Is your computer infected with a virus?
Are you experiencing computer glitches that make you believe that perhaps you have a hidden virus in your system? It’s quite possible. A Computer Virus is a click away and if your computer isn’t protected, it’s likely you’re infected.
Below we describe examples of infected computer symptoms that may mean your computer is infected with a virus and if so, how we can help you get rid of it/them.
Infected Computer Symptoms
- The computer is running slower than normal.
- Popups both online and/or offline.
- Programs do not open, run slow or close unexpectedly.
- Browser(s) do not display some or any website at all.
- The ‘FBI’ or ‘Department of Justice’ Screen comes up shortly after loading the computer’s operating system.
- Computer presents problems when trying to recognize external hardware.
- Blue screen with the error code.
If you’ve experienced any of the above, it’s likely your computer has been infected with a virus or viruses. There are many viruses out there and knowing which one has a grasp on your system will help you get rid of it.
FBI Virus/Department of Justice Virus: is ransom ware, similar to Gema and GVU from Germany, Sacem from France, Buma Stemra from the Netherlands, Police Federal Computer Crime Unit Ukash from Belgium and computer Crime & Intellectual Property Section virus from USA. When you become infected with the FBI MoneyPak virus, the computer is locked, you can’t access your programs. All you can do is read their notice which displays an FBI warning, regarding information related to the violation of Copyrights or downloading Pornographic material. Additionally, the FBI warning displays an alternative to criminal prosecution if the computer’s owner pays them $100 within the next 72 hours by means of MoneyPak. The time may vary across different computers. Paying the amount of money that these hackers request does not unlock your computer, nor does it inhibit any criminal prosecution. The FBI Virus does not originate from nor pertain to the actual FBI.
ZeroAccess/Sirefef: is a sophisticated kernel-mode rootkit that gets installed when a ZeroAccess dropper gets executed. Initially, the dropper checks to see whether it is running on a 32- or a 64-bit machine by querrying the ZWQueryInformationProcess api. If it runs on a system that has UAC enabled, the malware manipulates the system to make a legit application look as if it requires escalation. This is achieved by loading a clean copy of the FlashPlayer installer that is dropped to a temporary directory. The Windows Firewall is turned off and the malware will try to disable a series of security sub-systems such as WinDefend (Windows Defender service), wscsvc (Windows Security Center service), WinHttpAutoProxySvc (Proxy Auto Discovery service). If the dropper runs on a 32-bit operating system, ZeroAccess installs a kernel-mode rootkit. If it runs on a 64-bit machine, it executes its code directly from the memory.
Rootkit.MBR: The rootkit component is installed by the dropper malware. It hooks specific functions of the operating system, and uses intermediary files to prevents Windows from checking digital signatures for drivers. It also acts as a handler for HDD read/write requests. The rootkit component is used with the sole purpose of hiding other malicious payloads that are part of the respective campaign.
Trojan.Startpage.AABI: The computer user is shown an advertisement in the Yahoo Messenger chat window. If clicked, the user is prompted to download and execute a setup file that contains the payload. When executed, the file copies itself to %APPDATA%\\laban.exe and sets itself to run at every system boot. When running, it monitors to see whether the laban.vn page is set as default for every browser installed on the PC and, if it has been changed, it restores it back to laban.vn.
Trojan.OlympicGames: The payload comes bundled in spam messages related to the London Olympic Games. Most of the identified samples are fake ticket confirmations in the form of malicious PDF documents. When opened, the PDF file takes advantage of the CVE-2010-2883 vulnerability in Adobe Reader versions 9.3 and earlier to deploy a backdoor service on the machine.
Trojan.Flame.A: This is a multi-component malware for targeted attacks. It is able to spy, leak data, download/execute other components.
Trojan.Ransom.IcePol: In order to block access to the system, the Trojan Adds itself to the Winlogon\\Shell registry key in the Current User branch and denies access to Windows Explorer for the current user. This way, the user is locked on the outside, with no chance to run an antivirus solution or a removal tool.
Exploit.CVE-2011-3402.Gen: This is a generic detection for malicious TTF (True Type Font) files which exploit the CVE-2011-3402 vulnerability found in the Microsoft Windows driver “win32k.sys”.
A successful attempt of exploiting this vulnerability allows an attacker to execute malicious code with elevated privileges on a user’s computer. Therefore the attacker may have full access to the user’s private data, installed programs and be able to install or run any malicious program.
This exploit is currently used in targeted attacks in order to install a rootkit for the malware Duqu. The rootkit is detected by Bitdefender with: Rootkit.Duqu.A
Trojan Virus: is a non-self-replicating type of malware which gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often including a backdoor allowing unauthorized access to the target’s computer. These backdoors tend to be invisible to average users. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses may steal information, or harm their host computer systems. Trojans may use drive-by downloads or install via online games or internet-driven applications in order to reach target computers. The term is derived from the Trojan Horse story in Greek mythology because Trojan horses employ a form of popups presenting themselves as harmless, useful gifts, in order to persuade victims to install them on their computers.
A Rootkit: is a type of malicious software that is activated each time your system boots up. Rootkits are difficult to detect because they are activated before your system’s Operating System has completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals, network connections, and the keyboard.
Fake Antivirus: in other terms known as Trojan.FakeAv Aggressive prompts about the precarious state of security on the local machine; changed wallpaper and popup messages emerging from the system tray area. Some FakeAV samples prevent the user from connecting to websites belonging to antivirus vendors.
Java.Trojan.Downloader.OpenConnection.AI… ava.Trojan.Downloader.OpenConnection.AI is a malicious Java applet that downloads and executes arbitrary files. In the wild, it can be found as a Java archive. The malicious HTML passes the encrypted URL of the file to download and execute as the parameter a to the applet. The applet uses the CVE-2010-0840 exploit to bypass the Java sandbox.
Trojan.Spy.Ursnif.F: Trojan.Spy.Ursnif is a malware that is able to steal personal information and control the infected computer. It finds out the type of browser (iexplorer, firefox, safari, chrome, opera), information used later for stealing specific passwords.
Win32.Worm.Stuxnet.A: Win32.Worm.Stuxnet is a new breed of e-threats that emerged around mid-July. Although it infects all Windows-based systems alike, it primarily targets supervisory control and data acquisition (SCADA) systems which run the Siemens WinCC software.
If you have any of the aforementioned viruses we can help you. Geeks on Site is ready to remove any virus 24 hours a day, 7 days a week. We’re a team of computer technician professionals who are able to connect to your computer, even if it’s been hacked, and remove a virus for you.
All you need to do is call us at 1 866 865 6077, and tell us your computer problem. Our technicians will guide you through a series of steps that will allow our technician to access your desktop with our mouse and keyboard. This internet technology allows interacting with your computer as if we were sitting right in front of it! You don’t need to be present while we work, once we’re connected you’re free to go about your day, or you can watch the technician work on your system and ask him questions via chat.
A FFTU (flat fee tune up) costs $149 and allows us to work on your computer remotely, via the internet, for as long as we need to, to fix your computer problem.
A FFTU includes:
- Adware/Spyware clean up
- Software Updates
- Virus protection verification
- Temporary files cleanup
- Hard drive defragmentation
- Startup optimization
- Virus scan and removal
If you liked our FFTU service and would like to have us service your computer at any time in the future, you can enroll in our Geeks For Life subscription service. For only $24.95 a month, you can request a FFTU for your enrolled computer at any time. Our subscription service includes, but is not limited to:
Unlimited Tune Ups, Virus Protection, Virus Removal, Spam Protection, Start Up problems, Blue Screens, Hackers, and any kind of software problem you may have! The 24.95 payments cover you for 30 days, but you can cancel any time.
We also dispatch our experienced crews to various parts of the country. With one quick phone call, on site computer support will have someone at your home or place of business within 24 hours, and provide numerous resources to keep your system safe. Call us to see if your site is within the radius of one of our Technician’s service areas. By inputting your zipcode into our system we are able to locate our technicians nearest to you.
For an onsite visit, you have two options for payment. Our Standard Hourly Rate of $99/hour or our discounted hourly rate of $74/hour if you purchase a 4 Hour Block.
Questions? Give us a call right now, we’re here 24/7. Our number is: 1 866 865 6077