

  5. Luckyboy_ccc_86hackers b gone
    November 8, 2011 at 7:57 pm

    some may be able to pick out the false files immedaitely, others my want to use google on their phone to check the files they arewnt sure about.    do it all in safe mode, until the virus no longer uses your system securty against you.....   and are able to run all programs.   ALL DONE IS SAFE MODE... TREND MICRO'S HIJACK THIS,  REVO UNINSTALLER, AND CODESTUFF STARTER..  Codestuff starter will alow you to immediately kill the program from starting.. and delete it from the registry... those tools and a little google on the subject will help :)    after wards....   IT ISNT POSSIBLE TO REPAIR THE OS C:/ drive and will eventually stop working because it is now turning 20% slower than it was.. and the drive needs to be reimaged...  aka   returned to factory defaults.    following these steps and going in kill bug mode, you will have access to save your files to a CD  and i beleive f12 tapped repeatedly at start up with allow factory default reset.    hope this helps.  i cleaned a pc last night with this bug, and it was tough, until i knew it was made with a file splitting tool   one half of it is in the c drive right out in the open, the other in the memory.   good luck.. it can only be removed on reboot deletion~

    • Tsmv2 0
      March 7, 2012 at 6:40 pm

      Is it possible to remove this virus by just restoring the computer to an earlier date?  I just did this and it seems to be removed.

  6. Luckyboy_ccc_86
    November 8, 2011 at 7:52 pm

    its hard to remove and it will hide and corrupt your OS C:/ drive until you fix the registry errors...but we will get to that later. it has to be done using safe mode for all user accounts. by tapping f8 repeatedly from the very start until you get the safe mode option at the top ( in xp of course)       place trend micro's hijack this, revo uninstaller, and codestuff starter, all on a usb flash drive and only acces them from there.   use those programs to remove all registry edits made form the rogue spyware/trojan and althoguh system restore will seem broken.. do not remove it due to infection.  after cleaning out the rogue files also go to misc tools on hijack this and use ADS spy..  check and remove.   IMPORTANT!!   the process may be labels  (random numbers : random numbers.exe)   the : is actually a space and not a : as it was created with a file splitting tool... prolly by a slick teenager.    use hijack this to delete that file on reboot   it will be c:/random numbers (space NOT : ) rest of the number.exe    it will recognise it and remove the process..   You will then be able to go into folder options and unhide your c drive!    use AVG to clean the rest!   

  7. Katie Newborg
    November 6, 2011 at 12:34 am

    I have the same exact thing

  8. Tinawina1217
    August 16, 2011 at 2:52 am

    Im no pedophile whatsoever and i have a virus as we speak thats coming up with that line, i was trying to watch trueblood online and this is the result :(
    this thread came up as imtrying to find a solution.

    • Aibek
      August 16, 2011 at 7:40 am

      were you able to get rid of it?

  9. Anonymous
    August 15, 2011 at 7:09 pm

    I appollogize for taking so long in getting back to all.I want to thank everyone who took time to reply to my question.Mike,your fix did the trick.You guys at MUO are the best!Thanks again.

  10. DaTruf
    August 4, 2011 at 9:43 am

    Do a quick search on W32/Child-Porn Proxy and you'll see lots of people infected with it, not all of them can be watching child porn or pedophiles. 

  11. Anonymous
    August 2, 2011 at 8:14 am

    try to reset cmos battery and if possible to flash the bios, then see if you can boot or go to safe mode.

    Other the pc has another hard drive then you can try to install linux for instance and from there operate to resolve the matter, like restoring windows registry from the backup

    • Anonymous
      August 2, 2011 at 9:47 am

      ha14,thanks for the input.If Mike's solution does not fix it,I'' try your approach next.

      • Tina
        August 3, 2011 at 1:22 pm

        oMyke,

        please do keep us updated on how you make out!

  12. Mike
    August 1, 2011 at 9:07 pm

    From the list of detected malware I think neighbor fell for some "rogue Anti-Virus".

    One example would be the application "Spyware Protection" ~ basically you visit some site and get a popup that says "Your computer is infected" with a list of some common Windows file names most people know of. Somewhere is a link that says "Download Spyware Protection to clean your computer" or something.

    This rogue AV mentioned above has the very same infections as mentioned in your initial post including the "W32/Child-Porn.Proxy/Server" ~ which is pretty much the same like any other trojan just with a delicate name.

    • Mike
      August 1, 2011 at 9:10 pm

      Although this was just a guess not an analysis here is a removal link:
      http://www.bleepingcomputer.com/virus-removal/remove-spyware-protection

      • Anonymous
        August 1, 2011 at 10:52 pm

        Mike,you hit the nail square on the head,that screenshot is exactly what shows up on his desktop.The only thing that may be different is that every time you try to run an app it tells you it cannot run it due to the infection.

  13. Anonymous
    August 1, 2011 at 8:19 pm

    That's why I wanted advice from people more knowledgeable than myself,I,too,hate rats specially when it's something as serious as child porn because of the stygma attatched to it(and by the way I was thinking more along the lines of his ISP not the police).But if there is ANY chance at all that he's not involved I want to give him the benefit of the doubt.And I certainly don't want to contribute that system.So thanks to all three of you for your responses,
    I tried to get it to boot into safe mode but hitting F8 does absolutely nothing.I have clamwin on USB but the machine won't allow any  .exe to run.I also have a live cd with Kapersky,Bit defender,amongs others but it's not booting off the cd drive.
    Any more advice as to how to fix it will be greatly appreciated.

    • Jeffery Fabish
      August 1, 2011 at 9:57 pm

      Did you configure the bootloader priority to chose a CD over HDD?

      • Anonymous
        August 1, 2011 at 10:31 pm

        No,but it did allow me to hit F 12 to access the bootloader and choose cd,then it hesitates and F1 and F2 options show up and continues on to boot normally.

  14. Jeffery Fabish
    August 1, 2011 at 6:25 pm

    Just because he has malware that seemingly originated from child pornography sites, doesn't mean he watches child pornography. In fact, the FBI has made this mistake several times. 

    "Trojan Downloaders" (which he has) will download any malware, not just malware developed by the creator of the downloader. Don't be so quick to suspect. 

    What little information there is on  W32/Child-Porn, it seems that it downloads pornography, not originates from it. 

    So to answer your question, do you want to help your neighbor, or do you want to report him? I've never been a fan of rats (pardon the pun), kissing the ass of a system that fucks people over on a daily basis is astounding to me. Let them do their job.

  15. Anonymous
    August 1, 2011 at 5:48 pm

    sometime malwares are disguised, and also your neighbor can be attacked by a false security tool like Security Central virus that claims this W32/Child-Porn Proxy p/Server(x7), your neighbor may be innocent, calling police will not help and they will need a strong evidence.

    try to boot in safe mode and scan the pc with clamwin which has also a portable version.

  16. Sandeep Bansal
    August 1, 2011 at 4:36 pm

    It's not always what it seems, viruses can be got from anywhere, that child porn virus could have been planted in an executable or even planted in an iframe on a website. If you do want to find out some more you could use a linux live cd and then just check out everything, like web history etc. (doing so by going to the internet explorer/firefox/chrome history files and using a reader).

    Find out everything first before making assumptions.

Ads by Google